Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky And Dss Scans From Desktop - Am I Infected?


  • Please log in to reply
12 replies to this topic

#1 dgarramone

dgarramone

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 15 June 2008 - 10:26 PM

Computer has been running funny lately. Shuts itself off. Takes several attempts to restart. CPU shows usages while not running much of anything. Ran Kaspersky and DSS scans. Some infections noted. Attached files for your review and comments.

Thanks for your assistance.

Dgarramone

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 16:51:15
Records in database: 867762
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Z:\

Scan statistics:
Files scanned: 241906
Threat name: 7
Infected objects: 29
Suspicious objects: 0
Duration of the scan: 09:43:47


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15807C5A.tmp Infected: Email-Worm.Win32.Sober.x 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B2E31F6.htm Infected: Trojan-Downloader.VBS.Small.co 1
C:\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: Trojan-Downloader.Win32.Agent.hym 3
C:\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Shopper.am 1
C:\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Mostofate.bt 1
C:\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Mostofate.bn 2
C:\Documents and Settings\David Gasramone\Yugma\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
C:\Documents and Settings\David Gasramone\Yugma\lib\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15807C5A.tmp Infected: Email-Worm.Win32.Sober.x 1
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B2E31F6.htm Infected: Trojan-Downloader.VBS.Small.co 1
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: Trojan-Downloader.Win32.Agent.hym 3
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Shopper.am 1
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Mostofate.bt 1
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Mostofate.bn 2
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Yugma\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Yugma\lib\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
Z:\Dave\My Documents\xmasclipartfree.exe Infected: Trojan-Downloader.Win32.Agent.hym 3
Z:\Dave\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Shopper.am 1
Z:\Dave\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Mostofate.bt 1
Z:\Dave\My Documents\xmasclipartfree.exe Infected: not-a-virus:AdWare.Win32.Mostofate.bn 2

The selected area was scanned.




Deckard's System Scanner v20071014.68
Run by David Gasramone on 2008-06-15 23:06:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-16 03:06:44 UTC - RP1052 - Deckard's System Scanner Restore Point
2: 2008-06-15 13:34:56 UTC - RP1051 - Uniblue RegistryBooster
1: 2008-06-15 06:14:18 UTC - RP1050 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as David Gasramone.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:52 PM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\symantec\winfax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\MXOaldr.exe
C:\WINDOWS\system32\PELMICED.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Ahead\InCD\InCD.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\David Gasramone\Desktop\dss.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David Gasramone.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - blank (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [WFXSwtch] c:\PROGRA~1\symantec\winfax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Multiplicity] C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: BJ Status Monitor Canon i960.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: eCrew Delta Technology V13112 - http://ecrew.delta-air.com/classes/cst/eCrew13112.cab
O16 - DPF: eCrew Delta Technology V1410 - http://ecrew.delta-air.com/classes/cst/eCrew1410.cab
O16 - DPF: eCrew Delta Technology V14102 - http://ecrew.delta-air.com/eCrew14102.cab
O16 - DPF: eCrew Delta Technology V14120 - http://ecrew.delta-air.com/eCrew14120.cab
O16 - DPF: eCrew Delta Technology V14141 - http://ecrew.delta-air.com/eCrew14141.cab
O16 - DPF: eCrew Delta Technology V14169 - http://ecrew.delta-air.com/eCrew14169.cab
O16 - DPF: eCrew Delta Technology V14170 - http://ecrew.delta-air.com/eCrew14170.cab
O16 - DPF: eCrew Delta Technology V14180 - http://ecrew.delta-air.com/eCrew14180.cab
O16 - DPF: eCrew Delta Technology V14200 - http://ecrew.delta-air.com/eCrew14200.cab
O16 - DPF: eCrew Delta Technology V14210 - http://ecrew.delta-air.com/eCrew14210.cab
O16 - DPF: eCrew Delta Technology V14222 - http://ecrew.delta-air.com/eCrew14222.cab
O16 - DPF: eCrew Delta Technology V14240 - http://ecrew.delta-air.com/eCrew14240.cab
O16 - DPF: eCrew Delta Technology V14251 - http://ecrew.delta-air.com/eCrew14251.cab
O16 - DPF: eCrew Delta Technology V14260 - http://ecrew.delta-air.com/eCrew14260.cab
O16 - DPF: eCrew Delta Technology V1451 - http://ecrew.delta-air.com/eCrew1451.cab
O16 - DPF: eCrew Delta Technology V1472 - http://ecrew.delta-air.com/eCrew1472.cab
O16 - DPF: eCrew Delta Technology V1486 - http://ecrew.delta-air.com/eCrew1486.cab
O16 - DPF: eCrew Delta Technology V1491 - http://ecrew.delta-air.com/eCrew1491.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {186E51E5-96A2-4BC5-8858-581932C15F82} (CardPrintStub Class) - http://www.hpphoto.com/downloads/cardprint.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {52D7DDE4-F150-4D82-AAB5-6EED6AB7C708} (my printer) - http://www.hpphoto.com/downloads/HPPrint.cab
O16 - DPF: {5ACAA414-FCF1-468F-9442-71A7B6D2079E} (CitrixActivator Control) - https://www.myswa.com/citrix/CitrixActivator.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (PlotWon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.4.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {E7F2A7C5-E0FA-48F7-9893-DF78DDF131F2} (MC3LibControl.TclControl) - http://www.jeppesen.com/mvcontrol/mc3lib.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.printatwolf.com/add/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/.../qdiagh.cab?326
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 19588 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
R3 pelmouse (Mouse Suite Driver) - c:\windows\system32\drivers\pelmouse.sys <Not Verified; Primax Electronics Ltd.; Primax Mouse>
R3 pelusblf (USB Mouse Low Filter Driver) - c:\windows\system32\drivers\pelusblf.sys <Not Verified; Primax Electronics Ltd.; Primax USB Mouse>

S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 EGATHDRV (IBM Access Support) - c:\windows\downlo~1\egathdrv.sys
S3 epatap2k (SCM Parallel Port ATAPI Driver) - c:\windows\system32\drivers\epatap2k.sys <Not Verified; SCM Microsystems Inc.; Parallel port ATAPI driver>
S3 MotoSwitchService (MotoSwitch Service) - c:\windows\system32\drivers\motswch.sys <Not Verified; Motorola INC.; Motorola Switching Filter Driver>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>
R2 RetroLauncher (Retrospect Launcher) - c:\progra~1\dantz\retros~1\retrorun.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 ScsiAccess - c:\windows\system32\scsiaccess.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>

S2 InCDsrvR (InCD Helper (read only)) - c:\program files\ahead\incd\incdsrv.exe -r <Not Verified; Nero AG; Nero AG incdsrv>
S4 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe (file missing)
S4 Iomega Activity Disk2 - ""


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-15 18:15:46 442 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{697DED39-1803-4582-8B75-D89CC98B1933}.job
2008-06-15 01:57:48 360 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-06-04 13:08:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-01 01:00:31 352 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-05-31 21:33:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intuit
2008-05-26 12:46:54 0 d-------- C:\Documents and Settings\David Gasramone\Application Data\Uniblue
2008-05-26 12:46:36 0 d-------- C:\Program Files\Uniblue
2008-05-19 21:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-19 10:19:24 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-19 10:19:23 2551 --a------ C:\WINDOWS\unins000.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-15 11:59:01 0 d-------- C:\Program Files\Trend Micro
2008-06-15 01:30:58 0 d-------- C:\Program Files\thinkorswim
2008-05-31 19:07:41 0 d-------- C:\Program Files\Symantec
2008-05-28 21:19:14 823733 --a------ C:\Documents and Settings\David Gasramone\Application Data\dgarramone.zip
2008-05-26 10:16:10 0 d-------- C:\Documents and Settings\David Gasramone\Application Data\Adobe
2008-05-20 18:54:39 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-19 21:26:47 0 d-------- C:\Program Files\Lavasoft
2008-05-19 21:26:45 0 d-------- C:\Documents and Settings\David Gasramone\Application Data\Lavasoft
2008-05-19 21:24:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 22:45:08 0 d-------- C:\Program Files\Common Files
2008-05-10 22:45:04 0 d-------- C:\Program Files\Quicken
2008-05-07 14:20:42 0 d-------- C:\Program Files\Widget Works 4
2008-05-07 00:43:28 0 d-------- C:\Program Files\messenger
2008-05-07 00:41:54 0 d-------- C:\Program Files\Movie Maker
2008-05-07 00:33:02 0 d-------- C:\Program Files\Windows NT
2008-05-06 23:03:00 0 d-------- C:\Documents and Settings\David Gasramone\Application Data\OfficeUpdate12
2008-04-30 09:59:04 0 d-------- C:\Documents and Settings\David Gasramone\Application Data\webex
2008-04-21 17:18:17 0 d-------- C:\Program Files\McAfee
2008-04-15 23:21:40 0 d-------- C:\Program Files\iTunes
2008-04-15 23:21:10 0 d-------- C:\Program Files\iPod
2008-04-15 23:17:25 0 d-------- C:\Program Files\QuickTime
2008-04-15 23:10:14 0 d-------- C:\Program Files\Safari
2008-04-15 23:09:00 0 d-------- C:\Program Files\Apple Software Update
2008-04-04 20:11:53 10177 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 07:00 PM C:\WINDOWS\mixer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [09/24/2002 04:39 PM]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [08/13/2002 02:30 PM]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [07/16/2002 10:55 AM]
"Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [10/15/2002 10:32 AM]
"WFXSwtch"="c:\PROGRA~1\symantec\winfax\WFXSWTCH.exe" [12/12/2002 08:45 AM]
"WinFaxAppPortStarter"="wfxsnt40.exe" [12/12/2002 08:45 AM C:\WINDOWS\system32\WFXSNT40.EXE]
"MaxtorCombo"="C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe" [07/15/2002 09:23 PM]
"MXO Auto Loader"="C:\WINDOWS\MXOaldr.exe" [08/09/2002 07:09 PM]
"Mouse Suite 98 Daemon"="PELMICED.EXE" [08/21/2001 12:08 PM C:\WINDOWS\system32\PELMICED.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NSLU2 Flash Map Utility"="C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe" [04/30/2004 11:33 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [09/20/2005 11:06 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 11:43 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 02:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 12:22 PM]
"Multiplicity"="C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe" [01/16/2008 06:47 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [07/11/2006 08:23 AM]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [07/11/2006 08:26 AM]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [07/11/2006 08:24 AM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 07:16 PM]

C:\Documents and Settings\David Gasramone\Start Menu\Programs\Startup\
BJ Status Monitor Canon i960.lnk - C:\Documents and Settings\David Gasramone\cnmss Canon i960 (Local).exe [10/12/2005 6:52:46 PM]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [1/28/2007 10:52:09 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/16/2003 4:10:07 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= c:\program files\symantec\winfax\WfxSeh32.Dll [07/27/1998 04:54 AM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll 01/16/2008 06:47 PM 95480 C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-15 23:15:47 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2047.52 MiB / 1390.09 MiB
Pagefile Memory (total/avail): 4967.88 MiB / 4376.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.55 GiB total, 27.58 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is CDROM (No Media)
G: is Fixed (FAT32) - 76.31 GiB total, 24.06 GiB free.
Z: is Network (NTFS)

\\.\PHYSICALDRIVE1 -

\\.\PHYSICALDRIVE0 - SAMSUNG SP8004H - 74.56 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.55 GiB - C:

\\.\PHYSICALDRIVE2 - Maxtor 5000LE v01.00.00 USB Disk - 76.33 GiB - 1 partition
\PARTITION0 - Unknown - 76.33 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\David Gasramone\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David Gasramone
LOGONSERVER=\\OFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAVIDG~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAVIDG~1\LOCALS~1\Temp
USERDOMAIN=OFFICE
USERNAME=David Gasramone
USERPROFILE=C:\Documents and Settings\David Gasramone
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David Gasramone (admin)
Administrator (new local, admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5000 Series --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3BDB8AA5-EDDD-441A-877A-FC6D8664869F}
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Elements --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Funhouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AD33F54-A430-4CB2-9B7D-6CF4463C91CD}\setup.exe" -l0x9 -uninst
Art Explosion Scrapbook Factory --> MsiExec.exe /X{E432C362-6A71-4E8A-A68A-AE5246520656}
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{E74138F2-5F04-4E4F-8389-419E012C9B4C}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
Auto Maintenance Pro Version 9.0 --> C:\PROGRA~1\AUTOMA~1\UNWISE.EXE C:\PROGRA~1\AUTOMA~1\INSTALL.LOG
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVerTV Studio --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AVerTV2K\Uninst.isu"
Avery® Wizard 2.1 forMicrosoft® Word 2000 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
BiAdmin --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\Uninst.isu"
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{0725C68F-FD3A-4476-BDA0-C002C7FE307C}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{0725C68F-FD3A-4476-BDA0-C002C7FE307C}
BlackBerry v4.2.1 for the 8800 Series Wireless Handheld --> MsiExec.exe /X{C77F4772-9B17-473C-993C-398A0C23781C}
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}
Canon i960 --> C:\WINDOWS\System32\CNMCP5c.exe "-PRINTERNAMECanon i960" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities Easy-PhotoPrint Plus --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{12B09031-A7E1-43B1-AC8C-A202B676B556}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix ICA Web Client --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Comcast High-Speed Internet Install Wizard --> C:\Program Files\Support.com\uninstall\chsi_uninstaller.exe
Computerized Aviation Reference Library --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Summit Aviation\Reference Library\Uninst.isu"
Concord WinFax Plugin v3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1008475-75B2-4475-B98C-51FAE8B62960}\setup.exe"
Delta EPF Installer --> C:\Program Files\Entrust\EPFUninstall.exe -remove
DeltaNet VPN Connector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
DGOControls --> C:\Program Files\InstallShield Installation Information\{779A19AC-A302-425D-B295-F12116C2D731}\setup.exe -runfromtemp -l0x0009 -removeonly
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EasyBid 6 (PBS) for Windows --> C:\EasyBid6\UNWISE.EXE C:\EasyBid6\INSTALL.LOG
EasySwap 2.0 for Windows --> C:\PROGRA~1\EASYSW~1\UNWISE.EXE C:\PROGRA~1\EASYSW~1\INSTALL.LOG
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSstore --> MsiExec.exe /I{6016734B-42A7-4AEB-9248-1D1E4F69AB52}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EZOutlookSync --> C:\Program Files\EZOutlookSync\uninstall.exe
Fidelity Active Trader Pro® --> MsiExec.exe /X{BCBA2FBD-418E-4C34-A3B8-B5C14A0E30CA}
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Photo and Imaging 1.2 - Scanjet 4570c Series --> MsiExec.exe /I{EF729AE1-4AE9-402A-AF64-5C5A8150F549}
HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\SETUP.EXE" -INTELUNINST
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
InterVideo FilterSDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A15ED800-19FF-11D5-AF7F-0050BA1191E9}\setup.exe" REMOVEALL
Iomega Automatic Backup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}
IomegaWare 4.0.3 --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java ChartViewer 2.8.0 --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.jeppesen.com/wlcs/bangor-win32-1.0.jnlp"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_4082b5\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Living Trust Forms --> C:\WINDOWS\unvise32.exe C:\Program Files\Living Trust Forms\uninstal.log
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mirage Driver 1.1 --> "C:\Program Files\DemoForge\Mirage Driver\uninst\unins000.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mouse Suite --> Pmuninst.exe MouseSuite98
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multiplicity --> C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\UNWISE.EXE C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\INSTALL.LOG
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NSLU2 Flash Map Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7325E7B-6844-4D46-9515-365BCE0DC185}\Setup.exe" -l0x9
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda spyXposer --> C:\WINDOWS\system32\ASUninst.exe Panda spyXposer
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCI Audio Driver --> cmuninst.exe
Picasa --> C:\WINDOWS\Picasa Uninstaller.exe
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
PowerDesk --> C:\Program Files\Ontrack\PowerDesk\uninstal.exe C:\Program Files\Ontrack\PowerDesk
PowerDesk 4.0 --> C:\Program Files\Ontrack\PowerDesk\uninstal.exe C:\Program Files\Ontrack\PowerDesk
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Print Server Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuestionBank --> MsiExec.exe /I{54830960-3538-472B-9D9F-830B6E58EA70}
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
Quicken Rental Property Manager 2.0 --> MsiExec.exe /X{894A9DFD-6102-40AB-9C4A-1DCA60032D64}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Retrospect 5.6 --> MsiExec.exe /I{F4743672-FA5E-463E-BC4E-688D9CE6FEC2}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Supportsoft Web Controls --> "C:\Program Files\Support.com\unins000.exe"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Symantec WinFax PRO --> C:\WINDOWS\IsUninst.exe -f"c:\program files\symantec\winfax\WFXUNIST.ISU" -c"c:\program files\symantec\winfax\UNINSTUB.DLL"
SyncToy --> MsiExec.exe /I{15047293-954F-45B2-8A7B-D7226D2B6931}
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
thinkorswim --> C:\Program Files\thinkorswim\uninstall.exe
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TiVo Desktop --> MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
Tradelog --> "C:\Program Files\TradeLog\unins000.exe"
TurboTax Business 2005 --> C:\Program Files\TurboTax\Business 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2005\Uninstall.log" -NoGui
TurboTax Business 2006 --> C:\Program Files\TurboTax\Business 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2006\Uninstall.log" -NoGui
TurboTax Business 2007 --> C:\Program Files\TurboTax\Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2007\Uninstall.log" -NoGui
TurboTax Home & Business 2006 --> C:\Program Files\TurboTax\Home & Business 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2006\Uninstall.log" -NoGui
TurboTax Home & Business 2007 --> C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2003 --> C:\Program Files\TurboTax\Premier 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2003\Uninstall.log" -NoGui
TurboTax Premier 2004 --> C:\Program Files\TurboTax\Premier 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2004\Uninstall.log" -NoGui
TurboTax Premier 2005 --> C:\Program Files\TurboTax\Premier 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2005\Uninstall.log" -NoGui
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
UniPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Southwest Airlines\UniPrint\Uninst.isu"
UnlockItNow --> "C:\UnlockItNow\uninstall.exe"
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
WebEx --> C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Widget Works 4.0 for Windows --> C:\PROGRA~1\WIDGET~1\UNWISE.EXE C:\PROGRA~1\WIDGET~1\INSTALL.LOG
Windows Blaster Worm Removal Tool (KB833330) --> C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui


-- Application Event Log -------------------------------------------------------

Event Record #/Type44627 / Error
Event Submitted/Written: 06/15/2008 10:28:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ScanningProcess.exe, version 5.0.1.86, faulting module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.
Processing media-specific event for [ScanningProcess.exe!ws!]

Event Record #/Type44626 / Error
Event Submitted/Written: 06/15/2008 10:16:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ScanningProcess.exe, version 5.0.1.86, faulting module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.
Processing media-specific event for [ScanningProcess.exe!ws!]

Event Record #/Type44625 / Error
Event Submitted/Written: 06/15/2008 09:54:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ScanningProcess.exe, version 5.0.1.86, faulting module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.
Processing media-specific event for [ScanningProcess.exe!ws!]

Event Record #/Type44621 / Error
Event Submitted/Written: 06/15/2008 07:13:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ScanningProcess.exe, version 5.0.1.86, faulting module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.
Processing media-specific event for [ScanningProcess.exe!ws!]

Event Record #/Type44617 / Error
Event Submitted/Written: 06/15/2008 06:50:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ScanningProcess.exe, version 5.0.1.86, faulting module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.
Processing media-specific event for [ScanningProcess.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type92185 / Error
Event Submitted/Written: 06/15/2008 00:51:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The iPod Service service failed to start due to the following error:
%%1053

Event Record #/Type92184 / Error
Event Submitted/Written: 06/15/2008 00:51:48 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Event Record #/Type92183 / Error
Event Submitted/Written: 06/15/2008 00:51:47 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Event Record #/Type92124 / Error
Event Submitted/Written: 06/15/2008 02:00:00 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Event Record #/Type92123 / Error
Event Submitted/Written: 06/15/2008 01:59:09 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-06-15 23:15:47 ------------

Edited by dgarramone, 15 June 2008 - 11:04 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 07 July 2008 - 08:42 PM

Hello dgarramone,

Welcome back to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 dgarramone

dgarramone
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 14 July 2008 - 08:28 PM

Been in and out of town a lot lately so sorry about the delay and I appreciate you getting back to me. Computer will shut itself off at times. Not so bad lately, but still occurs. Also, when I run a virus check it will never complete without getting the blue screen of death. Then a reboot brings it back. Have run several adawares, registry repair programs. Like I said, it's a bit better, but it's disconcerting that I can't get through a virus scan (McAfee) with the BSOD.

Thanks, here's my latest Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:20 PM, on 7/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\symantec\winfax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\MXOaldr.exe
C:\WINDOWS\system32\PELMICED.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\thinkorswim\thinkorswim.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\thinkorswim\usergui\1148\IeEmbed.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - blank (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [WFXSwtch] c:\PROGRA~1\symantec\winfax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Multiplicity] C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
O4 - Startup: BJ Status Monitor Canon i960.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: eCrew Delta Technology V13112 - http://ecrew.delta-air.com/classes/cst/eCrew13112.cab
O16 - DPF: eCrew Delta Technology V1410 - http://ecrew.delta-air.com/classes/cst/eCrew1410.cab
O16 - DPF: eCrew Delta Technology V14102 - http://ecrew.delta-air.com/eCrew14102.cab
O16 - DPF: eCrew Delta Technology V14120 - http://ecrew.delta-air.com/eCrew14120.cab
O16 - DPF: eCrew Delta Technology V14141 - http://ecrew.delta-air.com/eCrew14141.cab
O16 - DPF: eCrew Delta Technology V14169 - http://ecrew.delta-air.com/eCrew14169.cab
O16 - DPF: eCrew Delta Technology V14170 - http://ecrew.delta-air.com/eCrew14170.cab
O16 - DPF: eCrew Delta Technology V14180 - http://ecrew.delta-air.com/eCrew14180.cab
O16 - DPF: eCrew Delta Technology V14200 - http://ecrew.delta-air.com/eCrew14200.cab
O16 - DPF: eCrew Delta Technology V14210 - http://ecrew.delta-air.com/eCrew14210.cab
O16 - DPF: eCrew Delta Technology V14222 - http://ecrew.delta-air.com/eCrew14222.cab
O16 - DPF: eCrew Delta Technology V14240 - http://ecrew.delta-air.com/eCrew14240.cab
O16 - DPF: eCrew Delta Technology V14251 - http://ecrew.delta-air.com/eCrew14251.cab
O16 - DPF: eCrew Delta Technology V14260 - http://ecrew.delta-air.com/eCrew14260.cab
O16 - DPF: eCrew Delta Technology V1451 - http://ecrew.delta-air.com/eCrew1451.cab
O16 - DPF: eCrew Delta Technology V1472 - http://ecrew.delta-air.com/eCrew1472.cab
O16 - DPF: eCrew Delta Technology V1486 - http://ecrew.delta-air.com/eCrew1486.cab
O16 - DPF: eCrew Delta Technology V1491 - http://ecrew.delta-air.com/eCrew1491.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {186E51E5-96A2-4BC5-8858-581932C15F82} (CardPrintStub Class) - http://www.hpphoto.com/downloads/cardprint.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {52D7DDE4-F150-4D82-AAB5-6EED6AB7C708} (my printer) - http://www.hpphoto.com/downloads/HPPrint.cab
O16 - DPF: {5ACAA414-FCF1-468F-9442-71A7B6D2079E} (CitrixActivator Control) - https://www.myswa.com/citrix/CitrixActivator.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (PlotWon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.4.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {E7F2A7C5-E0FA-48F7-9893-DF78DDF131F2} (MC3LibControl.TclControl) - http://www.jeppesen.com/mvcontrol/mc3lib.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.printatwolf.com/add/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/.../qdiagh.cab?326
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 18729 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 14 July 2008 - 08:56 PM

Hello,

Are you still using Norton? I don't see anything horrible in your log, so let's look somewhere to be sure:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 dgarramone

dgarramone
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 14 July 2008 - 10:51 PM

Thanks for the fast reply. Just ran Malware. Here are the logs you requested. BTW, I use to run Norton and removed that virus several years ago. At least as much as Norton will allow you to remove. I now run McAfee. I still have Norton's WinFax Pro on the computer and I believe some of the residual is due to WinFax Pro, or the fact that Norton is darn near impossible, barring a reformat, to remove.

Open to suggestions on virus programs. I Run McAfee, Uniblue RegistryBooster, Ad-Aware, Spybot and CWShredder as well as CCleaner

Thanks again for taking a look. Trying to eliminate all possibilities as I try and determine why the computer shuts itself off intermittently.

Malwarebytes' Anti-Malware 1.20
Database version: 951
Windows 5.1.2600 Service Pack 3

11:44:13 PM 7/14/2008
mbam-log-7-14-2008 (23-44-13).txt

Scan type: Quick Scan
Objects scanned: 47392
Time elapsed: 15 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:24 PM, on 7/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\symantec\winfax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\MXOaldr.exe
C:\WINDOWS\system32\PELMICED.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - blank (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [WFXSwtch] c:\PROGRA~1\symantec\winfax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Multiplicity] C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
O4 - Startup: BJ Status Monitor Canon i960.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: eCrew Delta Technology V13112 - http://ecrew.delta-air.com/classes/cst/eCrew13112.cab
O16 - DPF: eCrew Delta Technology V1410 - http://ecrew.delta-air.com/classes/cst/eCrew1410.cab
O16 - DPF: eCrew Delta Technology V14102 - http://ecrew.delta-air.com/eCrew14102.cab
O16 - DPF: eCrew Delta Technology V14120 - http://ecrew.delta-air.com/eCrew14120.cab
O16 - DPF: eCrew Delta Technology V14141 - http://ecrew.delta-air.com/eCrew14141.cab
O16 - DPF: eCrew Delta Technology V14169 - http://ecrew.delta-air.com/eCrew14169.cab
O16 - DPF: eCrew Delta Technology V14170 - http://ecrew.delta-air.com/eCrew14170.cab
O16 - DPF: eCrew Delta Technology V14180 - http://ecrew.delta-air.com/eCrew14180.cab
O16 - DPF: eCrew Delta Technology V14200 - http://ecrew.delta-air.com/eCrew14200.cab
O16 - DPF: eCrew Delta Technology V14210 - http://ecrew.delta-air.com/eCrew14210.cab
O16 - DPF: eCrew Delta Technology V14222 - http://ecrew.delta-air.com/eCrew14222.cab
O16 - DPF: eCrew Delta Technology V14240 - http://ecrew.delta-air.com/eCrew14240.cab
O16 - DPF: eCrew Delta Technology V14251 - http://ecrew.delta-air.com/eCrew14251.cab
O16 - DPF: eCrew Delta Technology V14260 - http://ecrew.delta-air.com/eCrew14260.cab
O16 - DPF: eCrew Delta Technology V1451 - http://ecrew.delta-air.com/eCrew1451.cab
O16 - DPF: eCrew Delta Technology V1472 - http://ecrew.delta-air.com/eCrew1472.cab
O16 - DPF: eCrew Delta Technology V1486 - http://ecrew.delta-air.com/eCrew1486.cab
O16 - DPF: eCrew Delta Technology V1491 - http://ecrew.delta-air.com/eCrew1491.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {186E51E5-96A2-4BC5-8858-581932C15F82} (CardPrintStub Class) - http://www.hpphoto.com/downloads/cardprint.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {52D7DDE4-F150-4D82-AAB5-6EED6AB7C708} (my printer) - http://www.hpphoto.com/downloads/HPPrint.cab
O16 - DPF: {5ACAA414-FCF1-468F-9442-71A7B6D2079E} (CitrixActivator Control) - https://www.myswa.com/citrix/CitrixActivator.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (PlotWon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.4.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {E7F2A7C5-E0FA-48F7-9893-DF78DDF131F2} (MC3LibControl.TclControl) - http://www.jeppesen.com/mvcontrol/mc3lib.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.printatwolf.com/add/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/.../qdiagh.cab?326
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 18556 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 14 July 2008 - 11:35 PM

Hello, try this for Norton :

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Could I please see an uninstall list?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 dgarramone

dgarramone
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 15 July 2008 - 06:19 AM

tea,

Thanks again for the fast response. Went to bed last night but started pandasoft active scan around midnight. It's around 7 am now, the scan is only 65% done and it's located 116 infected files so far. So this still has a bit of time to run. But here's the uninstall_list.txt you asked for.

Been a while since I used pandasoft's scan, can't remember if it just scans for infected files or finds them and fixes them.

Thanks for the Norton tool. Will run after the scan is done.

Dave

5000 Series
Acrobat.com
Acrobat.com
Active Disk
Ad-Aware 2007
Adobe AIR
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements
Adobe Reader 9
Adobe SVG Viewer 3.0
Agere Systems PCI Soft Modem
AIM 6
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Funhouse
Art Explosion Scrapbook Factory
aspi
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
Auto Maintenance Pro Version 9.0
Avanquest update
AVerTV Studio
Avery® Wizard 2.1 forMicrosoft® Word 2000
BiAdmin
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
BlackBerry v4.2.1 for the 8800 Series Wireless Handheld
Canon Camera Window for ZoomBrowser EX
Canon i960
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCHelp
CCleaner (remove only)
CCScore
Citrix ICA Web Client
Comcast High-Speed Internet Install Wizard
Computerized Aviation Reference Library
Concord WinFax Plugin v3.0
Delta EPF Installer
DeltaNet VPN Connector
DGOControls
Drivers Install For Linksys Easylink Advisor
EasyBid 6 (PBS) for Windows
EasySwap 2.0 for Windows
Easy-WebPrint
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSstore
ESSvpaht
ESSvpot
EZOutlookSync
Fidelity Active Trader Pro®
Free Games Offer, Desktop Shortcut
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
hp instant support
HP Photo and Imaging 1.2 - Scanjet 4570c Series
HydraVision
Intel Application Accelerator
Intel® PRO Ethernet Adapter and Software
InterVideo FilterSDK
Iomega Automatic Backup
IomegaWare 4.0.3
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor 1.6 (0032)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Living Trust Forms
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Outlook 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Mirage Driver 1.1
Motorola Phone Tools
Mouse Suite
Mozilla Firefox (2.0.0.15)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multiplicity
Nero Suite
Notifier
NSLU2 Flash Map Utility
OTtBP
Panda ActiveScan
Panda ActiveScan 2.0
Panda spyXposer
PCDLNCH
PCI Audio Driver
Picasa
Picture Package Music Transfer
PowerDesk
PowerDesk 4.0
PowerDVD
Print Server Driver
Pure Networks Port Magic
QuestionBank
Quicken 2008
Quicken Rental Property Manager 2.0
QuickTime
Registry Mechanic 7.0
Retrospect 5.6
Roxio Media Manager
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SFR
SFR2
Sony Picture Utility
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Supportsoft Web Controls
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
Symantec WinFax PRO
SyncToy
SyncToy
thinkorswim
Time Zone Data Update Tool for Microsoft Office Outlook
TiVo Desktop
Tradelog
TurboTax Business 2005
TurboTax Business 2006
TurboTax Business 2007
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2003
TurboTax Premier 2004
TurboTax Premier 2005
Uniblue RegistryBooster 2
UniPrint
UnlockItNow
Update for Windows XP (KB951978)
USB Storage Adapter FX (MXO)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
WebEx
Webshots Desktop
WexTech AnswerWorks
Widget Works 4.0 for Windows
Windows Blaster Worm Removal Tool (KB833330)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar

#8 dgarramone

dgarramone
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 15 July 2008 - 07:10 AM

tea,

The pandasoft scan just finished. It said I had over 160 infected files. The text file only came up with 30 Malware, none appear to be viruses. Not sure if the other 130 or so are infected files that I need to get their program to clean up or just duplicates of the malware.

Here's the txt file.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-15 08:02:48
PROTECTIONS: 2
MALWARE: 30
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Cookies\david_gasramone@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Cookies\david_gasramone@xiti[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Cookies\david_gasramone@counter.hitslink[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Cookies\david_gasramone@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.bs.serving-sys.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Cookies\david_gasramone@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.ads.pointroll.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[hc2.humanclick.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Cookies\david_gasramone@go[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Cookies\david_gasramone@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Cookies\david_gasramone@did-it[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\COOKIES.TXT[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David Gasramone\Application Data\Mozilla\Firefox\Profiles\o20al330.default\cookies.txt[.atwola.com/]
00527204 Application/PRScheduler HackTools No 0 Yes No G:\Retrospect Backup\Backup copy of Drive C ©\Program Files\Microsoft AntiSpyware\Quarantine\CC821279-3F3A-4533-868E-CB7BBF\0D3DE536-E8E8-4605-A6B0-7A9D0E
00527204 Application/PRScheduler HackTools No 0 Yes No C:\Program Files\Microsoft AntiSpyware\Quarantine\CC821279-3F3A-4533-868E-CB7BBF\0D3DE536-E8E8-4605-A6B0-7A9D0E
;===================================================================================================================================================================================
SUSPECTS
Sent Location \
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description \
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 16 July 2008 - 01:06 PM

Hello,

Uninstall all of the following via Add/Remove. Just the Java alone will free you up over a gig of space :

Java™ SE Runtime Environment 6 Update 1
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
Symantec WinFax PRO
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
Free Games Offer, Desktop Shortcut


Reboot your computer afterwards.

Panda basically came up clean. All but a few were cookies, and the others are from a very OLD OLD application, Microsoft Antispyware and its quarantine, which you should delete.

In your reply, let me know how it's running. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 dgarramone

dgarramone
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 16 July 2008 - 09:24 PM

tea,

I removed all the programs except for the Symantec programs associated with WinFax Pro. I still use that program as my Fax software. So LiveReg and Live Update had to stay. Removed a few other programs that I wasn't using as well.

Reboot got my attention as it was rediscovering my DVD and CD drives. But all seems to be running smoothly so far.

I updated my Adaware program and ran it. Found a couple of critical items - 2 BroadCast PC, and a bunch of Tracking Cookies. I was able to finally get through a virus check without the Blue Screen of Death.

So far everything seems to be running pretty smoothly. I use Multiplicity to connect my destop to my laptop so I can control my four monitors. Seems as though the mouse moves a bit smoother across the platforms. Will know better when I get into full graphics mode tomorrow.

Thanks for you help so far.

Dave :thumbsup:

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 17 July 2008 - 12:41 PM

Hi Dave,

Okie dokie, it's tomorrow! :thumbsup: How's it doing?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 dgarramone

dgarramone
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 18 July 2008 - 06:29 AM

Well,

Made it through yesterday without a hiccup. I mentioned I was able to get through a virus scan the other day without the BSOD. The power down issue was an intermittent one and I haven't experienced one of those in a while. So, so far, so good. My McAfee will keep popping up with an error that my SystemGuard protection keeps getting shut off. That is a bit disconcerting. Sometimes a reboot helps that go away. Not sure what is causing that -- if it continues I might uninstall/reinstall McAfee to see if maybe it's a bad file. Hard to imagine it's a virus after all the scans I just did.

Let me give it a week or so and I'll let you know.

Dave

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:16 PM

Posted 07 August 2008 - 07:29 PM

Yoo Hoo!! Everything still all right? It's been much over a week now. :thumbsup:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users