Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RUNDLL bootup error and malware/spyware problems [RESOLVED]

Started by manford7 , Feb 25 2008 03:08 PM

  • This topic is locked This topic is locked

#16
Thunderbird1988
Posted 12 March 2008 - 01:29 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Manford7,

Sorry it took me so long to come back to you, I haven been very busy lately.

Question 1: Why is my Norton AntiVirus not finding these, stopping them getting through in the first place. I generally regard Symantec's products as very good but this makes me wonder if their products are not as good as I thought?


Well actually most of the viruses Kaspersky found (88) has been found in the quarantine of Norton, so Norton did find most of them.

Question 2: Or is the viruses stopping Norton detecting them in the first place??

There doesn't exist a virusscanner which can find all viruses. Some virusscanners are better in one type of viruses while other scanners are better in other types.

OTMoveIt2 -

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [xcode]
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E261.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E281.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E288.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E291.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E292.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E295.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO133.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO144.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO150.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO160.dbx
    C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\QUESTIONS ASKED-TO LOG INFO ONLY.dbx

    [/xcode]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

After that please post a new Hijakthislog, and tell me how your system is running.

Thunderbird1988
  • 0

Advertisements

#17
manford7
Posted 12 March 2008 - 05:33 PM

manford7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi thunderbird1988

No probs with delay-we all have busy lives at times. :)

Here is the OTMovieIt log:

File move failed. C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E261.dbx scheduled to be moved on reboot.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E281.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E288.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E291.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E292.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E295.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO133.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO144.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO150.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\EO160.dbx moved successfully.
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\QUESTIONS ASKED-TO LOG INFO ONLY.dbx moved successfully.

OTMoveIt2 v1.0.21 log created on 03122008_224302

There were folders in my Outlook Express. They are now blank having been moved into the OT Movie It folder.
Question 1. Are we going to clean them or something and then restore to Outlook Express? Or are these emails considered lost since they are infected?
Question 2. How are these emails infected? I know kapersky found them as in its log. Most of these emails are to do with about 5-10 eBay orders or sales and are communications either from eBay, Paypal or directly with the buyers/sellers. eg EO160 is regarding my Ebay Order number 160 and all the emails connected with it. E261 is my Ebay sale number 261 and all emails connected with that (and so on).
Question 3. Has a worm/virus got into them at a later stage or something hence infecting them even though they appear the same?

Observation: With Norton 360 Antivirus I have noticed another anomaly which happened after reboot from OTMovieIt clean up. When I opened Internet Explorer to open this RUNDLL problem thread Norton highlighted in red "browsing not safe" since auto protect was off. This has happened a few times over the last week or so. Going into Norton 360 AV and observing the Advanced Settings revealed "Norton 360 Protection" check box as not checked however, green secure icons remained throughout the application (giving a false impression all is okay unless you start Internet Explorer as discovered above). Checking the box so the system is auto protected is allowed and you click on Apply. However, when going back into Internet Explorer, the same auto protect off warning appears and going back into Norton AV reveals the same box as not checked again-it is as if something changes it straight back to unchecked after I apply the corrected change.
The solution is to reboot again and problem goes away.
Question: Do you suspect this is still a virus/worm/infection interfering with Norton settings?

Regarding system performance, it is generally okay, at times I think the PC could run faster but there are the strange things like Norton AV which I have reported and Spyware Doctor found 3 suspect tracking cookies as infections through its automatic scan at 540pmish tonight. I have learned to add these sites to the blocked cookie sites in IE Tools Internet Options to prevent them getting through again as well as having Spyware Doctor fix/clean them.

I await your further guidance. Thanks.

Here is latest Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:13, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Microsoft Office 97\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=62.252.192.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead (Nero)\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec....00001A.000000B7
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office 97\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125603657203
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.sendit.co...chhikers/bg.gif
O24 - Desktop Component 1: (no name) - http://www.mikestric...masbunnsock.gif
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Andy/My%20Documents/My%20Pictures/Miscellaneous%20Pictures/xmasbunnsock.gif

--
End of file - 11616 bytes
  • 0

#18
Thunderbird1988
Posted 15 March 2008 - 03:19 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Manford7,

Question 1. Are we going to clean them or something and then restore to Outlook Express? Or are these emails considered lost since they are infected?

Well, I did not plan to restore them, if you need these emails, we can still put them back. But then I would recommand you to save the text on the mail in a notepad file, and then delete the infected mails again.

Question 2. How are these emails infected? I know kapersky found them as in its log. Most of these emails are to do with about 5-10 eBay orders or sales and are communications either from eBay, Paypal or directly with the buyers/sellers. eg EO160 is regarding my Ebay Order number 160 and all the emails connected with it. E261 is my Ebay sale number 261 and all emails connected with that (and so on).
Question 3. Has a worm/virus got into them at a later stage or something hence infecting them even though they appear the same?


I can't find a disciption of the virus Kaspersky found, so I am afraidI can't tell you how those mails got infected.


Observation: With Norton 360 Antivirus I have noticed another anomaly which happened after reboot from OTMovieIt clean up. When I opened Internet Explorer to open this RUNDLL problem thread Norton highlighted in red "browsing not safe" since auto protect was off. This has happened a few times over the last week or so. Going into Norton 360 AV and observing the Advanced Settings revealed "Norton 360 Protection" check box as not checked however, green secure icons remained throughout the application (giving a false impression all is okay unless you start Internet Explorer as discovered above). Checking the box so the system is auto protected is allowed and you click on Apply. However, when going back into Internet Explorer, the same auto protect off warning appears and going back into Norton AV reveals the same box as not checked again-it is as if something changes it straight back to unchecked after I apply the corrected change.
The solution is to reboot again and problem goes away.
Question: Do you suspect this is still a virus/worm/infection interfering with Norton settings?


Well at this moment, al your logs look clean. Of course there's still a chance that there'ssomething. What do you exactly mean with The solution is to reboot again and problem goes away. Does this mean that the box remains checked, also if InternetExplorer opens? Or does the box get unchecked again when you open Internet Explorer?

Thunderbird1988
  • 0

#19
manford7
Posted 17 March 2008 - 07:46 AM

manford7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi, I did some more research into the kaspersky log and found out that only 1 or at most 2 emails in the 10 or so Outlook Express folders (eg named EO160, E261, Questions to ask.... etc) were being reported as infected; not the whole folder was being reported as infected.

For example most entries for Outlook Express were like:
C:\Documents and Settings\Andy\Application Data\Identities\{CB1C11E0-04AF-11D5-9DAF-807F67C30000}\Microsoft\Outlook Express\E288.dbx/[From [email protected]][Date Thu, 28 Apr 2005 01:21:01 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped

For each entry, I narrowed it down to this one email from the sender stated at the date and time stamp as being infected. I googled details on the Trojan-Spy.HTM.Bayfraud.ib virus and this is reported as a phishing email reportedly coming from eBay or similar with a hyperlink looking legitimate but in fact redirects one to a rogue site in an attempt for the user to login and therefore release personal details to fraudsters. However, half of these emails were either sent by me using eBay's own messaging system or were enquiries to me on my own auctions using eBay's system-eBay has since changed their design of these emails a few times because now looking at them 3 years later and from experience of seeing and receiving a wide variety of actual eBay fraudulent attempt emails (and reporting them to eBay then deleting) they do look like phishing attempt emails but back in April/May 2005 (which is all when they date from) that is how eBay's own email system emails looked. Therefore, my conclusion is that Kaspersky was somehow reporting these as infected however, I suspect it was just misreading them. Although, there may be a chance they were somehow infected in a hidden way?

Anyway, to be safe, I have fully deleted all the exact emails Kaspersky reported as infected and saved the text only removing all hyperlinks.

I then run a new Kaspersky scan last night and nothing has been reported as infected in Outlook Express so what I have done seems to have worked. I will post log further below-all it now seems to pick up is all of Norton's quarantined viruses and infections from last 4 years.

Question: Why does Norton quarantine and save these viruses on the PC. Some are zip files some say "file" as the file type. Why does it not delete them? Is this to prevent them reoccuring?

With regards to Norton, I still cannot pinpoint what and when its Automatic Protection is being turned off. I would say in the last few days it has been fine and not experienced this problem since 15 March.

Since my last log entry on 12 March, I reran Microsof's Malicious Software Tool (March 2008 update) on 14 March. It still found and reported as partially removed the Win32/Netsky.P@mm worm which we suspect is a false positive. It also found 2 other trojans: Trojan:Win32/Virtumonde.Q and Trojan: Win32/Vundo.gen!A. It fully removed both.

Prior to and around that time I was still at times seeing Norton as having its Automatic Protection turned off.

However, since Saturday 15 March Norton has seemed to be fine. I reran the Microsoft Maicious software tool again Sunday 16 March afternoon and it just reports same Win32/Netsky.P@mm worm partially removed. Nothing else. Ad Aware, AVG and Spyware Doctor all have clean scans.

Now seeing the latest Kaspersky scan from last night made me feel more positive about my PC. It seems as you also reported is basically clean but I just wonder if there remains something lurking.

To answer your questions re Norton and what I meant by rebooting. Firstly, to explain re Norton 360 if you do not have it, there are 2 ways to clearly see all is okay, First, the taskbar icon in the system tray is the yellow circle with a green cross for all okay, If there is a warning the cross is orange eg tuneup/optimization required, If there is a serious problem, this is a red cross, eg automatic protection been turned off. Then secondly, within IE 7 there is a long 5 inch bar under the tabs used for different tabbed browsing in the same window. When all is okay, this is green and says "Fraud monitoring is on". If it is red it usually says something like "Browsing not safe... Auto protection turned off.." but may take a while for the system tray icon to update from green to red.

Well sometimes, I boot up and after everything boots up, Norton looks secure (green cross) but then suddently is red cross on the system tray icon. Sometimes I have not opened anything, sometimes I may have opened Outlook Express or IE7 or sometimes I am already in IE7 and everything has been fine then suddenly the auto protection goes off. I just cannot pinpoint when and what instance causes it. When I notice Auto Protection is off, going into Auto Protection settings in Norton reveals the box is not checked. So if I check it then apply one would think that would fix it. No. Auto Protection is back off and going back into the same Auto protection screen reveals the box is not checked. Therefore, I find the only option I had was to reboot the PC and let all processes boot up, wait a few minutes for all programs to boot up in system tray (usually Norton, Spyware Doctor, AVG and wireless router) and hope Norton stays green. In the last few days it has and then opening IE7 or Outlook Express or say Excel, Word does not cause auto protection to be turned off. Before 15 March and sometimes when all programs booted up and without opening a program Norton's auto protection would go from a green cross to red cross meaning auto protection was off. Or sometimes there was a green cross on the system tray icon but then opening IE7 one could see auto protection was off as the long bar was red reporting "browsing not safe..Auto Protect Off.". There are a few different ways to access the screen with the auto protect check box (one through this bar and two using the system tray icon). Either way accessing it brings one to the same screen and if I check the auto protect box to turn it back on then click on "apply" one would think it would be back on but it did not turn auto protect on-it remains off no matter how many times one tries. It also did not matter if IE7 was then closed and reopened or kept closed. My only option was to reboot the PC and let Norton restart itself when PC boots up.

Question: I wonder if AVG's Antivirus may cause this as I think we have reported running 2 AntiVirus programs can conflict so maybe AVG has been sometimes turning off a part of Norton? Or do you think the 2 Virtumonde and Vundo trojans Microsoft found on 14 March were causing the problem?

I am not sure when these got through but it must have been at a time when Norton's auto protection was off and my internet connection was on. It is usually an always on connection unless I disconnect from the router. As soon as I notice Norton is a red cross I disconnect from the internet and then had to reboot as stated above. Spyware Doctor automatically scans every day around 6pm but I dont think it would pick up the 2 trojans Microsoft found? AVG is always on but like Ad Aware one has to do a manual scan to check the PC. And again, I am not sure if AVG and Ad Aware scans for these viruses? Maybe you do know? I have been usually running these scans once or twice a week.

Anyway, over the last 2-3 days the PC has seemed fine, really since Microsoft found and removed the 2 Virtumonde/Vundo trojans. I am not sure if that is because of:

1. Prior to 12 March I was running the Februarly release of the Microsoft Malcious Software Removal Tool and from 12 March I installed the March update and ran that instead. So perhaps the February release was not looking for 2 Virtumonde/Vundo trojans

Or

2. The PC was infected with the 2 Virtumonde/Vundo trojans within the last week by coincidence.

Once you confirm we have done as much as we can I am thinking of deinstalling AVG (since its a free trial anyway) and redownloading and installing Spybot Seach & Destroy latest version-it was uninstalled very early on in this thread as I think the viruses were rendering it useless and causing too many problems with it. Can Spyware Doctor, Ad Aware and Spybot all co exist together or is that going to cause too much conflction. What are your recommendations?

I have posted below last night;s Kaspersky log followed by latest Hijackthis log.

Thanks again for your time so far.
=============================================================================
KASPERSKY ONLINE SCANNER REPORT
Monday, March 17, 2008 11:27:43 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/03/2008
Kaspersky Anti-Virus database records: 634534


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 88937
Number of viruses found 11
Number of infected objects 88
Number of suspicious objects 0
Duration of the scan process 01:34:40

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0A2BAA31.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\2435EE95.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\Andy\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Andy\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Andy\Local Settings\History\History.IE5\MSHist012005041220050413\index.dat Object is locked skipped

C:\Documents and Settings\Andy\Local Settings\Temp\~DF742.tmp Object is locked skipped

C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Andy\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Andy\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped

C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped

C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped

C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped

C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped

C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped

C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped

C:\Program Files\Norton AntiVirus\Quarantine\04C84BDC/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped

C:\Program Files\Norton AntiVirus\Quarantine\04C84BDC ZIP: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\04C84BDC CryptFF: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\081E7D2C.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\081E7D2C.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\081E7D2C.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\081E7D2C.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\081E7D2C.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\11243842/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped

C:\Program Files\Norton AntiVirus\Quarantine\11243842 ZIP: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\11243842 CryptFF: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1A845691.html Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\1AC2744D.html Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\1DEC47CA.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\1DEC47CA.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\1DEC47CA.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\1DEC47CA.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1DEC47CA.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1E144C17.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\1E144C17.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\1E144C17.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\1E144C17.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1E144C17.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\231B658F.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\231B658F.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\231B658F.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program Files\Norton AntiVirus\Quarantine\231B658F.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\231B658F.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\243D034F.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\243D034F.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\243D034F.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\243D034F.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\243D034F.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\25691A05.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\25691A05.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\25691A05.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\25691A05.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\25691A05.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A593719/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A593719 ZIP: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A593719 CryptFF: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A5D2ED1.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A5D2ED1.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A5D2ED1.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A5D2ED1.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\2A5D2ED1.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AA826C3/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AA826C3 ZIP: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\2AA826C3 CryptFF: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\302C24F7.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\302C24F7.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\302C24F7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\302C24F7.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\302C24F7.zip ZIP: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\302C24F7.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\32C22255.html Infected: Exploit.VBS.Phel.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\331E39F1.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\46060CA6/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped

C:\Program Files\Norton AntiVirus\Quarantine\46060CA6 ZIP: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\46060CA6 CryptFF: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D4C6089.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D4C6089.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D4C6089.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D4C6089.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D4C6089.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\521112AD.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\521112AD.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\521112AD.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\521112AD.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\521112AD.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\5709759D.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\5709759D.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\5709759D.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program Files\Norton AntiVirus\Quarantine\5709759D.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\5709759D.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\66026FBE.tmp Infected: Exploit.VBS.Phel.i skipped

C:\Program Files\Norton AntiVirus\Quarantine\66263D97.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\66263D97.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\66263D97.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program Files\Norton AntiVirus\Quarantine\66263D97.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\66263D97.zip CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\67A143F6.tmp Infected: Exploit.VBS.Phel.i skipped

C:\Program Files\Norton AntiVirus\Quarantine\6E863140.html Infected: Exploit.VBS.Phel.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\7D2A4D49.zip/Cla1.class Infected: Trojan.Java.ClassLoader.f skipped

C:\Program Files\Norton AntiVirus\Quarantine\7D2A4D49.zip/Cla2.class Infected: Trojan-Dropper.Java.Cliper.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\7D2A4D49.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\7D2A4D49.zip ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\7D2A4D49.zip CryptFF: infected - 3 skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1268\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts.bak Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JET5989.tmp Object is locked skipped

C:\WINDOWS\Temp\JET5B2F.tmp Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


=============================================================================
LATEST HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:55, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Microsoft Office 97\Office\OSA.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=62.252.192.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead (Nero)\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec....00001A.000000B7
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office 97\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125603657203
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.sendit.co...chhikers/bg.gif
O24 - Desktop Component 1: (no name) - http://www.mikestric...masbunnsock.gif
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Andy/My%20Documents/My%20Pictures/Miscellaneous%20Pictures/xmasbunnsock.gif

--
End of file - 11647 bytes
  • 0

#20
manford7
Posted 17 March 2008 - 03:13 PM

manford7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Update-I spoke too soon.

A few hours ago I had to reboot my PC as it was getting rather sluggish. When I booted up the Norton auto protect off problem reappeared. No matter what I do it does not go back on. I rebooted second time and this time it stayed on until I opened IE7 and the red bar was on saying auto protect off-it then updated Norton system tray icon to same. So, I rebooted third time and still the auto protect goes off.

I have disconnected affected PC from net and I am now running scans on the PC affected with Norton, AVG, Ad Aware, Spyware Doctor and Microsoft Malicious Software Removal Tool. These will probably finish in next 2-3 hours.

I am writing this from separate laptop.

I did some searches on Geeks forums for Norton auto protect and I am far from alone on this-some forums going back to 2005.

I came across one of interest, here is link:
http://www.geekstogo...ved-t12070.html

Michelle (Geekstogo staff member) says she knows what causes it and how to fix it in registry.

In the April 1 2005 post in that log I did what it said and went into Services. There is no Norton Antivirus entry but there are several Symantec entries. One called Symantec Core LC was set to manual and not automatic. I wonder if this should be set to automatic. It also has a recovery tab and one can select the computers response if the service fails, eg first failure currently set to take no action, there are choices for restart the service, run a program, restart the computer.

Just wondering if this is linked too my problem and if Michelle would know about what seems to be a similar problem with my affected PC.

Awaiting your further help. It is frustrating in it is affecting main Antivirus program on the PC and I dont want to use it when it has auto protect off for fear of getting infected again or more infected as I am not convinced now PC is totallly clean yet.

Thanks.

PS Will post scan results when all have completed.
  • 0

#21
manford7
Posted 17 March 2008 - 03:22 PM

manford7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Further update-compared the Symantec Core LC setting on affected PC with it on this laptop which runs perfect and on the laptop the setting is Automatic. On affected PC it was manual. I have changed it to Automatic. The recovery tab was the same (take no action for each failure).

Perhaps that maybe a clue?
  • 0

#22
Thunderbird1988
Posted 18 March 2008 - 01:52 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Manford7,

I have found at te supportsite of Symantec a possible solution for your Norton problem. it van be found here

It says you should change the setting of some of the Norton services. You can read how, in the link.

Since the computer runs badly again, I need to take a deeper look.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Thunderbird1988
  • 0

#23
manford7
Posted 18 March 2008 - 10:37 AM

manford7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hello thunderbird1988

Okay, last nights scans:
Spyware Doctor, Norton 360, Ad Aware 2007, AVG, Kaspersky-all clean
Microsoft Malicious Software Removal Tool (March08 release)-clean except for usual reporting Win32 Netsky worm part removed.

Noticed on Microsoft website they state the March release of the MS update includes searches for 2 new viruses Virtumonde and Vundo so that's why the new release I used found them a few days ago.

Followed Symantec instructions you provided-did not work. So followed their next option which is to uninstall all Norton products and reinstall Norton 360. Completed this and after all updates to Norton/running scans I did experience same auto protect off problem again. Symantec have a fair number of different scenarios covered and I seemed to have experienced a lot of them over last 2-3 weeks. I did search on "Red X Norton 360" on their Knowledge base and here is what came up:

http://searchg.syman...site=symc_en_US

Right now after another reboot system seems fine and Norton 360 staying protected even using email and IE7. If problem reappears I am thinking of trying to get live chat help with Symantec.

I have a feeling Symantec need to provide some sort of permanent fix or patch? as I think it maybe a weakness in their product.
Question: What are your thoughts?

Ran Deckard's System Scanner (DSS). Here are both their logs:

Await your next advice.
Thanks.

Deckard's System Scanner v20071014.68
Run by Andy on 2008-03-18 15:56:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-03-18 15:56:31 UTC - RP1270 - Deckard's System Scanner Restore Point
83: 2008-03-18 02:01:08 UTC - RP1269 - System Checkpoint
82: 2008-03-16 20:13:38 UTC - RP1268 - System Checkpoint
81: 2008-03-15 16:58:28 UTC - RP1267 - System Checkpoint
80: 2008-03-13 14:38:33 UTC - RP1266 - System Checkpoint


-- First Restore Point --
1: 2007-12-20 05:01:14 UTC - RP1187 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Andy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:46, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Microsoft Office 97\Office\OSA.EXE
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Andy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=62.252.192.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead (Nero)\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec....00001A.000000B7
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office 97\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125603657203
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.sendit.co...chhikers/bg.gif
O24 - Desktop Component 1: (no name) - http://www.mikestric...masbunnsock.gif
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Andy/My%20Documents/My%20Pictures/Miscellaneous%20Pictures/xmasbunnsock.gif

--
End of file - 11905 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080305-181426-406 R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1507/ (obfuscated)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 A32P - c:\windows\system32\drivers\a32p.sys
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 ser2pl (SAGEM USB-Serial) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-03-13 16:39:27 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2004-07-06 20:28:23 340 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1081275150.job


-- Files created between 2008-02-18 and 2008-03-18 -----------------------------

2008-03-18 15:28:46 0 d-------- C:\Documents and Settings\Andy\Application Data\Symantec
2008-03-18 14:25:07 0 d-------- C:\Program Files\Norton 360
2008-03-10 16:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-10 16:45:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-04 21:04:10 0 d-------- C:\Documents and Settings\Andy\Application Data\Grisoft
2008-03-04 21:03:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-28 21:01:31 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-28 21:01:31 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-28 21:01:31 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-28 21:01:31 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-27 23:04:50 0 d-------- C:\Program Files\Trend Micro
2008-02-25 15:07:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-25 15:06:54 0 d-------- C:\Program Files\Spyware Doctor
2008-02-25 15:06:54 0 d-------- C:\Documents and Settings\Andy\Application Data\PC Tools
2008-02-25 10:42:43 0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 22:10:10 0 d-------- C:\Program Files\Lavasoft
2008-02-24 22:10:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 22:07:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 12:27:17 0 d-------- C:\Temp
2008-02-20 23:19:01 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-20 23:19:01 2540 --a------ C:\WINDOWS\unins000.dat


-- Find3M Report ---------------------------------------------------------------

2008-03-18 15:58:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-18 14:54:55 0 d-------- C:\Program Files\Symantec
2008-03-18 14:51:10 0 d-------- C:\Program Files\Common Files
2008-03-16 22:54:06 0 d-------- C:\Program Files\WMR11
2008-02-27 11:50:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-23 18:42:40 0 d-------- C:\Documents and Settings\Andy\Application Data\BitTorrent
2008-02-13 12:23:37 0 d-------- C:\Program Files\Microsoft Office 97
2008-02-13 12:14:38 0 d-------- C:\Program Files\microsoft frontpage
2008-02-06 14:47:13 0 d-------- C:\Program Files\AllToAVI
2008-02-03 13:12:08 0 d-------- C:\Documents and Settings\Andy\Application Data\Google
2008-02-03 13:10:48 0 d-------- C:\Program Files\Google
2008-01-27 23:42:50 0 d-------- C:\Documents and Settings\Andy\Application Data\Adobe
2007-12-26 16:59:03 201728 --a------ C:\WINDOWS\system32\Doctor Who Christmas 07.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 07:59]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/08/2003 01:04]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [13/08/2003 10:27]
"BCMSMMSG"="BCMSMMSG.exe" [29/08/2003 03:59 C:\WINDOWS\BCMSMMSG.exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [26/08/2003 19:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [21/12/2005 10:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/01/2008 15:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 05:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 07:56]
"NBJ"="C:\Program Files\Ahead (Nero)\Nero BackItUp\NBJ.exe" [09/08/2005 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec....00001A.000000B7

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Andy\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 09:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [28/10/2005 10:23:10]
DESKTOP.INI [03/09/2002 09:00:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 08:15:54]
Office Startup.lnk - C:\Program Files\Microsoft Office 97\Office\OSA.EXE [31/07/1997 23:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-03-18 16:00:20 ------------
********************************************************************************
*********************************************************************************
*************************************
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 510 MiB / 185.41 MiB
Pagefile Memory (total/avail): 1246.72 MiB / 646.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.71 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 37.48 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"="C:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe:*:Disabled:ccpm_exe Module"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andy\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANDREW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andy
LOGONSERVER=\\ANDREW
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Outlook Express;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Andy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Andy\LOCALS~1\Temp
USERDOMAIN=ANDREW
USERNAME=Andy
USERPROFILE=C:\Documents and Settings\Andy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Andy (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead (Nero)\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A3 EP --> \UNWISE.EXE \INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AllToAVI v4 r5394 --> C:\Program Files\AllToAVI\uninst.exe
Anvsoft Flash to Video Converter 1.12 --> C:\Program Files\Anvsoft Flash to Video Converter\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apex Video Converter Free 6.24 --> "C:\Program Files\Apex\Apex Video Converter Free\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Auto Gordian Knot 2.40 --> C:\Program Files\AutoGK\uninst.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Converter 5.6 --> "C:\Program Files\AVS4YOU\AVSVideoConverter\unins000.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Belkin Wireless USB Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A6359CCF-215D-43D9-8366-479D231F2A72}
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Boots F2CD Picture Suite --> "C:\Program Files\Boots F2CD\Picture Suite\Uninstal.exe" C:\PROGRA~1\BOOTSF~1\PICTUR~1\INSTALL.LOG
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
DAO --> MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DivX 4.12 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_divx 132 C:\WINDOWS\INF\divx.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doctor Who Christmas 07 Screen Saver --> C:\WINDOWS\system32\Doctor Who Christmas 07.scr /u
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
EZ MPEG TO AVI Converter 1.00 --> "C:\Program Files\ezvideotools.com\EZ MPEG TO AVI Converter\unins000.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FUJIFILM DS SERIAL TWAIN --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
FUJIFILM EZtouch Ver.3.0 --> C:\WINDOWS\uninst.exe -fC:\FUJIFILM\EZTOUCH\DeIsL1.isu
FUJIFILM PICTURE SHUTTLE Ver3.2 --> C:\WINDOWS\uninst.exe -fC:\FUJIFILM\PSHUTTLE\DeIsL1.isu
FUJIFILM SNAP TWAIN --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL2.isu
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1100 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1100 series --> MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® Integrated Performance Primitives RTI 4.0 --> MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeepV Flash Converter --> "C:\Program Files\KeepV Converter\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Lotus Word Pro 96 --> c:\windows\lunin10.exe /T WordPro /V 96.0 /I c:\lotus\LWP.INF /C c:\lotus\cinstall.ini /O /L EN
MailWasher Free --> "C:\Program Files\MailWasher\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office 97\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Andy\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
My Pictures And Sounds 7.15 --> C:\Program Files\SAGEM\My Pictures And Sounds\Uninstall.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Radiograbber 3.0.64.0 --> "C:\Program Files\Radiograbber\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Easy DVD Copy --> MsiExec.exe /I{C46B4678-0F42-4791-9D19-BE01BB3DD358}
SAGEM USB-Serial Mobile Communication Device --> C:\Program Files\SAGEM\USB-Serial\USB-Serial_Uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SMPlayer 0.5.60 --> "C:\Program Files\SMPlayer\unins000.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sothink SWF to Video Converter --> "C:\Program Files\SourceTec\Sothink SWF to Video Converter\unins000.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TextBridge Classic --> "C:\PROGRA~1\TEXTBR~1\bin\setup.exe" -funinstal.ins
Transfer MyPC --> MsiExec.exe /X{B6751A10-2389-4AEF-870A-4DD925F48733}
Ultra Video Converter 3.2.0622 --> "C:\Program Files\Ultra Video Converter\unins000.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
VS2005 Redist --> MsiExec.exe /I{F9EB6FB3-879F-4EE7-89D2-7A9674A1B753}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 4.0 --> C:\Program Files\WinPcap\uninstall.exe
WinZip --> C:\Program Files\WinZip\WINZIP32.EXE /uninstall
WM Recorder 11.3 --> C:\Program Files\WMR11\Uninstal.exe
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger with BT Communicator --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type23753 / Error
Event Submitted/Written: 03/18/2008 01:54:14 PM
Event ID/Source: 32767 / comHost
Event Description:
Cannot get Components key from ccSettings Manager.Is it really there? Error code: 0x80000205

Event Record #/Type23737 / Error
Event Submitted/Written: 03/18/2008 01:48:52 PM
Event ID/Source: 32767 / comHost
Event Description:
Cannot get Components key from ccSettings Manager.Is it really there? Error code: 0x80000205

Event Record #/Type23728 / Error
Event Submitted/Written: 03/18/2008 01:45:21 PM
Event ID/Source: 32767 / comHost
Event Description:
Cannot get Components key from ccSettings Manager.Is it really there? Error code: 0x80000205

Event Record #/Type23717 / Error
Event Submitted/Written: 03/18/2008 01:42:20 PM
Event ID/Source: 32767 / comHost
Event Description:
Cannot get Components key from ccSettings Manager.Is it really there? Error code: 0x80000205

Event Record #/Type23701 / Error
Event Submitted/Written: 03/18/2008 01:35:48 PM
Event ID/Source: 32767 / comHost
Event Description:
Cannot get Components key from ccSettings Manager.Is it really there? Error code: 0x80000205



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type96619 / Error
Event Submitted/Written: 03/18/2008 02:10:09 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type96617 / Error
Event Submitted/Written: 03/18/2008 02:10:02 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The LiveUpdate Notice Service Ex service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type96616 / Error
Event Submitted/Written: 03/18/2008 02:10:02 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec Lic NetConnect service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type96615 / Error
Event Submitted/Written: 03/18/2008 02:10:02 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Event Record #/Type96614 / Error
Event Submitted/Written: 03/18/2008 02:10:02 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-03-18 16:00:20 ------------
  • 0

#24
manford7
Posted 19 March 2008 - 06:19 PM

manford7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hey thunderbird1988

I got help from Symantec Live Chat today and seem to have resolved Norton problem. Live Update files seemed to be damaged even after reinstallation so they uninstalled LU and reinstalled and verified all okay and PC been on all day and no probs.

PC also doing darn good. :)

Let me know if Deckard's System Scanner revealed anything.

If not I am thinking this PC is clean and okay now?

Cheers
manford7
  • 0

#25
Thunderbird1988
Posted 22 March 2008 - 06:31 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Manford7,

No your DSS log doesn't reveal anything unnormal. So I think its safe to say you are clean :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety


Thunderbird1988
  • 0

Advertisements

#26
Thunderbird1988
Posted 22 March 2008 - 06:31 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP