Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My screen is flashing on and off -HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My screen is flashing on and off -HELP!

Unread postby Lana » November 29th, 2007, 9:35 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:18 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.upromise.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [Sonic RecordNow!] (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1010\..\Run: [Sonic RecordNow!] (User 'Colton')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6094 bytes
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm
Advertisement
Register to Remove

Re: My screen is flashing on and off -HELP!

Unread postby Katana » December 4th, 2007, 6:42 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please post a fresh Hijack This log to this thread.
I will be notified and I will get back to you ASAP.

Please include a full description of your problem

Does your monitor work properly in safe mode ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My screen is flashing on and off -HELP!

Unread postby Lana » December 4th, 2007, 11:28 pm

I can use the computer in safe mode...when I try to boot it up normally...it simply flashes on and off and then the screen remains black.

I ran ad aware, spybot, error killer and norton (corporate edition) and removed all of the infections found. I also removed the roxio shared file on my hijack log because I did not download that file and I was concerned that it was a shared file. I just noticed that it is back on my logfile despite my attempt to delete it. I also deleted all of my temporary files and ran smitfraud.

Here's my latest file...I am almost ready to give up and buy another computer....this is so frustrating. I appreciate your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:00 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [Sonic RecordNow!] (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Richard')
O4 - HKUS\S-1-5-21-589184938-1158522758-2637947612-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Richard')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 5791 bytes
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm

Re: My screen is flashing on and off -HELP!

Unread postby Katana » December 5th, 2007, 5:27 am

There is no malware obvious, it may be a problem with your graphics card.
We look a bit deeper first though

A couple of questions
How old is the machine ?
have you installed any programs or games recently ?
have you installed any new hardware ?

Deckard's System Scanner
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My screen is flashing on and off -HELP!

Unread postby Lana » December 5th, 2007, 8:47 pm

The computer is 4 years old. I recently updated my itunes software from the website....I also added software for a blackberry.

Here are the files...I can only use the computer in safe mode.

Deckard's System Scanner v20071014.68
Run by Lana on 2007-12-05 19:40:51
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
97: 2007-11-28 06:37:20 UTC - RP865 - Windows Defender Checkpoint
96: 2007-11-28 03:59:35 UTC - RP864 - Installed Ad-Aware 2007
95: 2007-11-28 03:49:20 UTC - RP863 - Software Distribution Service 3.0
94: 2007-11-28 03:32:57 UTC - RP862 - Software Distribution Service 3.0
93: 2007-11-28 03:29:21 UTC - RP861 - Installed Windows Defender


-- First Restore Point --
1: 2007-08-31 02:50:46 UTC - RP769 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Lana.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:18 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lana\Local Settings\Temporary Internet Files\Content.IE5\HW7V6BZE\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lana.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 5039 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070822-191908-658 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070822-191908-868 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
backup-20070822-191908-878 O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
backup-20070822-191908-961 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20071127-191135-152 O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
backup-20071127-191135-179 O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
backup-20071127-191135-224 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
backup-20071127-191135-378 O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
backup-20071127-191135-444 O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
backup-20071127-191135-619 O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
backup-20071127-191135-974 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
backup-20071201-201823-237 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20071201-201823-457 O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
backup-20071201-201824-520 O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
backup-20071201-201824-706 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
backup-20071202-215116-273 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
backup-20071202-215116-722 O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-05 19:39:40 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-28 20:12:06 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-28 03:30:00 408 --a------ C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
2007-11-28 03:00:00 494 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2007-11-24 11:17:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-05 and 2007-12-05 -----------------------------

2007-12-02 21:17:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-02 21:17:51 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-02 21:13:20 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-02 21:13:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-02 21:13:19 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-01 08:20:34 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-11-28 21:39:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 22:59:36 0 d-------- C:\Program Files\Lavasoft
2007-11-27 22:59:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-27 22:58:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 22:29:23 0 d-------- C:\Program Files\Windows Defender
2007-11-24 11:21:05 0 d-------- C:\Program Files\iTunes
2007-11-24 11:18:15 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2007-12-02 21:14:14 2478 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-29 06:42:13 256 --a------ C:\WINDOWS\system32\pool.bin
2007-11-27 22:58:50 0 d-------- C:\Program Files\Common Files
2007-11-27 19:20:20 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-11-24 11:21:22 0 d-------- C:\Program Files\iPod
2007-11-24 11:16:59 0 d-------- C:\Program Files\Apple Software Update
2007-10-19 22:02:42 36 --ah----- C:\WINDOWS\system32\f9t.dat
2007-10-19 21:56:44 0 d-------- C:\Documents and Settings\Lana\Application Data\Stamps.com Internet Postage
2007-10-19 03:24:27 0 d-------- C:\Program Files\AdwareAlert
2007-10-15 17:04:02 0 d-------- C:\Program Files\Common Files\Intuit
2007-10-09 02:00:22 0 d-------- C:\Documents and Settings\Lana\Application Data\AdwareAlert


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\NavNT\vptray.exe" [09/24/2001 07:59 AM]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [07/01/2004 12:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/13/2006 11:05 AM]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/04/2007 12:41 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

C:\Documents and Settings\Lana\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 2:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [3/28/2007 10:32:56 AM]
DESKTOP.INI [9/3/2002 2:36:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
backup=C:\WINDOWS\pss\HP LaserJet Director.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lana^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Lana\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVENTLISTENER]
C:\Program Files\Common Files\FotoNation\EvLstnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcvratik]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mevefawy]
C:\Program Files\Online Services\mevefawy22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ncao]
"C:\WINDOWS\PPATCH~1\rundll32.exe" -vt ndrv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
"C:\WINDOWS\svhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uprom]
"C:\Program Files\Upromise__RemindU\UpromiseRemindUv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\NavNT\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{8F-FE-EE-EA-ZN}]
C:\windows\system32\dwdsrngt.exe CHD003




-- End of Deckard's System Scanner: finished at 2007-12-05 19:43:51 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 510.98 MiB / 325.3 MiB
Pagefile Memory (total/avail): 1247.83 MiB / 1123.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.72 GiB total, 61.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lana\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RICHARD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lana
LOGONSERVER=\\RICHARD
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Outlook Express;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Lana\LOCALS~1\Temp
TMP=C:\DOCUME~1\Lana\LOCALS~1\Temp
USERDOMAIN=RICHARD
USERNAME=Lana
USERPROFILE=C:\Documents and Settings\Lana
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Richard (admin)
Lana (admin)
Colton (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
Business Contact Manager for Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DS21Patch --> MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Card Games 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D361C406-ED11-4A88-AD42-4A749BBAE6F9}\setup.exe" -l0x9 -removeonly
HyperCD --> C:\WINDOWS\IsUninst.exe -fC:\HyperCD\Uninst.isu
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod Access for Windows v2.9.1 --> "C:\Program Files\iPod Access for Windows\unins000.exe"
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{5E8858EC-6B09-4939-99F2-5678073A0327}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Lana\Application Data\Move Networks\ie_bin\unins000.exe"
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
Nikon View Ver.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BC47F60-E41B-11D3-BF8E-00E0295703D2}\setup.exe"
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PopupRadar 1.0.0.0 --> "C:\Program Files\PopupRadar\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QBFC3.0 --> MsiExec.exe /X{5A847475-157F-45AD-9919-CD40D344B8B1}
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stamps.com --> "C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Intuit QuickBooks Pro 2004, Pro 2005, Premier 2005 --> "C:\Documents and Settings\All Users\Application Data\{6E955AE8-0B79-4AB3-B0C5-1FA0F6D96669}\QBABPstmp.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Microsoft Outlook 2000-2007 --> "C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\MSOPIMstmp.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Microsoft Outlook 97-2007 --> "C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\MSOABPstmp.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Microsoft Word 2000-2007 --> "C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Outlook Express, Works, IE --> "C:\Documents and Settings\All Users\Application Data\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}\OEABPstmp.exe" REMOVE=TRUE MODIFY=FALSE
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Home & Business 2006 --> C:\Program Files\TurboTax\Home & Business 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier Home & Business 2003 --> C:\Program Files\TurboTax\Premier Home & Business 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Premier Home & Business 2003\Uninstall.log" -NoGui
Upromise remindU --> "C:\Program Files\Upromise__RemindU\UpromiseRemindUv.exe" unupro5
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar --> MsiExec.exe /X{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type84401 / Error
Event Submitted/Written: 12/05/2007 07:37:30 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type84400 / Error
Event Submitted/Written: 12/04/2007 10:20:00 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type84399 / Error
Event Submitted/Written: 12/04/2007 03:41:21 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type84397 / Error
Event Submitted/Written: 12/03/2007 08:41:51 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type84396 / Error
Event Submitted/Written: 12/03/2007 07:49:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application spybotsd.exe, version 1.5.1.15, faulting module spybotsd.exe, version 1.5.1.15, fault address 0x002b5c73.
Processing media-specific event for [spybotsd.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26536 / Error
Event Submitted/Written: 12/05/2007 07:38:05 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Event Record #/Type26535 / Error
Event Submitted/Written: 12/05/2007 07:37:30 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type26534 / Error
Event Submitted/Written: 12/05/2007 07:36:57 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type26529 / Error
Event Submitted/Written: 12/05/2007 07:45:12 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type26528 / Error
Event Submitted/Written: 12/05/2007 00:00:12 AM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.



-- End of Deckard's System Scanner: finished at 2007-12-05 19:43:51 ------------
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm

Re: My screen is flashing on and off -HELP!

Unread postby Katana » December 6th, 2007, 6:49 am

There is evidence of some infections there that have been stopped using MSConfig, did you do a full clean or just stop them running ?

Download and Run ComboFix
  • Download Combofix from one of the links below :

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3
  • Then double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My screen is flashing on and off -HELP!

Unread postby Lana » December 6th, 2007, 8:22 pm

ComboFix 07-12-07.2.F - Lana 2007-12-06 19:18:52.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.279 [GMT -5:00]
Running from: C:\Documents and Settings\Lana\Local Settings\Temporary Internet Files\Content.IE5\HW7V6BZE\ComboFix[1].exe
.

((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-05 19:39 . 2007-12-05 19:39 <DIR> d-------- C:\Deckard
2007-12-02 21:17 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-12-02 21:17 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-12-02 21:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-12-02 21:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-12-02 21:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-12-01 08:20 . 2007-12-01 08:20 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-11-28 21:39 . 2007-11-29 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 22:59 . 2007-11-27 22:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 22:59 . 2007-11-27 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-27 22:58 . 2007-11-27 22:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 22:29 . 2007-11-27 22:29 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-24 11:22 . 2007-11-29 06:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-24 11:22 . 2007-11-24 11:22 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-24 11:21 . 2007-11-24 11:21 <DIR> d-------- C:\Program Files\iTunes
2007-11-24 11:18 . 2007-11-24 11:18 <DIR> d-------- C:\Program Files\QuickTime
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
2007-12-01 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\{6E955AE8-0B79-4AB3-B0C5-1FA0F6D96669}
2007-11-28 00:20 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-11-24 16:21 --------- d-----w C:\Program Files\iPod
2007-11-24 16:16 --------- d-----w C:\Program Files\Apple Software Update
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-20 02:56 --------- d-----w C:\Documents and Settings\Lana\Application Data\Stamps.com Internet Postage
2007-10-19 08:24 --------- d-----w C:\Program Files\AdwareAlert
2007-10-15 22:05 --------- d-----w C:\Documents and Settings\Richard\Application Data\Stamps.com Internet Postage
2007-10-15 22:04 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-15 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
2007-10-15 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2007-10-15 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2007-10-15 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-10-09 07:00 --------- d-----w C:\Documents and Settings\Lana\Application Data\AdwareAlert
2007-08-14 12:45 6,421 --sha-w C:\WINDOWS\SYSTEM32\ihkmp.bak1
2007-08-14 23:20 6,421 --sha-w C:\WINDOWS\SYSTEM32\stvwa.bak1
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-04 00:41]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\NavNT\vptray.exe" [2001-09-24 07:59]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-07-01 12:15]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-13 11:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
backup=C:\WINDOWS\pss\HP LaserJet Director.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lana^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Lana\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 02:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 02:04 114741 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 11:27 28672 --a------ C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVENTLISTENER]
2000-06-20 19:46 53248 --------- C:\Program Files\Common Files\FotoNation\EvLstnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcvratik]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
2002-04-22 12:57 90112 --------- C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
2002-04-22 12:56 94208 --------- C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mevefawy]
C:\Program Files\Online Services\mevefawy22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-07-01 12:15 53248 --------- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-07-01 12:15 131072 --------- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ncao]
C:\WINDOWS\PPATCH~1\rundll32.exe -vt ndrv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-26 20:47 204800 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
C:\WINDOWS\svhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-04 00:41 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 02:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uprom]
2007-05-22 12:49 263712 --a------ C:\Program Files\Upromise__RemindU\UpromiseRemindUv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2001-09-24 07:59 73728 --------- C:\PROGRA~1\NavNT\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{8F-FE-EE-EA-ZN}]
C:\windows\system32\dwdsrngt.exe CHD003

S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-24 16:17:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 01:12:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-28 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\errorkiller\ErrorKiller.ex
- C:\Program Files\errorkiller
"2007-12-06 00:56:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 19:19:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 19:20:11
C:\ComboFix-quarantined-files.txt ... 2007-08-21 21:15
C:\ComboFix2.txt ... 2007-12-06 19:04
C:\ComboFix3.txt ... 2007-08-21 21:16
.
--- E O F ---
Thank you!
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm

Re: My screen is flashing on and off -HELP!

Unread postby Katana » December 6th, 2007, 10:19 pm

The only things showing in your log are a couple of entries from "rogue" programs, and you seem to have removed the programs anyway.

I did not want to do this, because it is not safe for you to be online in safe mode
but I need an online scan.

TotalScan

Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My screen is flashing on and off -HELP!

Unread postby Lana » December 7th, 2007, 10:39 pm

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-07 20:04:21
PROTECTIONS: 3
MALWARE: 41
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 7.6 No No
Windows Defender 1.1.3007.0 No No
Norton Antivirus Edition 7.5 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@casalemedia[3].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@casalemedia[3].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@atdmt[4].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@atdmt[3].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Lana\Desktop\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP769\A0081680.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP865\A0118005.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Lana\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@tribalfusion[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@mediaplex[3].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@linksynergy[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@anm.co[1].txt
00156964 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@112.2o7[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@www.myaffiliateprogram[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@com[3].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@ad.yieldmanager[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@burstnet[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@www.burstbeacon[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lana\Cookies\lana@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@go[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@did-it[1].txt
00213030 application/regclean32 HackTools No 0 Yes No hkey_current_user\software\registry cleaner
00248163 Adware/TopRebates Adware No 0 Yes No C:\WINDOWS\Downloaded Program Files\UpromiseRemindU_InstallSilent.inf
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Richard\Cookies\richard@atwola[2].txt
00371752 Adware/Yazzle Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir
00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP865\A0118007.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Lana\Desktop\SmitfraudFix\restart.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Lana\Desktop\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/restart.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP865\A0119047.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\nircmd.exe
01266988 Adware/WebHancer Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tempchk\w86.exe.vir[whAgent.exe]
01299321 Adware/TopRebates Adware No 0 Yes No C:\Program Files\Upromise__RemindU\UpromiseRemindUv.exe
01353539 Adware/WebHancer Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tempchk\w86.exe.vir[webhdll.dll]
01353540 Adware/WebHancer Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tempchk\w86.exe.vir[whiehlpr.dll]
01353541 Adware/WebHancer Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tempchk\w86.exe.vir[whInstaller.exe]
01356815 Adware/WebHancer Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tempchk\w86.exe.vir
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Lana\Desktop\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Lana\Desktop\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP865\A0118006.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
In regards to your question concerning the infections stopped using MSCONFIG...I am not sure what I did. I have run so many programs...it's hard to keep track. Usually, I remove the infection or quarantine if I cannot remove. My Norton corporate edition should still be active. I just did a live update for symantec...it says I have 318 items in quarantine. Those have accumulated over the years.

I really appreciate your help. I did hear from a tech guy at work that apple/itunes just issued a bulletin about a possible security issue with an itunes update and I did update mine recently.

Lana
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm

Re: My screen is flashing on and off -HELP!

Unread postby Katana » December 8th, 2007, 5:23 am

Well, all that scan shows is a few cookies, and a bit of adware that is neither here nor there.
Nothing that would be causing the screen problems.

About when did this start to happen ?
Did you try system restore to a point before it began ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My screen is flashing on and off -HELP!

Unread postby Lana » December 8th, 2007, 9:37 am

It started about two weeks ago. The screen started flashing off but would come back on if I moved the mouse....it became worse within a couple days and finally it would go black and flash. I could see some small white type in the middle of the screen, but it flashed so quickly that I could not read it. Eventually, it would not even work.

Could it be something with the screensaver or standby options that has gone bad?

I did check my settings and everything appeared correct.

I am not sure how to system restore? How do I do that?

Lana
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm

Re: My screen is flashing on and off -HELP!

Unread postby Lana » December 8th, 2007, 9:51 am

I re-booted in safe mode and selected last known good configuration...it didn't work.

It's almost like something in the normal start-up or configuration is telling the monitor to go into the power saving mode.


Lana
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm

Re: My screen is flashing on and off -HELP!

Unread postby Katana » December 8th, 2007, 10:03 am

Last known good configuration is a different thing :)

1.Click Start, and then click Help and Support.

2.Under Pick a Task, click Undo changes to your computer with System Restore.

3.Follow the instructions on the wizard.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My screen is flashing on and off -HELP!

Unread postby Lana » December 9th, 2007, 11:16 am

It says...incomplete...and that no changes were made since October 30th.

I am thinking it must have something to do with hardware...something going bad inside the CPU. Maybe I should take to my tech staff at work to analyze??
Lana
Lana
Active Member
 
Posts: 12
Joined: November 29th, 2007, 9:30 pm

Re: My screen is flashing on and off -HELP!

Unread postby Katana » December 9th, 2007, 11:28 am

If the monitor works in safe mode, then it is more likely to be corrupted graphics drivers than hardware failure.

If the tech staff where you work are willing to help you, then yes that is probably the best option.
It will be far easier for them to diagnose the problem "hands on"

Let me know what you decide to do :thumbup:
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware