Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unable To Run Hijack This

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Unable To Run Hijack This

Unread postby jacu » November 25th, 2007, 5:23 pm

The last time I went back to check the scanning computer, the screensaver had gone on and when I got it back to desktop, the scanner window had gone white. I decided to chose stop the script and the scan completed. Hope I did the right thing.

Here is the main.txt and I'll post extra.txt in a separate post since they're so long.

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-25 14:36:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-11-25 20:36:31 UTC - RP1358 - Deckard's System Scanner Restore Point
92: 2007-11-25 15:05:15 UTC - RP1357 - System Checkpoint
91: 2007-11-24 14:22:40 UTC - RP1356 - Removed Ad-Aware 2007
90: 2007-11-24 14:14:53 UTC - RP1355 - Removed Adobe Reader 7.0.9
89: 2007-11-24 03:29:02 UTC - RP1354 - System Checkpoint


-- First Restore Point --
1: 2007-08-27 19:49:31 UTC - RP1266 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-25 14:39:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Iomega\System32\AppServices.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
C:\hp\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\Imgicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\Toolbar.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Audible Download Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - C:\WINDOWS\system32
O23 - Service: Iomega App Services - Iomega Corporation - C:\Program Files\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


--
End of file - 8877 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft(R) Windows NT(R) Operating System>
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 hwi4857 (Duo Digital Media Player) - c:\windows\system32\drivers\hwi4857.sys <Not Verified; Cowon Systems, Inc.; USB Falsh Memory Controller>
S3 MRVW245 (Linksys Wireless-N USB Network Adapter WUSB300N) - c:\windows\system32\drivers\mrvw245.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 Otis (Audible Otis Service) - c:\windows\system32\drivers\otisplay.sys <Not Verified; HyunWon Inc; USB Flash Memory Controller>
S3 PortRst - c:\windows\system32\drivers\portrst.sys <Not Verified; Barom Technologies Co., Ltd.; PortRST.sys>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>
R2 WUSB300NSvc - "c:\program files\linksys\wusb300n\wlservice.exe" "wusb300n.exe" <Not Verified; ; WLService>

S4 Iomega Activity Disk2 - ""


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-24 13:02:05 394 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JAMESB-Owner).job


-- Files created between 2007-10-25 and 2007-11-25 -----------------------------

2007-11-24 18:47:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-24 18:47:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-24 18:47:20 0 d-------- C:\WINDOWS\LastGood
2007-11-24 12:50:01 0 d-------- C:\Documents and Settings\Owner\Application Data\WinPatrol
2007-11-24 12:49:38 0 d-------- C:\Program Files\BillP Studios
2007-11-24 06:32:55 0 d-------- C:\Program Files\CCleaner
2007-11-23 19:19:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-11-23 19:19:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-23 19:19:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-23 19:19:24 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-23 19:19:24 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-23 19:19:24 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-23 19:19:24 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-23 19:19:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
2007-11-23 19:19:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-23 19:19:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2007-11-23 19:19:24 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-23 19:19:23 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-11-23 19:19:23 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-23 19:19:23 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-23 19:19:23 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-23 19:19:23 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-23 19:19:23 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-23 19:19:23 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-23 19:19:23 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-23 19:19:23 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-23 19:19:22 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-23 16:21:19 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-11-18 15:32:06 1509408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-18 15:25:39 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-18 15:25:28 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-18 15:25:17 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-11-18 15:24:41 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-18 15:22:58 0 d-------- C:\WINDOWS\Internet Logs
2007-11-18 10:21:22 0 d-------- C:\Program Files\Trend Micro
2007-11-17 15:56:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 09:43:26 0 d-------- C:\Program Files\Maxis


-- Find3M Report ---------------------------------------------------------------

2007-11-24 08:58:11 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-24 08:29:29 0 d-------- C:\Program Files\Common Files
2007-11-23 16:21:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Active Disk
2007-11-19 10:07:41 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2007-11-18 19:38:00 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-11-18 19:37:06 0 d-------- C:\Program Files\Viewpoint
2007-11-17 18:11:14 0 d-------- C:\Program Files\Red Storm Entertainment
2007-11-17 18:11:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-17 13:22:12 0 d-------- C:\Program Files\Creative Wonders
2007-11-17 13:21:14 0 d-------- C:\Program Files\The Learning Company
2007-11-08 21:49:41 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-11-03 09:43:34 919 --a----c- C:\WINDOWS\eReg.dat
2007-10-27 18:24:36 0 d-------- C:\Program Files\Microsoft Money 2006


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [05/03/2002 06:06 PM C:\WINDOWS\system32\nwiz.exe]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 12:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [07/06/2001 10:56 PM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [05/09/2002 09:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/16/2002 09:03 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [12/19/2001 12:39 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/15/2002 04:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [05/15/2002 04:20 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [06/14/2002 05:39 PM]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [09/24/2002 03:39 PM]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [08/13/2002 01:30 PM]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [07/16/2002 09:55 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 06:42 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 03:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/22/2006 11:21 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 11:05 AM]
"checktime"="c:\program files\HPSelect\Frontend\ct.exe" [01/26/2002 02:05 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/05/2003 08:29 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [08/24/2005 06:25 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [10/29/2004 4:13:21 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-25 15:13:34 ------------
jacu
Regular Member
 
Posts: 38
Joined: November 18th, 2007, 1:36 pm
Advertisement
Register to Remove

Re: Unable To Run Hijack This

Unread postby jacu » November 25th, 2007, 5:24 pm

Here is the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 502.98 MiB / 179.38 MiB
Pagefile Memory (total/avail): 1230.53 MiB / 969.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.57 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 52.23 GiB total, 28.78 GiB free.
D: is Fixed (FAT32) - 5.02 GiB total, 1.18 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 4R060J0 - 57.27 GiB - 2 partitions
\PARTITION0 - Unknown - 5.03 GiB - D:
\PARTITION1 (bootable) - Installable File System - 52.23 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.) Disabled
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Disabled:Outlook Express"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMESB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\JAMESB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=JAMESB
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
ArcSoft Software Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Atomic Pop --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {96777B4D-1A97-492E-B5DA-C624AA675280}
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Betty Bad --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {A27EAF80-CBFC-4F56-94E1-929A401D7515}
Bicycle Casino 2.0 --> "C:\Program Files\Microsoft Games\Bicycle Casino 2.0\UNINSTAL.EXE" /runtemp /addremove
Blackhawk Striker --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {5415BC25-6D6C-46C4-B34C-EA8470FE56D5}
Blasterball 2 --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {357ECB62-CD36-4B63-B57E-769D0CA174F4}
Blasterball Wild --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}
BurnPlugin for Audible --> MsiExec.exe /I{301120E0-45A9-498C-8627-19E7E20EFA3A}
Canon S200 --> C:\WINDOWS\System32\CNMCP3W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Construction Zone --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mattel Media\Matchbox\Caterpillar Construction Zone\Construction Zone\Data\UninstallCat.isu"
Crayola Magic 3D Coloring Book Demo --> C:\WINDOWS\iun3401.exe C:\Programs\IBM and Crayola\3DMagicd
Dark Orbit --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {7841B68B-B7DD-408E-8B45-D5CA39608185}
Detto IntelliMover Demo --> MsiExec.exe /X{E62C706B-1352-4DCA-B4D4-81C24750B70F}
DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
easy Internet sign-up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
Fisher-Price® - Toddler --> E:\setup.exe -funinst.ins
Fisher-Price® Big Action Construction --> E:\setup.exe -fcnstunin.ins
GemMaster 2 --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4EDAE550-ACA5-4EF6-88BD-9F2B8BC2982D}
Greeting Card Creator 32 --> C:\PROGRA~1\GREETI~1\UNWISE.EXE C:\PROGRA~1\GREETI~1\INSTALL.LOG
Harry Potter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x9 Uninstall
Harry Potter II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe" -l0x9 Uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hoyle Kids Games 2 --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Kids Games 2\Uninst.isu"
hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
hp learning adventure --> c:\program files\HPSelect\Frontend\uninstall.exe
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
HP Photo and Imaging 2.2 - Scanjet 3970 Series --> MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
hp toolkit --> c:\Windows\HPTK\unhptkit.exe
IBM & Crayola Magic Wardrobe --> C:\WINDOWS\uninst.exe -f"C:\.\Program Files\IBM and Crayola\DeIsL1.isu"
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
IomegaWare 4.0.3 --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Kublox --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {F7A4D9BE-D989-45B9-BB49-2C0EA34B9991}
Learn to Speak Spanish 7.0 --> C:\PROGRA~1\LSSE7\UNWISE.EXE C:\PROGRA~1\LSSE7\INSTALL.LOG
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Linksys Wireless-N USB Network Adapter WUSB300N --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}\setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Maurice Ashley Teaches Chess --> C:\WINDOWS\uninst.exe -fC:\MATCH\DeIsL25.isu
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040040-3E21-46D6-9A91-D927BA08F41D}
Microsoft Location Finder --> MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{901B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Mozilla Firefox (1.0) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0 (en-US)"
MSN Money Investment Toolbox --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
My Little Pony --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\My Little Pony\Uninst.isu"
My Sam's Club Digital Photo Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2DFC174-494B-435D-BB9D-D82520D03C28}\setup.exe" -l0x9 -removeonly
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
Pajama Sam Life is Rough When You Lose Your Stuff --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{56C632F1-E684-4033-8390-1C39A1719B01}
PC-Doctor for Windows --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
PigPen --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {B279B0DA-6F60-4FBD-9847-0C9AB79A3674}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken Financial Center --> C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
QuickTime 3.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\System32\QTUninst.dll
Reader Rabbit(R) I Can Read! With Phonics --> C:\Program Files\The Learning Company\Reader Rabbit(R) I Can Read! With Phonics\uninstall.exe
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SabreWing 2 --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {922B6E62-57DC-4153-97E3-12443BB5F9AE}
Scooby-Doo(TM), Activity Challenge(TM) --> C:\Program Files\The Learning Company\Scooby-Doo(TM), Activity Challenge(TM)\uninstall.exe
Scooby-Doo(TM), Jinx At The Sphinx(TM) --> C:\Program Files\The Learning Company\Scooby-Doo(TM), Jinx At The Sphinx(TM)\uninstall.exe
Scooby-Doo(TM), Phantom of the Knight(TM) --> C:\Program Files\The Learning Company\Scooby-Doo(TM), Phantom of the Knight(TM)\uninstal.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Snowboard Extreme --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {753FE96B-D926-4B6C-BCFB-CC59153D004A}
Space Rocks --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {9FA01E11-9015-4140-B10A-5C6AA949B2FC}
Speedway --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {D6CAB2F4-26A4-48F4-A35D-CA83063E3928}
Tetris --> C:\PROGRA~1\Tetris\UNWISE.EXE C:\PROGRA~1\Tetris\INSTALL.LOG
The American Heritage Talking Dictionary --> C:\AHEDW\unsetup.exe
Time to Play Pet Shop --> C:\Program Files\The Learning Company\Time to Play Pet Shop\uninstal.exe
Triple Play '98 --> C:\WINDOWS\uninst.exe -f"C:\EA Sports\Triple Play '98\DeIsL1.isu"
Virtual Warfare --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4F0AE1FB-4082-4A27-8363-05D292D92FB0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Messenger 5.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B10138}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WordPerfect Productivity Pack --> C:\WINDOWS\Corel\uninst32.exe
WordPerfect Productivity Pack --> C:\WINDOWS\Corel\Uninst32.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6513 / Error
Event Submitted/Written: 11/24/2007 10:38:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Myscan.exe.exe, version 1.99.0.1, faulting module msvbvm60.dll, version 6.0.96.90, fault address 0x00086f48.
Processing media-specific event for [Myscan.exe.exe!ws!]

Event Record #/Type6512 / Error
Event Submitted/Written: 11/24/2007 10:38:27 AM
Event ID/Source: 1005 / Application Error
Event Description:
Windows cannot access the file C:\WINDOWS\system32\msvbvm60.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Visual Basic Virtual Machine because of this error.

Program: Visual Basic Virtual Machine
File: C:\WINDOWS\system32\msvbvm60.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Event Record #/Type6494 / Error
Event Submitted/Written: 11/23/2007 07:21:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Myscan.exe.exe, version 1.99.0.1, faulting module msvbvm60.dll, version 6.0.96.90, fault address 0x00086f48.
Processing media-specific event for [Myscan.exe.exe!ws!]

Event Record #/Type6493 / Error
Event Submitted/Written: 11/23/2007 07:21:12 PM
Event ID/Source: 1005 / Application Error
Event Description:
Windows cannot access the file C:\WINDOWS\system32\msvbvm60.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Visual Basic Virtual Machine because of this error.

Program: Visual Basic Virtual Machine
File: C:\WINDOWS\system32\msvbvm60.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Event Record #/Type6491 / Error
Event Submitted/Written: 11/23/2007 07:09:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Myscan.exe.exe, version 1.99.0.1, faulting module msvbvm60.dll, version 6.0.96.90, fault address 0x00086f48.
Processing media-specific event for [Myscan.exe.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type163784 / Error
Event Submitted/Written: 11/24/2007 10:39:28 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type163783 / Error
Event Submitted/Written: 11/24/2007 10:39:25 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type163782 / Error
Event Submitted/Written: 11/24/2007 10:39:24 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type163781 / Error
Event Submitted/Written: 11/24/2007 10:39:21 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type163780 / Error
Event Submitted/Written: 11/24/2007 10:39:20 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2007-11-25 15:13:34 ------------
jacu
Regular Member
 
Posts: 38
Joined: November 18th, 2007, 1:36 pm

Re: Unable To Run Hijack This

Unread postby askey127 » November 26th, 2007, 7:51 am

jacu,
The picture is becoming clear.
The hard drive on this machine has one or more bad blocks (sections). One of the files in a bad block is the code library used by installed Visual Basic programs. HiJackThis is written in Visual Basic, so it and some other specific applications will give an error when there is an attempt to run them.

The whole issue of the Bad Blocks is a bit more involved. You are going to need to replace the hard drive, sooner rather than later, in my opinion.
If this were my machine, I would do the following:
  • Copy any and all important data files like documents, pictures, etc. to CD's, flash drive(s) or other External Media.
  • Your system report shows a 5Gb hidden partition. This usually means that you do NOT have a real Windows XP system disk, but only a "Recovery disk" issued by HP, or whomever. This disc is intended to recover system errors and put the system back in its original state so it's exactly the way it was when you first booted it up.
    That would include all the annoying "Foistware", but with none of your installations or documents. It is, however, your only connection to a valid Windows license if everything goes bad.
    Get out your User's Guide if you can find it and see how this recovery works. If you lose the hidden partition because of a bad hard drive and you have not made original backup CDs, you will have no ability to re-install a valid Windows system without buying a new one.
  • One of the instructions in the users guide will be how to make backup disks (CDs) of the original entire system using your one original HP disk and that special partition. If you didn't do it when you got the machine you should do it now. You will need the original CD that came with the machine.
  • The symptoms shown in the scanner suggest that the hard drive is likely to be failing. After you have taken all the steps above that you are able, you need to replace the hard drive. If you get a new hard drive retail package (get an EIDE type, not SATA), and it's at least 80Gb, it will contain instructions to copy the entire drive content of the old drive onto the new one. If the copy fails because of file system errors, your only recourse will be to utilize the CD that came with the PC in addition to the backup CD's burned in the step above.
  • If you take it to a repair shop, there is some likelihood you will get back a new hard drive with a system on it, but no applications or documents. Be prepared.

We could do file system tests and repairs, but I am reluctant to do anything that would make the file corruption worse.
The machine does not appear to have any serious issues with malware.
System/Hardware problems are not exactly my field of expertise, but if I can answer any questions, I will be glad to try.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable To Run Hijack This

Unread postby jacu » November 26th, 2007, 9:33 am

Good morning Askey127,

What a thing to wake up to. But I was expecting it after looking over the logs.

When I first got my own present computer, the hard disc died after about a month and hp sent someone over with a new one and a set of discs for reinstallation. (I know these are just for my machine.) Last year that hard drive died. I took it into a shop where the guy cloned that hard drive and put it on a new drive, but I think I may have taken those discs in for him to use, which I don't have for this (husband's) computer. When I got my machine back, it was just the way it was (to me at least) before the hard drive crashed. All the applications, Favorites, everything. Do you think he could do something similar for this computer?

Until I got the all clear from you, I advised my husband not to check any financially related sites on the web. Do you think we're safe in that regard?

If this bad block thing has something to do with not being able to shut down, it's probably been bad for some time. Do you think that adding and deleting things at this point would corrupt the machine even more? (I'm sorry if I'm repeating something you've already said.)

One more thing. When Deckard scan began, it said something about temporarily undoing or deleting things. Do I need to be concerned about that?

Thanks,
jacu
jacu
Regular Member
 
Posts: 38
Joined: November 18th, 2007, 1:36 pm

Re: Unable To Run Hijack This

Unread postby askey127 » November 26th, 2007, 3:19 pm

jacu,
I think you have a reasonable chance of successfully copying that whole drive onto a new one.
There may be a few files to fix afterward. One you WILL need to "fix" is the VB runtime package (easy to download).

There is not any extra risk in visiting financial sites, since I don't see any malware on the machine.(do re-enable ZoneAlarm first)

But I wouldn't use the PC any more than necessary until the hard drive gets fixed.
Your main risks are (1) losing the drive before you get documents off it. (loss of documents)
and (2) losing the drive before you copy all of it it onto a new Hard Drive.(loss of Windows license).

Adding and deleting things may move stuff around on the drive and put more files at risk if they get moved into the "bad block".

Don't worry about anything the Deckard Scanner does.
Do print out the contents of extra.txt and show it to the tech who replaces your Hard Drive so he sees why..
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable To Run Hijack This

Unread postby jacu » November 27th, 2007, 10:59 am

We'll try to go in this week and talk to the repair person.

You told me to re-enable Zone Alarm. Should I re-enable Automatic Updates?

Another thing that bothers me on this computer is Messenger, the little two person icon in the tray at the bottom. I was able to keep it from starting up on my own computer some time ago, but I can't remember how I did it. It just bugs me to see msmsgs trying to access the internet on ZA when it's not being used. Would it be safe to take care of that now?

Thanks,
jacu
jacu
Regular Member
 
Posts: 38
Joined: November 18th, 2007, 1:36 pm

Re: Unable To Run Hijack This

Unread postby askey127 » November 27th, 2007, 12:57 pm

You can probably find messenger in Winpatrol on the Startups tab.
Just highlight anything to do with msmsgs or messenger and click remove.

No point in running auto updates now. Just added risk from installing more files.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable To Run Hijack This

Unread postby jacu » November 28th, 2007, 4:52 pm

Thank you so much.

We talked to the computer repair person today and plan to take the machine in on Monday. He says as long as it's bootable, he can clone it and put it on a new drive. We would get it back next Wednesday or Thursday.

Can I come back here when we get it back to finish "tweaking" it?

Thanks,
jacu
jacu
Regular Member
 
Posts: 38
Joined: November 18th, 2007, 1:36 pm

Re: Unable To Run Hijack This

Unread postby askey127 » November 30th, 2007, 6:47 pm

Sure.
Just post a log in a new thread if you wish, or reply to this one.
Glad you are getting it fixed.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable To Run Hijack This

Unread postby askey127 » December 23rd, 2007, 7:35 am

Glad we could be of assistance. This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
Please do not contact us to reopen this topic if you are not the topic starter.
A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link : Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware