Spybot freezes in safe mode

[dolphiness1976]

My computer started freezing about a week ago. I tried to run
antispyware on it. So far, I have been able to complete Adaware and a
defrag on the system. I cannot complete a spybot scan or virus scan in
regular or safe mode. System is freezing after about 10 minutes of
use. I have also been able to run spybot completely searching for all
files *EXCEPT* hijackers. When this option is selected spybot freezes
at coolwwwsearch. I did a search on the system and in the registry for
any files related to this and cannot find any. CWShredder did not find
anything either. During one of the attempts to run spybot, right
before it froze (in safe mode), I received the following error "Access
violation at address 00BC0113. Read of address 00BC0113." Other than
that I have received no other error messages on the issue. The logfile
from HJT is below.

Any assistance you can give me is much appreciated. I'm somewhat
stumped.

Thanks in advance,

dolphiness1976


Here is the log file from HJT:


Logfile of HijackThis v1.99.1
Scan saved at 10:03:30 PM, on 4/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\McAfee.com\VSO\mcvsshld.exe
G:\Program Files\McAfee.com\VSO\oasclnt.exe
G:\PROGRA~1\mcafee.com\agent\mcagent.exe
G:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
G:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe
G:\Program Files\Logitech\MouseWare\system\em_exec.exe
g:\progra~1\mcafee.com\vso\mcvsescn.exe
G:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
G:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
G:\WINDOWS\System32\CTSvcCDA.EXE
g:\program files\mcafee.com\agent\mcdetect.exe
g:\PROGRA~1\mcafee.com\vso\mcshield.exe
g:\PROGRA~1\mcafee.com\agent\mctskshd.exe
G:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
G:\WINDOWS\system32\pctspk.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\svchost.exe
G:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
G:\WINDOWS\System32\wuauclt.exe
G:\WINDOWS\System32\wuauclt.exe
g:\progra~1\mcafee.com\vso\mcvsftsn.exe
G:\Program Files\Messenger\msmsgs.exe
G:\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
- (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://www.google.com"); (G:\Documents and Settings\Sarah\Application
Data\Mozilla\Profiles\default\2kx5ulmu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://G%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");
(G:\Documents and Settings\Sarah\Application
Data\Mozilla\Profiles\default\2kx5ulmu.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no
file)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - (no
file)
O2 - BHO: ohb Class - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - (no
file)
O2 - BHO: Big Fish Games Toolbar -
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} -
G:\PROGRA~1\BFGTOO~1\BFGTOO~2.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
G:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
- G:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}
- g:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [q83Q37g] eslt1.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask]
"G:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] G:\Program
Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] G:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] g:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
G:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] G:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program
Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [RealPlayer] "G:\Program Files\Real\RealOne
Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Spyware Doctor] "G:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - Startup: Eyetide Launcher.lnk = G:\Program Files\Eyetide
Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA101 Configuration Utility .lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Sun Microsystems Next Gen VPN.lnk.disabled
O8 - Extra context menu item: &Google Search - res://g:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://g:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://G:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://g:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF}
- G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet -
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program
Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - G:\Program
Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - G:\Program
Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Support - {20D7F129-78E6-41BB-8EE0-1338B147449A} -
http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {3E4A0A3A-0CFE-4C0C-BD3A-40933EF39190}
- http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {98A0547B-6592-454D-A117-15070366BC21} -
http://www.comcast.net/memberservices/ (file missing) (HKCU)
O16 - DPF: Yahoo! Dice -
http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Gin -
http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish -
http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Towers 2.0 -
http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card
Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_63.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/13df061fc4129abc4301/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132735869083
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl
Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost
Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document
4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer
Anti-Spyware Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
- http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl
Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer
Class) -
http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
http://www.azebar.com/install/azesearch.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune
Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - G:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - G:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
g:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
g:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
g:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - G:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - G:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -
G:\WINDOWS\system32\pctspk.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - G:\Program
Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (file missing)

 

[Steve]

My computer started freezing about a week ago. I tried to run
antispyware on it. So far, I have been able to complete Adaware and a
defrag on the system. I cannot complete a spybot scan or virus scan in
regular or safe mode. System is freezing after about 10 minutes of
use. I have also been able to run spybot completely searching for all
files *EXCEPT* hijackers. When this option is selected spybot freezes
at coolwwwsearch. I did a search on the system and in the registry for
any files related to this and cannot find any. CWShredder did not find
anything either. During one of the attempts to run spybot, right
before it froze (in safe mode), I received the following error "Access
violation at address 00BC0113. Read of address 00BC0113." Other than
that I have received no other error messages on the issue. The logfile
from HJT is below.

Don't assume it's anything to do with Spybot. In general it sounds
like bad memory.Try running Winrar, it will always fail if there's a
memory issue. If you can, take out one of the memory chips, DDR or
SDram, to see if the problems go away.

... Steve ..

Any assistance you can give me is much appreciated. I'm somewhat
stumped.

Thanks in advance,

dolphiness1976


Here is the log file from HJT:


Logfile of HijackThis v1.99.1
Scan saved at 10:03:30 PM, on 4/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\McAfee.com\VSO\mcvsshld.exe
G:\Program Files\McAfee.com\VSO\oasclnt.exe
G:\PROGRA~1\mcafee.com\agent\mcagent.exe
G:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
G:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe
G:\Program Files\Logitech\MouseWare\system\em_exec.exe
g:\progra~1\mcafee.com\vso\mcvsescn.exe
G:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
G:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
G:\WINDOWS\System32\CTSvcCDA.EXE
g:\program files\mcafee.com\agent\mcdetect.exe
g:\PROGRA~1\mcafee.com\vso\mcshield.exe
g:\PROGRA~1\mcafee.com\agent\mctskshd.exe
G:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
G:\WINDOWS\system32\pctspk.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\svchost.exe
G:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
G:\WINDOWS\System32\wuauclt.exe
G:\WINDOWS\System32\wuauclt.exe
g:\progra~1\mcafee.com\vso\mcvsftsn.exe
G:\Program Files\Messenger\msmsgs.exe
G:\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
- (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://www.google.com"); (G:\Documents and Settings\Sarah\Application
Data\Mozilla\Profiles\default\2kx5ulmu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://G%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");
(G:\Documents and Settings\Sarah\Application
Data\Mozilla\Profiles\default\2kx5ulmu.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no
file)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - (no
file)
O2 - BHO: ohb Class - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - (no
file)
O2 - BHO: Big Fish Games Toolbar -
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} -
G:\PROGRA~1\BFGTOO~1\BFGTOO~2.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -
G:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
- G:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}
- g:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [q83Q37g] eslt1.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask]
"G:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] G:\Program
Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] G:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] g:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
G:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] G:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program
Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [RealPlayer] "G:\Program Files\Real\RealOne
Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Spyware Doctor] "G:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - Startup: Eyetide Launcher.lnk = G:\Program Files\Eyetide
Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA101 Configuration Utility .lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Sun Microsystems Next Gen VPN.lnk.disabled
O8 - Extra context menu item: &Google Search - res://g:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://g:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://G:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://g:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF}
- G:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet -
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\Program
Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - G:\Program
Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - G:\Program
Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Support - {20D7F129-78E6-41BB-8EE0-1338B147449A} -
http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {3E4A0A3A-0CFE-4C0C-BD3A-40933EF39190}
- http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {98A0547B-6592-454D-A117-15070366BC21} -
http://www.comcast.net/memberservices/ (file missing) (HKCU)
O16 - DPF: Yahoo! Dice -
http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Gin -
http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish -
http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Towers 2.0 -
http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card
Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_63.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/13df061fc4129abc4301/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132735869083
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl
Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost
Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document
4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer
Anti-Spyware Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy
Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
- http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl
Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer
Class) -
http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
http://www.azebar.com/install/azesearch.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune
Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - G:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - G:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
g:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
g:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
g:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - G:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - G:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -
G:\WINDOWS\system32\pctspk.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - G:\Program
Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (file missing)

 

[dolphiness1976]

I only have one dimm in there, but I do happen to have a brand new
stick a memory that I have been meaning to put in. Thanks so much for
replying so quickly. I will try testing the memory issue first thing
in the morning and get back to you. So, does that mean you don't see
anything in particular in the HJT file? or is your suggestion going
off of the address error?

Thanks again,

dolphiness1976

 

[Steve]

I only have one dimm in there, but I do happen to have a brand new
stick a memory that I have been meaning to put in. Thanks so much for
replying so quickly. I will try testing the memory issue first thing
in the morning and get back to you. So, does that mean you don't see
anything in particular in the HJT file? or is your suggestion going
off of the address error?

The point is that you were running Spybot because the system had
already developed errors. Malware is one thought but your problems
are much more typical of bad memory.

... Steve ..