Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware check: zlob.mediacodic [RESOLVED]

Started by **Brian** , Feb 23 2008 04:49 PM

  • This topic is locked This topic is locked

#16
andrewuk
Posted 27 February 2008 - 04:05 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
no problem, i'll be here :)
  • 0

Advertisements

#17
**Brian**
Posted 27 February 2008 - 04:45 PM

**Brian**

    Semper Paratus: Always Ready

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,164 posts
AndrewUK:

Here are those logs:

================
OT Moveit II LOG
===============
File/Folder L:\PROGRAMS_ZIPFILES\UB_CD4WIN_STUFF\UBCD4WinV25.exe not found.
File/Folder L:\EMM_Backups\C ROOT\NERO 7 Premium\Nero-7.8.5.0_eng_trial.exe not found.
File/Folder L:\EMM_Backups\USER Data\buddy\MYDOCS\PROGRAMS_ZIPFILES\UB_CD4WIN_STUFF\UBCD4WinV25.exe not found.
File/Folder L:\ODDESSY BACKUPS\back-2\NERO 7 Premium\Nero-7.8.5.0_eng_trial.exe not found.
L:\ODDESSY BACKUPS\back-2\ROOT DIRECTORY C\NERO 7 Premium\Nero-7.8.5.0_eng_trial.exe moved successfully.
File/Folder L:\ADOBE1\Adobe_Acrobat_6.0_Standard.rar not found.
File/Folder L:\ADOBE1\Adobe_Acrobat_6_pro.rar not found.

OTMoveIt2 v1.0.20 log created on 02272008_171222



===========
MBAM LOG
===========
Malwarebytes' Anti-Malware 1.05
Database version: 418

Scan type: Quick Scan
Objects scanned: 44525
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Notes:

OTMI II hung a couple times, but finally deleted the files requested

Everytime I try to run MBAM it gives me some sort of indication that It wants to run the HP Memories Disk Installer - Not sure if that is the only place it can find the Windows Installer or what. I deleted the files in L:\adobe1\ because they were bad. Is there a way to get the HPMemories disc Installer to stop running when running MBAM??

Machine seems to be running better :)

I will await your response before proceeding :)

Brian
  • 0

#18
andrewuk
Posted 27 February 2008 - 04:57 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
not too sure why that would be at the moment, but i think i would like to see a deeper scan to make sure:

so we will try and run a DSS again, failing that, we will go for another scan.

====STEP 1====
when you run the DSS scan, could you disable your panda antivirus.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


====STEP 1a====
if you cant run DSS, then try this one:

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - Disabled MS Config Items
    • Reg - Print Monitors
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

andrewuk
  • 0

#19
**Brian**
Posted 27 February 2008 - 05:22 PM

**Brian**

    Semper Paratus: Always Ready

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,164 posts
DSS Ran for Me this time - I wonder if placing it on the desktop made a difference

Brian
==============
DSS Main LOG
=============
eckard's System Scanner v20071014.68
Run by buddy on 2008-02-27 18:15:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
222: 2008-02-27 23:16:07 UTC - RP222 - Deckard's System Scanner Restore Point
221: 2008-02-27 03:08:36 UTC - RP221 - System Checkpoint
220: 2008-02-26 02:23:50 UTC - RP220 - Deckard's System Scanner Restore Point
219: 2008-02-25 13:48:47 UTC - RP219 - Installed SUPERAntiSpyware Free Edition
218: 2008-02-25 06:33:41 UTC - RP218 - System Checkpoint


-- First Restore Point --
1: 2007-12-17 21:10:32 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as buddy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:22 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\buddy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\buddy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Cribbage - http://download2.gam...nts/y/it1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197924352406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198251829781
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

--
End of file - 10128 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080225-083641-755 O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
backup-20080225-083641-933 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080225-083641-975 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shldrv51.sys <Not Verified; Panda Software International; Panda shield>
R2 cpoint (Panda CPoint Driver) - c:\windows\system32\drivers\cpoint.sys <Not Verified; Panda Software; © Panda Software 2005>
R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-26 21:52:00 474 --a------ C:\WINDOWS\Tasks\WebReg 20071217215212.job
2008-02-15 15:50:00 316 --a------ C:\WINDOWS\Tasks\easy Internet sign-up.job


-- Files created between 2008-01-27 and 2008-02-27 -----------------------------

2008-02-27 17:22:26 0 d-------- C:\Documents and Settings\buddy\Application Data\Malwarebytes
2008-02-27 17:20:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-27 17:20:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-25 10:57:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-25 10:57:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-25 08:48:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-25 08:48:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-25 08:48:48 0 d-------- C:\Documents and Settings\buddy\Application Data\SUPERAntiSpyware.com
2008-02-25 08:48:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 18:41:35 0 d-------- C:\Documents and Settings\bypass\Application Data\Google
2008-02-23 18:41:34 0 d-------- C:\Documents and Settings\bypass\Application Data\Ipswitch
2008-02-23 18:39:12 0 d-------- C:\Documents and Settings\bypass\Application Data\MySpace
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\WINDOWS
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Templates
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Start Menu
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\SendTo
2008-02-23 18:38:39 0 dra------ C:\Documents and Settings\bypass\Recent
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\PrintHood
2008-02-23 18:38:39 1310720 --ah----- C:\Documents and Settings\bypass\NTUSER.DAT
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\NetHood
2008-02-23 18:38:39 0 dra------ C:\Documents and Settings\bypass\My Documents
2008-02-23 18:38:39 0 d--h----- C:\Documents and Settings\bypass\Local Settings
2008-02-23 18:38:39 0 dra------ C:\Documents and Settings\bypass\Favorites
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Desktop
2008-02-23 18:38:39 0 d--hs---- C:\Documents and Settings\bypass\Cookies
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\VERITAS
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\Symantec
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\Share-to-Web Upload Folder
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\SampleView
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\Microsoft
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\InterTrust
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\Identities
2008-02-23 18:38:39 0 d-a------ C:\Documents and Settings\bypass\Application Data\Adobe
2008-02-23 17:05:24 3590 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-23 16:46:38 0 d-------- C:\Program Files\Trend Micro
2008-02-23 13:58:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 17:17:07 91752 --a------ C:\Documents and Settings\buddy\Application Data\GDIPFONTCACHEV1.DAT
2008-02-07 10:00:13 45 --a------ C:\Documents and Settings\buddy\ipcon.bat


-- Find3M Report ---------------------------------------------------------------

2008-02-27 17:34:47 0 d-a------ C:\Program Files\Common Files
2008-02-26 21:52:32 174 ---h----- C:\WINDOWS\popcreg.dat
2008-02-26 21:52:32 60 --a------ C:\WINDOWS\popcinfot.dat
2008-02-23 18:24:32 0 d-a------ C:\Program Files\AWS
2008-02-21 19:04:38 0 d-------- C:\Program Files\PokerStars
2008-02-18 20:17:28 0 d-------- C:\Program Files\mIRC
2008-02-16 11:51:18 0 d-------- C:\Documents and Settings\buddy\Application Data\SSH
2008-01-21 17:18:32 0 d-------- C:\Documents and Settings\buddy\Application Data\Ipswitch
2008-01-21 17:18:29 0 d-------- C:\Program Files\Ipswitch
2008-01-21 17:18:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-21 16:29:37 0 d-------- C:\Documents and Settings\buddy\Application Data\Help
2008-01-10 08:57:37 0 d-------- C:\Program Files\Pawsoft
2007-12-28 19:26:36 0 d-------- C:\Program Files\PopCap Games
2007-12-28 13:38:30 0 d-------- C:\Documents and Settings\buddy\Application Data\Private Shell
2007-12-28 13:37:03 0 d-------- C:\Program Files\Private Shell
2007-12-28 10:32:43 0 d-------- C:\Documents and Settings\buddy\Application Data\Ahead
2007-12-21 11:37:21 0 --a------ C:\WINDOWS\popcinfo.dat
2007-12-17 22:56:09 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-12-17 21:52:02 104208 --a------ C:\WINDOWS\hpoins04.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/28/2003 02:19 PM]
"nwiz"="nwiz.exe" [07/28/2003 02:19 PM C:\WINDOWS\system32\nwiz.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/04/2004 02:56 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/08/1998 01:04 AM]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [10/26/2002 12:33 AM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/18/2002 02:42 AM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 08:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/12/2003 04:02 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 04:01 PM]
"WCOLOREAL"="C:\Program Files\Coloreal\coloreal.exe" [11/27/2002 02:14 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 06:42 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/17/2002 12:57 AM]
"LTMSG"="LTMSG.exe" [07/14/2003 10:52 AM C:\WINDOWS\ltmsg.exe]
"HP Software Update"="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/12/2004 01:38 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [04/27/2007 08:44 PM]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [04/17/2007 06:29 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/18/2007 04:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/18/2007 08:47 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\buddy\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/24/2007 5:57:28 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/18/2007 4:24:33 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [5/28/2004 10:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 08:02 PM 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-27 18:18:06 ------------
  • 0

#20
**Brian**
Posted 27 February 2008 - 05:24 PM

**Brian**

    Semper Paratus: Always Ready

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,164 posts
===============
DSS EXTRA LOG
===============

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1023.36 MiB / 471.09 MiB
Pagefile Memory (total/avail): 2463.86 MiB / 1970.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 142.62 GiB total, 110.56 GiB free.
D: is Fixed (FAT32) - 6.4 GiB total, 2.48 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)
L: is Fixed (FAT32) - 149.01 GiB total, 97.8 GiB free.
M: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.42 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.62 GiB - C:

\\.\PHYSICALDRIVE1 - USB Reader USB Device

\\.\PHYSICALDRIVE2 - USB Reader USB Device

\\.\PHYSICALDRIVE3 - USB Reader USB Device

\\.\PHYSICALDRIVE4 - USB Reader USB Device

\\.\PHYSICALDRIVE6 - HP psc 2410 USB Device

\\.\PHYSICALDRIVE5 - Seagate External Drive USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - L:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Platinum 2007 Personal Firewall v11.01.00 (Panda Software) Disabled
AV: Panda Internet Security 2007 v11.01.00 (Panda Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\buddy\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ODDESSY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\buddy
LOGONSERVER=\\ODDESSY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Sonic\MyDVD;;C:\Program Files\Panda Software\Panda Internet Security 2007\;C:\Program Files\Private Shell;;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\buddy\LOCALS~1\Temp
TMP=C:\DOCUME~1\buddy\LOCALS~1\Temp
USERDOMAIN=ODDESSY
USERNAME=buddy
USERPROFILE=C:\Documents and Settings\buddy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

buddy (admin)
bypass (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
ArcSoft Picture Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Bejeweled 2 Deluxe 1.1 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled Deluxe 1.87 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Betty Bad --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {A27EAF80-CBFC-4F56-94E1-929A401D7515}
Blackhawk Striker --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {5415BC25-6D6C-46C4-B34C-EA8470FE56D5}
Blasterball 2 --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {357ECB62-CD36-4B63-B57E-769D0CA174F4}
Blasterball Wild --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Coloreal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\Setup.exe"
Dark Orbit --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {7841B68B-B7DD-408E-8B45-D5CA39608185}
Disney's Lilo and Stitch Pinball --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {63272979-21F0-48EF-9B97-A83DBC05BE39}
easy Internet sign-up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\setup.exe" -l0x9
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp center --> C:\WINDOWS\BWUnin-6.1.0.170.exe -AppId 137903
HP Digital Imaging Album Printing 1.0 --> MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Image Zone 4.2 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc --> MsiExec.exe /X{6CAEFA23-0C08-4899-A661-29D69228AF6D}
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
HP PSC & OfficeJet 4.2 --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo MP3 XPack --> "C:\Program Files\InstallShield Installation Information\{99755640-9633-11D5-AB3C-0050DAB311CC}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Ipswitch WS_FTP Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Men in Black II CROSSFIRE Trial Version --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {3EA6838C-5C34-4F9C-A8DA-434D65DD1356}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe" -l0x9 -L0x9 /SMAINT
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /X{29CBFC23-05A7-4286-93B8-BABE29BC1033}
Nero 7 Ultra Edition --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Panda Internet Security 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEBA9416-3207-47E0-9022-116440599DBC}\SETUP.exe" -l0x9 -removeonly
Pawsoft Fass --> C:\Program Files\Pawsoft\Fass\Uninstall.exe
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
PigPen --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84}
Pizza Frenzy Deluxe 1.0 --> C:\Program Files\PopCap Games\PizzaFrenzy\PopUninstall.exe "C:\Program Files\PopCap Games\PizzaFrenzy\Install.log"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Private Shell 2.1 --> "C:\Program Files\Private Shell\unins000.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QVT/Term --> C:\WINDOWS\uninst.exe -f"C:\Program Files\QPC\QVTNet\DeIsL1.isu"
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
ShowBiz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\setup.exe" -l0x9
Simple Backup for My Pictures --> MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Snowboard Extreme --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {753FE96B-D926-4B6C-BCFB-CC59153D004A}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Space Rocks --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {9FA01E11-9015-4140-B10A-5C6AA949B2FC}
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
USB Storage RW --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL
Virtual Warfare --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4F0AE1FB-4082-4A27-8363-05D292D92FB0}
WildTangent Channel Manager --> C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type761 / Warning
Event Submitted/Written: 02/27/2008 05:38:08 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'

Event Record #/Type760 / Warning
Event Submitted/Written: 02/27/2008 05:38:08 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete', component '{97661D30-C056-4A23-9B70-B2A4ADEF8294}' failed. The resource 'C:\Program Files\Hewlett-Packard\Memories Disc\data\' does not exist.

Event Record #/Type758 / Warning
Event Submitted/Written: 02/27/2008 05:38:07 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'

Event Record #/Type757 / Warning
Event Submitted/Written: 02/27/2008 05:38:07 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete', component '{97661D30-C056-4A23-9B70-B2A4ADEF8294}' failed. The resource 'C:\Program Files\Hewlett-Packard\Memories Disc\data\' does not exist.

Event Record #/Type755 / Warning
Event Submitted/Written: 02/27/2008 05:38:07 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2252 / Error
Event Submitted/Written: 02/27/2008 05:21:57 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type2227 / Error
Event Submitted/Written: 02/27/2008 10:34:59 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type2221 / Warning
Event Submitted/Written: 02/27/2008 10:32:15 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot ODDESSY failed

Event Record #/Type2220 / Warning
Event Submitted/Written: 02/26/2008 09:47:39 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2196 / Error
Event Submitted/Written: 02/26/2008 08:08:27 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-02-27 18:18:06 ------------
  • 0

#21
andrewuk
Posted 28 February 2008 - 02:26 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi Brian

almost done. just one file to clean.

firstly, could you make sure your panda is fully enabled and updated. there is a small possibility that the infections you had before compromised it, so if you are unable to re-enable panda then you may have to reinstall it.

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\popcinfo.dat
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


in your next reply could i see:
1. the OTMoveIT log
2. confirmation that your panda is enabled and working

andrewuk
  • 0

#22
**Brian**
Posted 29 February 2008 - 06:02 AM

**Brian**

    Semper Paratus: Always Ready

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,164 posts
AnfrewUK:

Here is the log you requested:
=============
OTMI II LOG
=============

C:\WINDOWS\popcinfo.dat moved successfully.

OTMoveIt2 v1.0.20 log created on 02292008_065423


It appears that my Panda is ON and working properly, at the highest level possible - Sometimes however, when running my Antimalware tools, it will detect "risktools" or neutralize files. I want to be able to eliminate this behavior, and allow these programs to run, if I know they are OK, but have not been able to adjust this yet. I dont like to disable my Panda all the way because that can leave you open to attacks, but I had to do this because DSS could not access/write to my hosts file, which was some sort of bad operation, and was stopped.

Do any of the files I OTMOVED have to now be deleted?

Thanks for the help - Will proceed at your direction

Brian
  • 0

#23
andrewuk
Posted 29 February 2008 - 03:05 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi Brian

congratulations, your logs are clean :)

It appears that my Panda is ON and working properly, at the highest level possible - Sometimes however, when running my Antimalware tools, it will detect "risktools" or neutralize files. I want to be able to eliminate this behavior, and allow these programs to run, if I know they are OK, but have not been able to adjust this yet. I dont like to disable my Panda all the way because that can leave you open to attacks, but I had to do this because DSS could not access/write to my hosts file, which was some sort of bad operation, and was stopped.

we will be clearing your machine of the fix tools now, so this should go away :)

Do any of the files I OTMOVED have to now be deleted?

we will be doing that now also :)

in this post we will flush your temp folders, clear the fix tools, reset the restore points (there will be infections lurking in there) and i will leave your with some ideas on how to enhance the protection of your machine against future infection.


====STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
you can clear away the other fix tools we used also.


====STEP 3====
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Instructions with screenshots to help is http://www.f-secure..../sfc_dis1.shtml

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

andrewuk
  • 0

#24
**Brian**
Posted 01 March 2008 - 08:35 AM

**Brian**

    Semper Paratus: Always Ready

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,164 posts
Andrewuk:

Thanks for all your help!! Before I flush out the system again, I wanted to ask you a question regarding an MSI Installer Problem that occurrs when I try to run MBAM. When I do this, it attempts to run the MSI, and I have to cancel it 10 times or so before I can get MBAM running. It seems to be connected to the following information from the DSS Log:

-- Application Event Log -------------------------------------------------------

Event Record #/Type761 / Warning
Event Submitted/Written: 02/27/2008 05:38:08 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'

Event Record #/Type760 / Warning
Event Submitted/Written: 02/27/2008 05:38:08 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete', component '{97661D30-C056-4A23-9B70-B2A4ADEF8294}' failed. The resource 'C:\Program Files\Hewlett-Packard\Memories Disc\data\' does not exist.

Event Record #/Type758 / Warning
Event Submitted/Written: 02/27/2008 05:38:07 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'

Event Record #/Type757 / Warning
Event Submitted/Written: 02/27/2008 05:38:07 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete', component '{97661D30-C056-4A23-9B70-B2A4ADEF8294}' failed. The resource 'C:\Program Files\Hewlett-Packard\Memories Disc\data\' does not exist.

Event Record #/Type755 / Warning
Event Submitted/Written: 02/27/2008 05:38:07 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2252 / Error
Event Submitted/Written: 02/27/2008 05:21:57 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type2227 / Error
Event Submitted/Written: 02/27/2008 10:34:59 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:


It seem to be connected to:

Event Record #/Type757 / Warning
Event Submitted/Written: 02/27/2008 05:38:07 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete', component '{97661D30-C056-4A23-9B70-B2A4ADEF8294}' failed. The resource 'C:\Program Files\Hewlett-Packard\Memories Disc\data\' does not exist.


Is there a way to elimiinate this, and restore memories Disc Creator??

Brian

Edited by **Brian**, 01 March 2008 - 08:37 AM.

  • 0

#25
andrewuk
Posted 01 March 2008 - 12:31 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi Brian

Appears to be an MSI installer corruption. See here: http://support.microsoft.com/kb/290301

....which lies more in the expertise of others in other parts of this forum, namely in the Operating Systems part of this forum.

andrewuk
  • 0

Advertisements

#26
andrewuk
Posted 03 March 2008 - 06:24 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP