Symantec A/V & ACDSee errors

[audiomicrowave]

I am getting several error messages that I just can't seem to fix.

When I try to change the scan options in Symantec A/V I get the following:

Instruction at "0x7c153d23" referenced memory at "0x00000050" The memory could not be "read"

When I choose "Cancel" I get the following error:

VPC32.exe has generated errors.

Also, when I try to open ACDSee 8, i get a Visiual c++ Runtime Library Error.

I have removed the hard drive from the PC and run a scan on it from another computer using a USB drive cage and no virus was found.

I have a HijackThis log if it will be helpful. Thanks in advance for any help you can give.

[bry623]

Yes, please post it.

[audiomicrowave]

Logfile of HijackThis v1.99.1
Scan saved at 9:49:07 AM, on 2/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Z Downloads\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINNT\READREG /PSCONV={NO}
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cgiusers.bat
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132774795921
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CGI.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CGI.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CGI.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[bry623]

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on See report then click Save report

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report here together with a new HiJack This log.

[audiomicrowave]

Panda Active Scan:


Incident Status Location

Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@atdmt[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@hitbox[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@microsofteup.112.2o7[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@phg.hitbox[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@questionmarket[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.overture.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.2o7.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[statse.webtrendslive.com/dcsmsyuer100004fyjndwwkjm_6z2r]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.target.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.go.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.tucows.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.spylog.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.ehg-sonycomputer.hitbox.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[dcsmsyuer100004fyjndwwkjm_6z2r]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\DESIGNER\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@atdmt[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@hitbox[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@microsofteup.112.2o7[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@phg.hitbox[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@questionmarket[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\DESIGNER\Cookies\designer@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\mapping\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\mapping\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[dcsmsyuer100004fyjndwwkjm_6z2r]
Spyware:Cookie/Coremetrics Not disinfected C:\mapping\Application Data\Mozilla\Firefox\Profiles\y619t3av.default\cookies.txt[]
Spyware:Cookie/BurstNet Not disinfected C:\mapping\Cookies\designer@burstnet[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\mapping\Cookies\designer@microsofteup.112.2o7[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\mapping\Cookies\designer@www.burstbeacon[2].txt



Hijack This log:



Logfile of HijackThis v1.99.1
Scan saved at 11:34:09 AM, on 2/22/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Z Downloads\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINNT\READREG /PSCONV={NO}
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cgiusers.bat
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132774795921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CGI.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CGI.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CGI.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[audiomicrowave]

I am considering a format and reinstall...it may be easier. What do you think?

[bry623]

You can do this to clear out those cookies.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

It doesn't look like you have any viruses or spyware. I would try uninstalling the program then reinstalling it.

[audiomicrowave]

Thank you much for the help. Turns out it was the hard drive crapping out. Well, that and bad memory. Took out the bad memory and ghosted the hard drive and all is well with the world again.

Again, thank you very much for the assistance.

[bry623]

No problem. Your log was pretty clean to start with. Still though, I am going to suggest the following.

Reset hidden/system files and folders

Windows XP
===============

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 2000
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Select the Advanced settings box option.
• Select the Hidden files Folders.
• Deselect the Show all files option.
• Click Yes to confirm.
• Click OK.

Windows ME
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 95/98/98SE
===============

• Open My Computer.
• Select the View
• Select the Folder Options option.
• Select the View tab. option.
• Select the Advance Advanced settings box option.
• Select the Hidden files folder.
• Deselect the Show all files option
• Click Apply to confirm.
• Click OK.

Create a new System Restore point

Windows XP
===============

• Click Start >> Run - type SYSDM.CPL & press Enter
• Select the System Restore Tab
• Tick on the checkbox - "Turn off System Restore on all drives"
• Click Apply
• Then untick the same checkbox & click OK
• This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============

• Click the Start tab.
• Select the Settings option.
• Select the Control Panel option.
• Double Click the System icon Performance tab option.
• Select File System
• Select the Troubleshooting tab
• Check the Disable System Restore box
• Click Apply to confirm.
• Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option

• Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

• Click the Start button.
• Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
• Choose Create a restore point, and then click Next.
• In the Restore point description box, type a name for your restore point, and then click Next.
  Click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• Tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
• WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

• ZoneAlarm
• Sygate Personal Firewall
• Kerio Personal Firewall
• OutPost Firewall

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:

• Grisoft AVG Anti-Virus System
• Alwil Avast 4 Home Edition
• Softwin BitDefender Free Edition Version 7

Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.

[audiomicrowave]

Thanks again.