Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue Screen, again. please help?

Started by jezuzgirl , Jul 03 2008 02:01 PM

  • Please log in to reply

#1
jezuzgirl
Posted 03 July 2008 - 02:01 PM

jezuzgirl

    New Member

  • Member
  • Pip
  • 1 posts
Ok, a few months ago we moved across state. When we packed up the computer in the original box and packaging, it was running fine. About a month prior to that, we took it into Best Buy to have a virus removed and new protection software installed, (Trend Micro Antivirus and Spy Sweep). When we moved into our new home, we unpacked the computer, plugged it in, and booted up, all I got was a black screen and blinking underscore. I couldn't even start up in safe mode. After a few reboots, I got it to start in safe mode, and I did a system restore to a week before we moved. It was fine. About 2 weeks later I got another blue screen. Started up in safe mode, ran Trend Micro Antivirus and found 7 virus' including some set by Xango, in it's uninstall app. Got rid of those, and still a blue screen. Then I found your web site, ran everything except for Panda because the site wasn't working, also couldn't set a new system restore point, (Maybe because i'm in safe mode? I dunno). So I rebooted, and everything has been fine, for about two weeks, until right now. I went again to your site, ran all the scans, and rebooted. Still have a blue screen. Here are the logs of my scans, and thanks for whatever help you can offer. You guys are great. :)

Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/2/2008 21:49:26
VSAPI Engine Version : 8.700-1004
VSCANTM Version : 2.00-1000 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 379 (296167/303844 Patterns) (2008/07/01) (537950)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 545 (7677/303844 Patterns) (2007/09/04) (54500)

Command Line: C:\Program Files\Trend Micro\Internet Security\TVScan32.exe -S -SSAPTN -VSSPYWARE+ -c -d2 -I -LC=C:\Documents and Settings\Owner\Desktop\Virus Scan.log C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\

Fail to Clean [ PAK_Generic.001]( 1) from C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncPlanObserver.exe
Success Delete [ PAK_Generic.001]( 1) from C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncPlanObserver.exe
Fail to Clean [ PAK_Generic.001]( 1) from C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUIHandler.exe
Success Delete [ PAK_Generic.001]( 1) from C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncUIHandler.exe
Fail to Clean [ PAK_Generic.001]( 1) from D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP62\A0038231.exe
Success Delete [ PAK_Generic.001]( 1) from D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP62\A0038231.exe
Fail to Clean [ PAK_Generic.001]( 1) from D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP62\A0038232.exe
Success Delete [ PAK_Generic.001]( 1) from D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP62\A0038232.exe
Fail to Clean [ PAK_Generic.001]( 1) from D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP62\A0038233.exe
Success Delete [ PAK_Generic.001]( 1) from D:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP62\A0038233.exe
129678 files have been read.
129678 files have been checked.
129651 files have been scanned.
332100 files have been scanned. (including files in archived)
5 files containing viruses.
Found 5 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/3/2008 01:30:21 3 hours 40 minutes 43 seconds (13243.23 seconds) has elapsed.(102.124 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:24 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f830.mail....d=3i3sd1j9ccm9t
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" -UpdateCurrentUser
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE" Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....abs/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay11...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} (ECareAgent Class) - http://ecare1a.netop...t_4.2.1.318.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/...all/Crusher.cab
O18 - Protocol: bw+0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw+0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw-0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw-0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw00 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw00s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw10 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw10s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw20 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw20s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw30 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw30s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw40 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw40s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw50 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw50s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw60 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw60s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw70 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw70s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw80 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw80s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw90 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bw90s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwa0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwa0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwb0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwb0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwc0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwc0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwd0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwd0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwe0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwe0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwf0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwf0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwg0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwh0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwh0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwi0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwi0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwj0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwj0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwk0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwk0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwl0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwl0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwm0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwm0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwn0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwn0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwo0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwo0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwp0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwp0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwq0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwq0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwr0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwr0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bws0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bws0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwt0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwt0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwu0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwu0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwv0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwv0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bww0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bww0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwx0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwx0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwy0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwy0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwz0 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: bwz0s - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O18 - Protocol: offline-8876480 - {21E27362-B330-401C-A48D-DB535479A3CB} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 14184 bytes




StartupList report, 7/3/2008, 2:55:57 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

wltray.exe = C:\WINDOWS\system32\wltray.exe
SunKistEM = "C:\Program Files\Digital Media Reader\shwiconem.exe"
SoundMan = SOUNDMAN.EXE
LXCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
CHotkey = zHotkey.exe
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
UfSeAgnt.exe = "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
masqform.exe = "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" -UpdateCurrentUser
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
SUPERAntiSpyware = "C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE" Software\SUPERAntiSpyware.com\SUPERAntiSpyware

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[MRI_DISABLED]
AdobeUpdater = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
MP Scheduled Scan.job
Norton Internet Security - Run Full System Scan - Owner.job
Norton Security Scan.job
RegSweep Scheduled Scan.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
User_Feed_Synchronization-{324A78B3-C709-416A-AA2D-3106D8B8ED98}.job
wrSpySweeper_L05F62D12D7E84351A240713229EEB341.job
wrSpySweeper_L5944A2FB2A10438496F9F3D1A76DA82E.job
wrSpySweeper_L904AB394BBFC402184AC7C426264E75D.job
wrSpySweeper_LB0E4C231384D41B1A49E36237BF902B5.job
wrSpySweeper_LC9C7DAE2C35C4FEE883E6F076B43B0AC.job
wrSpySweeper_LD4909ABECAA941AFBEC7E4CFA5E517B4.job
wrSpySweeper_LF5B4AE1A838440D6B4FD0358C38031D6.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[Facebook Photo Uploader 5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
CODEBASE = http://upload.facebo...toUploader5.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[Symantec Script Runner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
CODEBASE = http://www.symantec....abs/tgctlsr.cab

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = http://download.mcaf...01/mcinsctl.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by117fd.bay11...es/MsnPUpld.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[{6A344D34-5231-452A-8A57-D064AC9B7862}]
CODEBASE = https://webdl.symant...ex/symdlmgr.cab

[ECareAgent Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CobAgent4_2_1_318.dll
CODEBASE = http://ecare1a.netop...t_4.2.1.318.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab

[Shutterfly Picture Upload Plugin]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sfuploadplugin.ocx
CODEBASE = http://web1.shutterf...ds/Uploader.cab

[Creative Toolbox Plug-in]
InProcServer32 = C:\WINDOWS\system32\Crusher.dll
CODEBASE = http://ak.imgag.com/...all/Crusher.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://fpdownload.ma...ent/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 7,521 bytes
Report generated in 0.015 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AIM 6
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AudibleManager
Bejeweled 2 Deluxe
Belkin Wireless Utility
Best Buy Digital Music Store
BigFix
CardRd81
CCHelp
CCleaner (remove only)
CCScore
CR2
Digital Locker Assistant
Digital Media Reader
DVD Audio Ripper
DVD Shrink 3.2
DVDFab HD Decrypter 4.1.0.2
EPSON Printer Software
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-spyware 4.0
Falcon 4.0: Allied Force
Far Cry
Flickr Uploadr 3.0.5
GUN ™
Heroes of the Pacific
Hijackthis 1.99.1
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
ICS Viewer 6.0
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 3
Kodak EasyShare software
KSU
Lexmark 730 Series
Lexmark Skin: Machine1
Lexmark Skin: Nature TV1
Lexmark Skin: Nature TV2
Lexmark Skin: Nature TV3
Logitech Desktop Messenger
Logitech SetPoint
Magic ISO Maker v5.3 (build 0221)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Flight Simulator X
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Multimedia Keyboard Driver
Musicmatch® Jukebox
MySpaceIM
Napster Burn Engine
Nero BurnRights
Nero OEM
Netflix Movie Viewer
Norton™ Security Scan
Notifier
OTtBP
OTtBPSDK
PartyPoker
PCDLNCH
PowerDVD
QuickTime
RealArcade
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SFR
SFR2
SoftV92 Data Fax Modem with SmartCP
Spy Sweeper
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
Trend Micro AntiVirus
Trend Micro AntiVirus
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB953356)
VCAMCEN
Verizon SmartCall
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Search Protection
Yahoo! Toolbar




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2008 at 08:35 AM

Application Version : 4.15.1000

Core Rules Database Version : 3495
Trace Rules Database Version: 1486

Scan type : Complete Scan
Total Scan Time : 01:28:59

Memory items scanned : 474
Memory threats detected : 0
Registry items scanned : 6370
Registry threats detected : 0
File items scanned : 27152
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
C:\Documents and Settings\Nick\Cookies\[email protected][1].txt
C:\Documents and Settings\Nick\Cookies\[email protected][2].txt
C:\Documents and Settings\Nick\Cookies\[email protected][1].txt
C:\Documents and Settings\Nick\Cookies\[email protected][2].txt

Edited by jezuzgirl, 03 July 2008 - 02:59 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP