Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT Log [CLOSED]


  • This topic is locked This topic is locked

#1
Satter1

Satter1

    New Member

  • Member
  • Pip
  • 3 posts
Hi,
I cant access the internet on my main computer or open any text documents.
Thanks for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:40 AM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\Steve\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [709e8374] rundll32.exe "C:\WINDOWS\system32\mrvsbmhe.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Steve\winmain.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Steve\winmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0612502E-29F8-11D6-BC3C-00C0F0167E34} (CRS Inc. Data Object) - http://www.crsdata.n...ct/CRSNInfo.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.crsdata.n...mgaxctrlv65.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://www.swiftview...all_a_green.exe
O16 - DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} (PtClickLoanWF Control) - https://ilnet.wellsf...clickloanwf.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloa...PtClickLoan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://countrywide....ent/ieatgpc.cab
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: XenaDot Software - {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7947 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator


Regards
fenzodahl512
  • 0

#3
Satter1

Satter1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Deckard's System Scanner v20071014.68
Run by Steve on 2008-07-30 16:48:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
82: 2008-07-30 20:48:44 UTC - RP1288 - Deckard's System Scanner Restore Point
81: 2008-07-30 13:52:01 UTC - RP1287 - System Checkpoint
80: 2008-07-29 13:17:24 UTC - RP1286 - Installed Ad-Aware
79: 2008-07-28 18:13:29 UTC - RP1285 - System Checkpoint
78: 2008-07-25 16:37:22 UTC - RP1284 - Removed LiveUpdate (Symantec Corporation)


-- First Restore Point --
1: 2008-05-02 18:00:58 UTC - RP1207 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Steve.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:26 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\Steve\Desktop\dss.exe
C:\DOCUME~1\Steve\Desktop\HJT\Steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {6230596F-3A44-4CDF-815B-372FA03C75D6} - C:\WINDOWS\system32\vtUnkheB.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: {7580b7d0-ad32-fa8b-39c4-802f08bca96b} - {b69acb80-f208-4c93-b8af-23da0d7b0857} - C:\WINDOWS\system32\npdcpj.dll
O2 - BHO: (no name) - {DCEDF3B9-01BC-409A-86FC-7F55164E13BC} - C:\WINDOWS\system32\urqNEVOF.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [709e8374] rundll32.exe "C:\WINDOWS\system32\mrvsbmhe.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Steve\winmain.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Steve\winmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0612502E-29F8-11D6-BC3C-00C0F0167E34} (CRS Inc. Data Object) - http://www.crsdata.n...ct/CRSNInfo.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.crsdata.n...mgaxctrlv65.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://www.swiftview...all_a_green.exe
O16 - DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} (PtClickLoanWF Control) - https://ilnet.wellsf...clickloanwf.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloa...PtClickLoan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://countrywide....ent/ieatgpc.cab
O20 - Winlogon Notify: vtUnkheB - C:\WINDOWS\SYSTEM32\vtUnkheB.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: XenaDot Software - {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 8718 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Steve\Desktop\HJT\backups\) -----------

backup-20080729-024159-275 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
backup-20080729-024159-577 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
backup-20080729-024159-992 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
backup-20080729-024200-267 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20080729-024201-880 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 21:22:57 556 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Steve.job


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-29 09:17:35 0 d-------- C:\Program Files\Lavasoft
2008-07-29 09:16:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 02:53:35 0 d-------- C:\VundoFix Backups
2008-07-29 00:53:47 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-28 21:12:01 0 d-------- C:\Program Files\Windows Sidebar
2008-07-28 21:11:59 0 d-------- C:\Program Files\Norton AntiVirus
2008-07-28 21:08:40 0 d-------- C:\Program Files\Symantec
2008-07-28 20:57:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-28 20:57:32 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-28 20:57:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-28 20:57:32 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-28 20:57:32 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-28 20:57:32 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-28 20:57:32 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-28 20:57:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-28 20:57:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-28 20:57:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-28 20:57:31 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-28 20:57:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-28 20:57:31 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-28 09:27:53 92160 --a------ C:\WINDOWS\system32\mrvsbmhe.dll
2008-07-28 09:26:50 116352 --a------ C:\WINDOWS\system32\npdcpj.dll
2008-07-28 09:26:47 116352 --a------ C:\WINDOWS\system32\owadiaqs.dll
2008-07-25 09:40:55 116352 --a------ C:\WINDOWS\system32\rcqlza.dll
2008-07-25 09:40:51 116352 --a------ C:\WINDOWS\system32\niqwrlmg.dll
2008-07-25 09:37:55 94848 --a------ C:\WINDOWS\system32\tfpdvseb.dll
2008-07-24 14:18:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-24 12:30:54 0 d-------- C:\Documents and Settings\Steve\Application Data\InstallShield
2008-07-24 09:36:10 116352 --a------ C:\WINDOWS\system32\jtovyh.dll
2008-07-24 09:36:08 116352 --a------ C:\WINDOWS\system32\sdcvqalx.dll
2008-07-23 16:57:49 3563 --ahs---- C:\WINDOWS\system32\FOVENqru.ini2
2008-07-23 16:57:39 323584 --a------ C:\WINDOWS\system32\urqNEVOF.dll
2008-07-23 16:52:53 33152 --a------ C:\WINDOWS\system32\qoMdATjJ.dll
2008-07-23 16:52:53 33152 --a------ C:\WINDOWS\system32\awtuvSmk.dll
2008-07-23 16:52:30 33152 --a------ C:\WINDOWS\system32\awtrRihi.dll
2008-07-23 16:52:29 33152 --a------ C:\WINDOWS\system32\vtUnkheB.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-30 16:46:15 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-29 09:16:25 0 d-------- C:\Program Files\Common Files
2008-07-29 00:55:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-28 21:22:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-25 12:54:31 0 d-------- C:\Documents and Settings\Steve\Application Data\Symantec
2008-07-24 10:30:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 11:25:37 21504 --a------ C:\WINDOWS\jestertb.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6230596F-3A44-4CDF-815B-372FA03C75D6}]
07/23/2008 04:52 PM 33152 --a------ C:\WINDOWS\system32\vtUnkheB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/28/2008 09:18 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b69acb80-f208-4c93-b8af-23da0d7b0857}]
07/28/2008 09:26 AM 116352 --a------ C:\WINDOWS\system32\npdcpj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCEDF3B9-01BC-409A-86FC-7F55164E13BC}]
07/23/2008 04:57 PM 323584 --a------ C:\WINDOWS\system32\urqNEVOF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [08/15/2000 09:25 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/15/2000 09:25 PM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [08/15/2000 09:25 PM]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [01/17/2006 01:03 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [03/26/2007 08:07 AM]
"709e8374"="C:\WINDOWS\system32\mrvsbmhe.dll" [07/28/2008 09:27 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/07/2008 02:49 AM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/23/2006 11:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 01:00 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [10/24/2005 04:53 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"main"="C:\WINDOWS\system32\drivers\system.exe" []
"default"="C:\Documents and Settings\Steve\winmain.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 05:40 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"sysinit"=C:\WINDOWS\system32\drivers\system.exe
"winmz"=C:\Documents and Settings\Steve\winmain.exe

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [3/28/2007 12:32:56 PM]
DESKTOP.INI [9/3/2002 10:00:00 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 3:22:40 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/15/2000 9:25:16 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/13/2004 9:45:58 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6230596F-3A44-4CDF-815B-372FA03C75D6}"= C:\WINDOWS\system32\vtUnkheB.dll [07/23/2008 04:52 PM 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnkheB]
vtUnkheB.dll 07/23/2008 04:52 PM 33152 C:\WINDOWS\SYSTEM32\vtUnkheB.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqNEVOF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-30 16:53:22 ------------

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 766 MiB / 446.6 MiB
Pagefile Memory (total/avail): 1107.35 MiB / 785.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.47 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.46 GiB total, 62.26 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 74.46 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

FW: Norton AntiVirus v15.5.0.23 (Symantec Corporation)
FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.)
AV: Norton AntiVirus v15.5.0.23 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steve\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SATTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steve
LOGONSERVER=\\SATTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
TMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SATTER
USERNAME=Steve
USERPROFILE=C:\Documents and Settings\Steve
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Steve (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Family Lawyer 2000 --> C:\PROGRA~1\QUICKE~1\FAMILY~1\UNWISE.EXE C:\PROGRA~1\QUICKE~1\FAMILY~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Documents and Settings\Steve\Desktop\HJT\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_10009_100d60\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Legal Search --> C:\PROGRA~1\QUICKE~1\LEGALS~1\UNWISE.EXE C:\PROGRA~1\QUICKE~1\LEGALS~1\INSTALL.LOG
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works and Money 2001 Setup Launcher --> C:\Program Files\Microsoft Works and Money 2001\Setup\Launcher.exe D:\
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_5_0_23\Setup.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Point --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85BC5C08-E73D-11D2-964D-444553540000}\SETUP.EXE" -l0x9 -uninst
Point --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}\SETUP.EXE" -l0x9 -uninst
Point 6.1a --> MsiExec.exe /X{5F283360-B979-46F2-A359-365FE8492E75}
QuickBooks Premier: Contractor Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b26-78c6-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b26-78c6-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SwiftView Viewer --> C:\Program Files\SwiftView\svinst.exe -Uninstall
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Plain-Language Law Dictionary --> C:\PROGRA~1\QUICKE~1\THEPLA~1\UNWISE.EXE C:\PROGRA~1\QUICKE~1\THEPLA~1\INSTALL.LOG
TOSHIBA e-STUDIO350-450 Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E31CC05-1C65-4B9B-B902-45B23A280D38}\SETUP.EXE" -l0x9
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type18866 / Error
Event Submitted/Written: 07/28/2008 11:44:32 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 402205470.

Event Record #/Type18865 / Error
Event Submitted/Written: 07/28/2008 11:42:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DesktopMgr.exe, version 4.2.2.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type18787 / Error
Event Submitted/Written: 07/28/2008 08:54:08 PM
Event ID/Source: 10 / WinMgmt
Event Description:
Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'" could not be (re)activated in namespace "//./ROOT/SecurityCenter"
because of error 0x80042002. Events may not be delivered through this filter until the
problem is corrected.

Event Record #/Type18784 / Error
Event Submitted/Written: 07/28/2008 08:53:38 PM
Event ID/Source: 10 / WinMgmt
Event Description:
Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'" could not be (re)activated in namespace "//./ROOT/SecurityCenter"
because of error 0x80042002. Events may not be delivered through this filter until the
problem is corrected.

Event Record #/Type18744 / Error
Event Submitted/Written: 07/28/2008 11:06:53 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 825761100.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37240 / Warning
Event Submitted/Written: 07/30/2008 01:27:38 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type37182 / Error
Event Submitted/Written: 07/29/2008 11:46:11 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type37179 / Error
Event Submitted/Written: 07/29/2008 11:18:02 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
Fips
intelppm
SPBBCDrv
SRTSPX
SYMTDI

Event Record #/Type37178 / Error
Event Submitted/Written: 07/29/2008 11:17:16 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type37151 / Error
Event Submitted/Written: 07/29/2008 09:10:46 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-07-30 16:53:22 ------------
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please temporarily disable your ZoneAlarm and Norton Antivirus prior to our fix... Please re-enable them back after performing all steps below.. Please visit HERE for more instruction..

To disable your Norton Antivirus, please visit HERE





Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512
  • 0

#5
Satter1

Satter1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi,
Sorry about the delay but I've been out of town.
I've downloaded ComboFix (twice), but cannot get it to open on the infected machine. I can drag the recovery console download icon onto it or just doubleclick the ComboFix icon and nothing happens.
I've also tried booting into Safe Mode and opening it that way, but no luck.
I disabled my Norton and firewall like you instructed. I also tried using the Run command directly for ComboFix.
Please let me know what else I should do.
Thanks!

Edited by Satter1, 04 August 2008 - 07:39 PM.

  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Hi,
Sorry about the delay but I've been out of town.
I've downloaded ComboFix (twice), but cannot get it to open on the infected machine. I can drag the recovery console download icon onto it or just doubleclick the ComboFix icon and nothing happens.
I've also tried booting into Safe Mode and opening it that way, but no luck.
I disabled my Norton and firewall like you instructed. I also tried using the Run command directly for ComboFix.
Please let me know what else I should do.
Thanks!



Please rename ComboFix into Combo-Fix and run it.. Then post the logs here :)
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP