Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help, please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help, please

Unread postby TerriReb » February 18th, 2010, 11:10 pm

I can't download the Malwarebytes' Anti-Malware (MBAM) [explorer.exe] file to my desktop because I get an error message saying that my diskspace is full. I deleted all extraneous files from the desktop, but that didn't help.

I tried running Malwarebytes' Anti-Malware (MBAM) from the CD, but that didn't work either.

Should I try running it from the internet or does it need to be downloaded to the desktop to work?

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm
Advertisement
Register to Remove

Re: Need help, please

Unread postby melboy » February 19th, 2010, 3:56 am

Hi Terri

Yes, it needs to be downloaded to your desktop.

I tried running Malwarebytes' Anti-Malware (MBAM) from the CD, but that didn't work either.
Did you get the same "Diskspace is full" message?


Try running the instructions below, either downloading the file to your desktop using the infected PC - If you get the "not a valid win32 application" message, delete it and download it to a clean computer, than transfer it to the infected one and try running it.

Incidently, that error message "not a valid win32 application", probably means the file download was corrupted by the infection. That's why for the time being you'll have to transfer thing via CD untill you can sucessfully download tools and run them from the infected PC.

After completeing the instructions below, then try running the instructions in my last post for Malwarebytes (MBAM) and DDS or HijackThis.

Let me know if you still get the "Diskspace is full" message. Navigate to Start > My Computer > Right click your C: drive and select properties. Under the General tab it will tell you the Used space and free space. Let me know what those figures are.



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 19th, 2010, 10:03 am

I can't get TFC to work because of the same issues as before: the file downloaded from the internet to the infected computer gets the "not a Win63 application" error message. When I try to download it from a CD, I get an error message saying that the diskspace is full.

My used space on the C drive of the infected computer is 191,438,065,664 bytes (178 GB). The available space is 0.

When I try running MBAM from the CD, I get an error message that says "some files cannot be created". The "log" or window shows the following:
Extracting mbam-installer/
Extracting mbam-installer/changes.rtf
Cannot create mbam-installer/changes.rtf
Extracting mbam-installer/Languages/
Extracting mbam-installer/Languages/albanian.lng
Cannot create mbam-installer/Languages/albanian.lng
Extracting mbam-installer/Languages/arabic.lng
Cannot create mbam-installer/Languages/arabic.lng
Extracting mbam-installer/Languages/bosnian.lng
Cannot create mbam-installer/Languages/bosnian.lng
Extracting mbam-installer/Languages/bulgarian.lng
Cannot create mbam-installer/Languages/bulgarian.lng
Extracting mbam-installer/Languages/catalan.lng
Cannot create mbam-installer/Languages/catalan.lng
Extracting mbam-installer/Languages/chineseSI.lng
Cannot create mbam-installer/Languages/chineseSI.lng
Extracting mbam-installer/Languages/chineseTR.lng
Cannot create mbam-installer/Languages/chineseTR.lng
Extracting mbam-installer/Languages/croatian.lng
Cannot create mbam-installer/Languages/croatian.lng
Extracting mbam-installer/Languages/czech.lng
Cannot create mbam-installer/Languages/czech.lng
Extracting mbam-installer/Languages/danish.lng
Cannot create mbam-installer/Languages/danish.lng
Extracting mbam-installer/Languages/dutch.lng
Cannot create mbam-installer/Languages/dutch.lng
Extracting mbam-installer/Languages/english.lng
Cannot create mbam-installer/Languages/english.lng
Extracting mbam-installer/Languages/estonian.lng
Cannot create mbam-installer/Languages/estonian.lng
Extracting mbam-installer/Languages/finnish.lng
Cannot create mbam-installer/Languages/finnish.lng
Extracting mbam-installer/Languages/french.lng
Cannot create mbam-installer/Languages/french.lng
Extracting mbam-installer/Languages/german.lng
Cannot create mbam-installer/Languages/german.lng
Extracting mbam-installer/Languages/greek.lng
Cannot create mbam-installer/Languages/greek.lng
Extracting mbam-installer/Languages/hebrew.lng
Cannot create mbam-installer/Languages/hebrew.lng
Extracting mbam-installer/Languages/hungarian.lng
Cannot create mbam-installer/Languages/hungarian.lng
Extracting mbam-installer/Languages/italian.lng
Cannot create mbam-installer/Languages/italian.lng
Extracting mbam-installer/Languages/korean.lng
Cannot create mbam-installer/Languages/korean.lng
Extracting mbam-installer/Languages/latvian.lng
Cannot create mbam-installer/Languages/latvian.lng
Extracting mbam-installer/Languages/macedonian.lng
Cannot create mbam-installer/Languages/macedonian.lng
Extracting mbam-installer/Languages/norwegian.lng
Cannot create mbam-installer/Languages/norwegian.lng
Extracting mbam-installer/Languages/polish.lng
Cannot create mbam-installer/Languages/polish.lng
Extracting mbam-installer/Languages/portugueseBR.lng
Cannot create mbam-installer/Languages/portugueseBR.lng
Extracting mbam-installer/Languages/portuguesePT.lng
Cannot create mbam-installer/Languages/portuguesePT.lng
Extracting mbam-installer/Languages/romanian.lng
Cannot create mbam-installer/Languages/romanian.lng
Extracting mbam-installer/Languages/russian.lng
Cannot create mbam-installer/Languages/russian.lng
Extracting mbam-installer/Languages/serbian.lng
Cannot create mbam-installer/Languages/serbian.lng
Extracting mbam-installer/Languages/slovak.lng
Cannot create mbam-installer/Languages/slovak.lng
Extracting mbam-installer/Languages/slovenian.lng
Cannot create mbam-installer/Languages/slovenian.lng
Extracting mbam-installer/Languages/spanish.lng
Cannot create mbam-installer/Languages/spanish.lng
Extracting mbam-installer/Languages/swedish.lng
Cannot create mbam-installer/Languages/swedish.lng
Extracting mbam-installer/Languages/turkish.lng
Cannot create mbam-installer/Languages/turkish.lng
Extracting mbam-installer/Languages/ukrainian.lng
Cannot create mbam-installer/Languages/ukrainian.lng
Extracting mbam-installer/license.txt
Cannot create mbam-installer/license.txt
Extracting mbam-installer/mbam.chm
Cannot create mbam-installer/mbam.chm
Extracting mbam-installer/mbam.dll
Cannot create mbam-installer/mbam.dll
Extracting mbam-installer/mbam.exe
Cannot create mbam-installer/mbam.exe
Extracting mbam-installer/mbamswissarmy.sys
Cannot create mbam-installer/mbamswissarmy.sys
Extracting mbam-installer/ssubtmr6.dll
Cannot create mbam-installer/ssubtmr6.dll
Extracting mbam-installer/vbalsgrid6.ocx
Cannot create mbam-installer/vbalsgrid6.ocx
Extracting mbam-installer/winlogon.exe
Cannot create mbam-installer/winlogon.exe
Extracting mbam-installer/zlib.dll
Cannot create mbam-installer/zlib.dll

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 19th, 2010, 2:14 pm

Hi Terri

OK, lets see if we can free up some disk space with what you have already.

Disk Cleanup

  • Click Start > All Programs..
  • Navigate to...Accessories > System Tools. > Disk Cleanup
  • Select C drive and click OK.
  • Disk Cleanup will analyze the selected drive to determine the amount of space that can be freed.
  • When the calculations are finished, check:

    • Temporary Internet Files
    • Offline Web Pages
    • Recycle Bin
    • Temporary Files
    • WebClient/Publisher temporary files

  • Click OK. If you're asked whether you're sure, click Yes.

Note: Be patient. Analyzing the drive can be a lengthy process depending on drive size and contents.
If needed, further information can be found here


Uninstall Programs
  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the program below if present and click Remove
    Safe-Share

The above is most likely the reason you are infected. Please refer to Malware Removal's P2P Programs Policy


Uninstall list

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location, such as your Desktop By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.


In your next reply.

1. Uninstall list.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 20th, 2010, 1:28 pm

My uninstall list:

Acrobat.com
Acrobat.com
Action Replay Code Manager
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Illustrator 9.0
Adobe PhotoDeluxe 2.0
Adobe Photoshop 5.5
Adobe Reader 9
Adobe Shockwave Player
Adobe SVG Viewer
Adobe Type Manager 4.0
Agere Systems PCI Soft Modem
American Greetings® CreataCard® 4
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
AT&T Yahoo! Applications
ATI Control Panel
ATI Display Driver
Bonjour
BroadJump Client Foundation
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon PowerShot S45 WIA Driver
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CC_ccProxyExt
ccCommon
ccPxyCore
Cisco Systems VPN Client 5.0.01.0600
ClueFinders 3rd Grade Adventures
Compatibility Pack for the 2007 Office system
Creative Memories Memory Manager 2
Critical Update for Windows Media Player 11 (KB959772)
Dynex Enhanced G Wireless Desktop Card Setup
Enhanced Multimedia Keyboard Solution
Europa Universalis 2
Final Drive Nitro from HP Media Center (remove only)
Finale Allegro 2007
Finale NotePad 2009
First Step Guide
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Imaging Device Functions 7.0
HP Officejet All-In-One Series
HP Photosmart Cameras 4.5
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Solution Center 7.0
HP Tunes
HP Update
HPIZplus450
ImageMixer VCD2
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 4
Jigs@w Puzzle 2
Lexibox Deluxe from HP Media Center (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Professional 2002 [English]
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
Netflix Movie Viewer
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Oracle JInitiator 1.3.1.17
Oracle JInitiator 1.3.1.22
PC-Doctor for Windows
Photo Organizer
Photosmart 320,370,7400,8100,8400 Series
Picture Package
PrimoPDF
PrimoPDF Redistribution Package
Pro Cycling Manager - Saison 2006 - Demo
PS2
Python 2.2.3
QuickTime
RealPlayer
Remove Quicken New User Edition installer
Riddle Me
Rio Internet Update
Rio Internet Update
Rio Music Manager
Rio Music Manager
Rio Taxi
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sibelius 5 First
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SonicStage 4.3
Sony USB Driver
Sony Vegas Movie Studio 4.0
SPBBC
Spelling Dictionaries Support For Adobe Reader 9
SPSS 14.0 for Windows
SymNet
TiVo Desktop 2.6.1
Tradewinds from HP Media Center (remove only)
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmoiper
TurboTax 2008 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Uru - Ages Beyond Myst
WexTech AnswerWorks
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinTasks Trial
Yahoo! Search Protection
Yahoo! Software Update


I don't know if this is relevant, but I can still only open one program or perform one function per log in. I have to keep rebooting the computer.

Thanks, Malboy.

Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 21st, 2010, 4:39 am

Hi Terri

Uninstall the programs below as they are outdated. We'll re-install Java & Adobe Reader at a later date, when we've cleaned you up.

Please try to uninstall any other software you do not need and/or move any personal documents/files/pictures etc to a form of removable media. (CD, DVD, etc)


Uninstall Programs
  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
    Acrobat.com
    Acrobat.com
    Ad-Aware SE Personal
    Adobe AIR
    Adobe AIR
    Adobe Reader 9
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 4



Navigate to Start > My Computer > Right click your C: drive and select properties. Under the General tab it will tell you the Used space and free space. Let me know what those figures are.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 21st, 2010, 6:44 pm

I wasn't able to delete those programs. Some of them (like Acrobat.com) just flashed when I hit the "remove" key (well, the screen flashed), but the programs stayed there. I received an error message when I tried to delete/remove the Adobe Reader 9 and J2SE programs. The error message said, "Windows installer service could not be accessed."

I was able to delete some extraneous software, such as old kid's games.

My C drive shows that it has 178 GB used, and 238 MB free (250,355,712 bytes).

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 22nd, 2010, 1:58 pm

Hi Terri
"Windows installer service could not be accessed."

We'll address that at another point hopefully.

My C drive shows that it has 178 GB used, and 238 MB free

You need to have more space than that for windows to work properly and give me space to run tools. Whether that space is taken up by your personal files,
eg: Photo's, music, personal documents etc, or by some kind of infection - at this point I don't know.

If you can free up any more space by backing-up/copying/moving any personal files to some form of removable media then please do so.

=================================

You should have DDS downloaded from another computer to a disk from a previous set of instructions.

If you haven't already done so, copy DDS to the desktop of the infected computer from the CD and follow the instructions below.

NOTE: If you already have a copy of DDS already on the desktop of the infected computer that produces the "not a valid win32 application" error message - please delete that first, and and then transfer the copy of DDS from the CD and run that from the desktop.



DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Disable any script blocker, and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 22nd, 2010, 8:23 pm

I deleted a bunch of pictures (jpgs) from the C drive to make space. That allowed me to save a new copy of dds to the desktop. I had trouble running it, though. When I clicked the icon, I would get the black window indicating that dds was starting. After about a minute, though, the black window disappears abruptly and the logs do not appear. I tried rebooting and re-running the program and it happened multiple times.

I don't know if this is important, but I receive a "security alert" message (presumably from a virus of some type) right after the dds black window disappears. It seems that the "security alert" message is disabling dds from running.

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 23rd, 2010, 3:57 am

Hi Terri

Yes, you're correct. It will be the infection that is stopping DDS. One way round this is to run Rkill, then DDS without rebooting inbetween. As you can only run one program per reboot that isn't possible. What surprised me though is that when you ran Rkill the first time it didn't stop the processes I expected it to.

Post me a fresh HijackThis log (Do a system scan and save a log file) if you're able.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 23rd, 2010, 1:01 pm

I don't know why or how, but this time I was able to run rkill, then dds, then HijackThis. All the logs are below:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as HP_Administrator on 02/23/2010 at 10:50:43.


Processes terminated by Rkill or while it was running:


C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PersonalSec\psecurity.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Administrator\Desktop\rkill.exe


Rkill completed on 02/23/2010 at 10:51:21.



DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 10:52:24.18 on Tue 02/23/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.479 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\safe-share\SafeShare.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customi ... ch/ie.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mSearch Page = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customi ... ch/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] 1
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [PersonalSec] c:\program files\personalsec\psecurity.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows

NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

-"http://www.miniclip.com/games/spineworld/en/"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
mRun: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon
mRun: [Unshare] c:\program files\safe-share\SafeShare.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_04\bin\jusched.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager] c:\windows\system32\wltray.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynexw~1.lnk - c:\program files\dynex enhanced g desktop card

adapter\DynexWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture

package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture

package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk -

c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://fsbanforms.slu.edu:7799/forms/ji ... /jinit.exe
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2006-9-2 4064]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2008-4-4 868864]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050817.024\NAVENG.Sys [2005-8-20 73760]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050817.024\NavEx15.Sys [2005-8-20 632000]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-7-27 3768]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-02-20 16:46:24 0 ----atw- c:\documents and settings\hp_administrator\ÿÿÿÿ]
2010-02-14 17:35:20 80166 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-02-14 17:27:06 0 ----atw- c:\documents and settings\hp_administrator\hû
2010-02-05 14:13:14 0 d-----w- c:\program files\Trend Micro
2010-02-03 21:28:18 0 ----atw- c:\documents and settings\hp_administrator\}
2010-02-03 21:05:40 0 d--h--w- c:\windows\PIF
2010-02-03 21:05:11 0 ----a-w- C:\mbam-setup.exe
2010-01-31 05:23:55 0 d-----w- C:\SendTo
2010-01-31 05:23:54 0 d-----w- C:\Internet Explorer

==================== Find3M ====================

2010-01-21 21:53:54 66560 ----a-w- c:\windows\system32\setup.exe.tmp
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\dllcache\srv.sys
2009-12-04 14:41:55 453760 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 20:50:21 604 ---ha-r- c:\program files\WSTLL Notifier

============= FINISH: 10:55:26.82 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/16/2005 1:38:43 PM
System Uptime: 2/23/2010 10:49:07 AM (0 hours ago)

Motherboard: MSI | | ALBACORE
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 939 |

2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 4.856 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.38 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1640: 2/23/2010 9:17:22 AM - System Checkpoint

==== Installed Programs ======================


1200
5700_Help
Acrobat.com
Action Replay Code Manager
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Illustrator 9.0
Adobe PhotoDeluxe 2.0
Adobe Photoshop 5.5
Adobe Reader 9
Adobe Shockwave Player
Adobe SVG Viewer
Adobe Type Manager 4.0
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
American Greetings® CreataCard® 4
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
AT&T Yahoo! Applications
ATI Control Panel
ATI Display Driver
Bonjour
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BroadJump Client Foundation
BufferChm
Camera Window
CameraDrivers
Canon Camera WIA Driver
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon PowerShot S45 WIA Driver
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CC_ccProxyExt
ccCommon
ccPxyCore
Cisco Systems VPN Client 5.0.01.0600
Compatibility Pack for the 2007 Office system
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
Creative Memories Memory Manager 2
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
Dynex Enhanced G Wireless Desktop Card Setup
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Europa Universalis 2
File Viewer Utility 1.2.2
Final Drive Nitro from HP Media Center (remove only)
Finale Allegro 2007
Finale NotePad 2009
First Step Guide
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP Deskjet Printer Preload
HP Help and Support 4.0
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Imaging Device Functions 7.0
HP Officejet All-In-One Series
HP Photosmart Cameras 4.5
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Solution Center 7.0
HP Tunes
HP Update
HPIZplus450
HPProductAssistant
HpSdpAppCoreApp
HPSystemDiagnostics
ImageMixer VCD2
InstantShare
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 4
J5700
Jigs@w Puzzle 2
Lexibox Deluxe from HP Media Center (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
LS_HSI
Macromedia Flash Player
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Professional 2002 [English]
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Move Media Player
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
Netflix Movie Viewer
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Oracle JInitiator 1.3.1.17
Oracle JInitiator 1.3.1.22
PanoStandAlone
PC-Doctor for Windows
Personal Security
Photo Organizer
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PhotoStitch
Picture Package
PrimoPDF
PrimoPDF Redistribution Package
PrintScreen
Pro Cycling Manager - Saison 2006 - Demo
ProductContext
PS2
PSPrinters06
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RemoteCapture 2.7.2
Remove Quicken New User Edition installer
Riddle Me
Rio Internet Update
Rio Music Manager
Rio Taxi
Safari
Scan
ScannerCopy
Security Update for Step By Step Interactive Training

(KB898458)
Security Update for Step By Step Interactive Training

(KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Sibelius 5 First
SkinsHP1
SolutionCenter
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SonicStage 4.3
Sony USB Driver
Sony Vegas Movie Studio 4.0
SPBBC
Spelling Dictionaries Support For Adobe Reader 9
SPSS 14.0 for Windows
Status
SymNet
TiVo Desktop 2.6.1
Toolbox
Tradewinds from HP Media Center (remove only)
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmoiper
TurboTax 2008 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Uru - Ages Beyond Myst
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB889858 for more

information]
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinTasks Trial
Yahoo! Search Protection
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

2/23/2010 10:30:58 AM, error: ATMhelpr [43] -
2/22/2010 7:12:23 AM, error: sr [1] - The System Restore

filter encountered the unexpected error '0xC000007F' while

processing the file 'swf' on the volume 'HarddiskVolume2'.

It has stopped monitoring the volume.
2/22/2010 5:45:23 PM, error: DCOM [10000] - Unable to start

a DCOM Server: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}. The

error: "%5" Happened while starting this command:

C:\WINDOWS\eHome\ehmsas.exe -Embedding
2/22/2010 5:45:03 PM, error: Service Control Manager [7011]

- Timeout (30000 milliseconds) waiting for a transaction

response from the SymWSC service.
2/21/2010 4:39:44 PM, error: DCOM [10000] - Unable to start

a DCOM Server: {9FC8AD10-2E1B-45BE-B57A-478803561E1F}. The

error: "%5" Happened while starting this command:

C:\PROGRA~1\Yahoo!\browser\ycommon.exe -Embedding
2/21/2010 4:37:07 PM, error: Service Control Manager [7000]

- The iPod Service service failed to start due to the

following error: Access is denied.
2/21/2010 4:37:07 PM, error: DCOM [10005] - DCOM got error

"%5" attempting to start the service iPod Service with

arguments "" in order to run the server:

{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/21/2010 4:32:23 PM, error: Service Control Manager [7000]

- The Application Layer Gateway Service service failed to

start due to the following error: The service did not

respond to the start or control request in a timely fashion.
2/21/2010 4:32:22 PM, error: Service Control Manager [7009]

- Timeout (30000 milliseconds) waiting for the Application

Layer Gateway Service service to connect.
2/21/2010 4:28:31 PM, error: DCOM [10000] - Unable to start

a DCOM Server: {28DD3979-0566-4ED3-9B14-1548B3187491}. The

error: "%5" Happened while starting this command:

C:\WINDOWS\System32\bcmwltry.exe -Embedding
2/21/2010 4:27:41 PM, error: Service Control Manager [7009]

- Timeout (30000 milliseconds) waiting for the Windows

Installer service to connect.
2/21/2010 4:27:41 PM, error: Service Control Manager [7000]

- The Windows Installer service failed to start due to the

following error: The service did not respond to the start or

control request in a timely fashion.
2/21/2010 4:27:41 PM, error: DCOM [10005] - DCOM got error

"%1053" attempting to start the service MSIServer with

arguments "" in order to run the server:

{000C101C-0000-0000-C000-000000000046}
2/21/2010 4:22:37 PM, error: Service Control Manager [7000]

- The Application Layer Gateway Service service failed to

start due to the following error: Access is denied.
2/21/2010 4:22:32 PM, error: Service Control Manager [7034]

- The SymWMI Service service terminated unexpectedly. It has

done this 1 time(s).
2/21/2010 4:22:16 PM, error: Service Control Manager [7000]

- The iPod Service service failed to start due to the

following error: The service did not respond to the start or

control request in a timely fashion.
2/21/2010 4:22:15 PM, error: DCOM [10005] - DCOM got error

"%1053" attempting to start the service iPod Service with

arguments "" in order to run the server:

{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/21/2010 4:22:10 PM, error: Service Control Manager [7009]

- Timeout (30000 milliseconds) waiting for the iPod Service

service to connect.
2/21/2010 4:21:54 PM, error: Service Control Manager [7024]

- The Symantec Network Proxy service terminated with

service-specific error 4294967295 (0xFFFFFFFF).
2/21/2010 4:20:43 PM, error: Ftdisk [49] - Configuring the

Page file for crash dump failed. Make sure there is a page

file on the boot partition and that is large enough to

contain all physical memory.
2/21/2010 4:20:43 PM, error: Ftdisk [45] - The system could

not sucessfully load the crash dump driver.
2/19/2010 7:43:28 AM, error: SAM [12288] - SAM failed to

write changes to the database. This is most likely due to a

memory or disk-space shortage. The SAM database will be

restored to an earlier state. Recent changes will be lost.

Check the disk-space available and maximum pagefile size

setting.

==== End Of File ===========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:55 AM, on 2/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update

Service\IntuitUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot

Optimizer\HPBootOp.exe
C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
C:\Program Files\safe-share\SafeShare.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo

Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Dynex Enhanced G Desktop Card

Adapter\DynexWCUI.exe
C:\Program Files\Sony Corporation\Picture Package\Picture

Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture

Package Applications\Residence.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo

Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\windows\system\hpsysdrv.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE= ... locale=EN_

US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE= ... h&locale=E

N_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Bar =

http://red.clientapps.yahoo.com/customi ... ts/sb/sbcy

dsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page =

http://red.clientapps.yahoo.com/customi ... ts/sp/sbcy

dsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://red.clientapps.yahoo.com/customi ... ts/su/sbcy

dsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Bar =

http://red.clientapps.yahoo.com/customi ... ts/sb/sbcy

dsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page =

http://red.clientapps.yahoo.com/customi ... ts/sp/sbcy

dsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customi ... ts/su/sbcy

dsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class -

{BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program

Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SingleInstance Class -

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: HP view -

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program

Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program

Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton

Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program

Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker

c:\hp\bin\res.bat
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe

c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [Unshare] C:\Program

Files\safe-share\SafeShare.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client

Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge]

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP

Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager]

C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program

Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common

Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service

/registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program

Files\TiVo\Desktop\TiVoNotify.exe" /service /registry

/auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program

Files\TiVo\Desktop\TiVoServer.exe" /service /registry

/auto:TivoServer
O4 - HKCU\..\Run: [Search Protection] C:\Program

Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program

Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [PersonalSec] C:\Program

Files\PersonalSec\psecurity.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater]

C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update

-1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;

.NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727;

Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR

3.5.30729)" -"http://www.miniclip.com/games/spineworld/en/"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program

Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk =

?
O4 - Global Startup: HP Digital Imaging Monitor.lnk =

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program

Files\Sony Corporation\Picture Package\Picture Package

Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk =

C:\Program Files\Sony Corporation\Picture Package\Picture

Package Applications\Residence.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AT&T Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupe

rtino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupe

rtino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupe

rtino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupe

rtino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP:

c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes

Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F}

(YYGInstantPlay Control) -

http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator

1.3.1.22) -

http://fsbanforms.slu.edu:7799/forms/ji ... /jinit.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - c:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec

Corporation - c:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -

Symantec Corporation - c:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - c:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) -

Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN

Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) -

Intuit Inc. - C:\Program Files\Common Files\Intuit\Update

Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation -

c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling

Service (LightScribeService) - Hewlett-Packard Company -

c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service

(navapsvc) - Symantec Corporation - c:\Program Files\Norton

Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program

Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks

North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program

Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - c:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation

- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

Corporation - c:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation

- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation

- c:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. -

C:\Program Files\Common Files\TiVo

Shared\Beacon\TiVoBeacon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc)

- Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc.

- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15956 bytes

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 23rd, 2010, 7:36 pm

Hi Terri

Well done - Further progress! That extra space has made all the difference.

You should still have the version of MBAM (renamed to EXPLORER.EXE) on a CD that I had you download using another computer. (I'm referring to this post.)

If you haven't already done so, transfer the file renamed EXPLORER.EXE from the CD to the desktop of the infected PC.


If you've re-booted the machine since you last ran Rkill, run it again.


Rkill
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Notepad will open, please post the contents in your next reply. (The log can also be found at C:\Rkill.txt)
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and continue.

Do not reboot!


Malwarebytes' Anti-Malware (MBAM)

Doubleclick the file renamed EXPLORER.EXE, it will extract the files and will start Malwarebytes automatically.

When MBAM opens:
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
    Failure to reboot will prevent MBAM from removing all the malware.

  • In case Malwarebytes doesn't open, Look for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Post the malwarebytes log in your next reply.

If you have problems with above instructions, let me know.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 23rd, 2010, 9:07 pm

Yeah! It worked!!!!

Here are my logs:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as HP_Administrator on 02/23/2010 at 18:43:46.


Processes terminated by Rkill or while it was running:


C:\WINDOWS\system32\userinit.exe
C:\Documents and Settings\HP_Administrator\Desktop\rkill.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PersonalSec\psecurity.exe
C:\WINDOWS\system32\dumprep.exe


Rkill completed on 02/23/2010 at 18:44:20.


Malwarebytes' Anti-Malware 1.44
Database version: 3782
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2/23/2010 7:00:04 PM
mbam-log-2010-02-23 (19-00-04).txt

Scan type: Quick Scan
Objects scanned: 142546
Time elapsed: 12 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalsec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PersonalSecUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\setup.exe.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\PersonalSec\psecurity.exe (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Computer Scan.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Help.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Personal Security.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Registration.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Security Center.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Settings.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Update.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PersonalSec.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Just a side note; I'm not sure if it's important: The MBAM log was created and saved before I clicked "OK" to reboot the computer when MBAM asked me to do so. I didn't do anything else except for saving the MBAM log before telling MBAM to reboot.

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 23rd, 2010, 9:55 pm

Hi Terri

That's starting to look a bit better - well done!

Hopefully you should now be able to download the following using the infected computer - let me know if you can't.

You may have some copies of TFC or GMER already on your computer - please delete these and download fresh copies.


You mentioned not being able to connect to MalwareRemoval.com or malwarebytes.org, is that still the case?

How is the computer running now?



Turn Off WordWrap
  • Click Start > All Programs > Accessories > Notepad
  • On the menu bar in Notepad select Format
  • Click on WordWrap so it appears UNchecked


TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.


In your next reply:
  1. GMER log
  2. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 24th, 2010, 11:44 pm

My computer is running MUCH better now. Thanks!! I can even log into MalwareRemoval.com on the infected computer and it no longer blocks me. :)

Here are the two logs you requested:

Gymer log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-24 21:37:22
Windows 5.1.2600 Service Pack 2
Running: wfxn1vwx.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fxldypog.sys


---- System - GMER 1.0.15 ----

SSDT 84B0B440 ZwConnectPort

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs B1D03400
Device -> \Driver\atapi \Device\Harddisk0\DR0 852C4856

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

DDS.txt file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 21:37:42.05 on Wed 02/24/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.209 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\RioMSC.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\safe-share\SafeShare.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customi ... ch/ie.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mSearch Page = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customi ... ch/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] 1
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/spineworld/en/"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
mRun: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon
mRun: [Unshare] c:\program files\safe-share\SafeShare.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_04\bin\jusched.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager] c:\windows\system32\wltray.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\hp_administrator\desktop\mbam-installer\explorer.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynexw~1.lnk - c:\program files\dynex enhanced g desktop card adapter\DynexWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://fsbanforms.slu.edu:7799/forms/ji ... /jinit.exe
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2006-9-2 4064]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-8-30 176768]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2008-4-4 868864]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050817.024\NAVENG.Sys [2005-8-20 73760]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050817.024\NavEx15.Sys [2005-8-20 632000]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-27 234616]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-7-27 3768]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-02-24 00:35:26 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2010-02-24 00:35:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-24 00:35:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 16:46:24 0 ----atw- c:\documents and settings\hp_administrator\ÿÿÿÿ]
2010-02-14 17:35:20 80166 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-02-14 17:27:06 0 ----atw- c:\documents and settings\hp_administrator\hû
2010-02-05 14:13:14 0 d-----w- c:\program files\Trend Micro
2010-02-03 21:28:18 0 ----atw- c:\documents and settings\hp_administrator\}
2010-02-03 21:05:40 0 d--h--w- c:\windows\PIF
2010-02-03 21:05:11 0 ----a-w- C:\mbam-setup.exe
2010-01-31 05:23:55 0 d-----w- C:\SendTo
2010-01-31 05:23:54 0 d-----w- C:\Internet Explorer

==================== Find3M ====================

2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 08:59:48 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 14:41:55 453760 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:04:16 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:04:16 1291776 ----a-w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 17:04:15 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:04:15 17920 ----a-w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\dllcache\msrle32.dll
2009-04-08 20:50:21 604 ---ha-r- c:\program files\WSTLL Notifier

============= FINISH: 21:40:14.04 ===============

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware