Hello!
The clock in my Taskbar has been replaced by Virus Alert! Other noticeable and frustrating
side-effects on the infection:
-Computer does not recognize C (Main) Drive
-Task Manager has been 'disabled by Administrator'
-Programs shut down within minutes of restart, leaving an empty desktop (image remains) and mouse pointer.
HiJackThis Log (Main)
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-03 15:50:12
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; computer is in safe mode.
-- Last 5 Restore Point(s) --
69: 2008-07-03 19:35:14 UTC - RP335 - System Checkpoint
68: 2008-07-03 19:35:13 UTC - RP334 - System Checkpoint
67: 2008-07-03 19:35:13 UTC - RP333 - System Checkpoint
66: 2008-07-03 19:35:13 UTC - RP332 - System Checkpoint
65: 2008-07-03 19:35:13 UTC - RP331 - System Checkpoint
-- First Restore Point --
1: 2008-07-03 19:35:09 UTC - RP267 - AntiVir PersonalEdition Classic - 4/4/2008 0:21
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:26 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://kukkakreck.com/cehpmoin/?cmp=hmr&am...mp;uid=302f13fb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} - C:\WINDOWS\system32\tuvSkLcY.dll
O2 - BHO: (no name) - {85C8D198-7C50-4085-A3B2-205B634449E2} - C:\WINDOWS\system32\ddcBRjKa.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [302f1354] rundll32.exe "C:\WINDOWS\system32\tgmrmdot.dll",b
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199332093037
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmssylqyl.dll
O20 - Winlogon Notify: tuvSkLcY - C:\WINDOWS\SYSTEM32\tuvSkLcY.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6953 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Si3114r5 (SiI-3114 SoftRaid 5 Controller) - c:\windows\system32\drivers\si3114r5.sys <Not Verified; Silicon Image, Inc; SoftRAID 5>
R1 mapledxp - c:\windows\system32\drivers\mapledxp.sys <Not Verified; Jeff Hurchalla and Marble Sound; MarbleSound Maple Midi XP Driver SYS>
S1 AsIO - c:\windows\system32\drivers\asio.sys
S1 netbtt - c:\windows\system32\drivers\netbtt.sys (file missing)
S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
S2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
S3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\windows\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" (file missing)
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service: yukonwxp
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01
Service: NVENETFD
-- Files created between 2008-06-03 and 2008-07-03 -----------------------------
2008-07-03 15:50:57 0 d-------- C:\Program Files\Trend Micro
2008-07-03 15:35:44 91520 --a------ C:\WINDOWS\system32\tgmrmdot.dll
2008-07-03 15:34:59 231345 --ahs---- C:\WINDOWS\system32\aKjRBcdd.ini2
2008-07-03 15:34:53 318720 --a------ C:\WINDOWS\system32\ddcBRjKa.dll
2008-07-03 15:11:51 0 d-------- C:\cmdcons
2008-07-03 15:11:29 68096 --a------ C:\WINDOWS\zip.exe
2008-07-03 15:11:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-03 15:11:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-03 15:11:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-03 15:11:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-03 15:11:29 98816 --a------ C:\WINDOWS\sed.exe
2008-07-03 15:11:29 80412 --a------ C:\WINDOWS\grep.exe
2008-07-03 15:11:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-03 14:13:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-03 14:13:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 14:13:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 13:37:30 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-03 13:33:26 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-03 13:15:46 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-07-03 12:34:22 0 d-------- C:\Documents and Settings\Jonno\Application Data\TmpRecentIcons
2008-07-03 12:17:54 0 d-------- C:\Program Files\msn gaming zone
2008-07-03 12:07:14 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-02 22:13:35 28288 --a------ C:\WINDOWS\system32\tuvSkLcY.dll
2008-07-02 22:04:19 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-02 22:04:19 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-07-02 22:04:19 35190 --a------ C:\WINDOWS\scunin.dat
2008-07-01 21:24:50 0 d-------- C:\Program Files\Starcraft
2008-06-30 18:01:50 0 d-------- C:\WINDOWS\Freecorder Toolbar
2008-06-30 18:01:50 0 d-------- C:\Program Files\Freecorder Toolbar
2008-06-26 19:49:21 0 d-------- C:\Program Files\Common Files\L&H
2008-06-26 19:48:58 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-26 19:47:45 0 d-------- C:\Program Files\Microsoft Works
2008-06-26 19:47:27 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-26 19:47:24 0 d-------- C:\Program Files\Microsoft.NET
2008-06-26 18:35:50 0 d-------- C:\Program Files\Symantec
2008-06-26 18:35:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-26 17:41:56 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-26 17:38:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-06-26 17:30:42 0 d-------- C:\Program Files\Common Files\Macrovision Shared
-- Find3M Report ---------------------------------------------------------------
2008-07-03 11:19:53 0 d-------- C:\Program Files\Windows NT
2008-06-26 19:49:21 0 d-------- C:\Program Files\Common Files
2008-06-26 18:38:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-26 17:37:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 16:22:10 0 d-------- C:\Program Files\ZSNES
2008-05-30 14:50:04 0 d-------- C:\Program Files\NDS
2008-05-14 18:06:59 0 d-------- C:\Program Files\Zune
2008-04-05 13:16:06 1700352 --a------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}]
07/02/2008 10:13 PM 28288 --a------ C:\WINDOWS\system32\tuvSkLcY.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85C8D198-7C50-4085-A3B2-205B634449E2}]
07/03/2008 03:34 PM 318720 --a------ C:\WINDOWS\system32\ddcBRjKa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [11/15/2004 06:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [01/18/2006 05:09 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/19/2007 01:26 PM]
"nwiz"="nwiz.exe" [04/19/2007 01:26 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/19/2007 01:26 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [02/22/2004 11:44 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 06:54 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/01/2008 01:25 AM]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [06/28/2008 02:16 PM]
"302f1354"="C:\WINDOWS\system32\tgmrmdot.dll" [07/03/2008 03:35 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [11/10/2007 6:51:41 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}"= C:\WINDOWS\system32\tuvSkLcY.dll [07/02/2008 10:13 PM 28288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSkLcY]
tuvSkLcY.dll 07/02/2008 10:13 PM 28288 C:\WINDOWS\system32\tuvSkLcY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\mmssylqyl.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcBRjKa
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe
-- End of Deckard's System Scanner: finished at 2008-07-03 15:52:04 ------------
HiJackThis (Extra)
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon™ 64 Processor 4000+
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 1023.48 MiB / 771.28 MiB
Pagefile Memory (total/avail): 2461.53 MiB / 2267.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.29 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 153.38 GiB total, 116.11 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 57.23 GiB total, 25.77 GiB free.
\\.\PHYSICALDRIVE0 - Maxtor 96147H6 - 57.25 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 57.25 GiB - E:
\\.\PHYSICALDRIVE1 - WDC WD1600YS-01SHB1 - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 153.38 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.)
AV: Symantec Endpoint Protection v11.0.2000.1253 (Symantec Corporation) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Variations2\\JRE\\bin\\javaw.exe"="C:\\Program Files\\Variations2\\JRE\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Zune\\Zune.exe"="C:\\Program Files\\Zune\\Zune.exe:*:Enabled:Zune"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WARLOCK-85D3A04
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\WARLOCK-85D3A04
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=070a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=WARLOCK-85D3A04
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
VARIATIONS2DIR=C:\Program Files\Variations2\
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI
-- User Profiles ---------------------------------------------------------------
Jonno (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3114 SATARAID5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Integrated Runtime (AIR) --> MsiExec.exe /I{199FC15D-2E06-47BE-B3EA-CA086FCB94CF}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Freecorder Toolbar 3.02 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Garritan Personal Orchestra --> C:\PROGRA~1\GARRIT~1\UNWISE.EXE C:\PROGRA~1\GARRIT~1\INSTALL.LOG
Garritan Personal Orchestra Studio v1.2 --> "C:\Program Files\Garritan Personal Orchestra\Studio\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Meridian Advance (remove only) --> "C:\Program Files\Meridian Advance\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Native Instruments Kontakt Player 2 --> C:\PROGRA~1\NATIVE~1\KONTAK~2\\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~2\\INSTALL.LOG
Native Instruments Service Center --> C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Paint.NET v3.20 --> MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
Sibelius 5 --> MsiExec.exe /X{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}
Sibelius Sounds Essentials --> C:\PROGRA~1\SIBELI~1\SIBELI~2\ESSENT~1\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SIBELI~2\ESSENT~1\INSTALL.LOG
Signature995 --> C:\Program Files\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
Sound Set Editor --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0.5\Adobe AIR Application Installer.exe -uninstall sse
Sound Set Editor --> MsiExec.exe /I{0FD08A97-6323-74C9-96DB-210206EF3477}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Symantec Endpoint Protection --> MsiExec.exe /I{76B2BC31-2D96-4170-9C44-09E13B5555F3}
Variations2 --> MsiExec.exe /X{F8511EB9-9E7B-4E5C-A53C-D8FB681E26A9}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
XML Paper Specification Shared Components Pack 1.0 -->
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
-- Application Event Log -------------------------------------------------------
Event Record #/Type2253 / Warning
Event Submitted/Written: 07/03/2008 03:29:55 PM
Event ID/Source: 22 / Symantec AntiVirus
Event Description:
Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent
Event Record #/Type2245 / Warning
Event Submitted/Written: 07/03/2008 03:18:40 PM
Event ID/Source: 22 / Symantec AntiVirus
Event Description:
Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent
Event Record #/Type2238 / Warning
Event Submitted/Written: 07/03/2008 03:10:07 PM
Event ID/Source: 22 / Symantec AntiVirus
Event Description:
Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent
Event Record #/Type2232 / Warning
Event Submitted/Written: 07/03/2008 03:02:46 PM
Event ID/Source: 22 / Symantec AntiVirus
Event Description:
Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent
Event Record #/Type2227 / Warning
Event Submitted/Written: 07/03/2008 02:18:34 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type22133 / Error
Event Submitted/Written: 07/03/2008 03:30:58 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AmdK8
AsIO
eeCtrl
Fips
SCDEmu
SPBBCDrv
SRTSP
SRTSPX
ssmdrv
SYMTDI
Event Record #/Type22132 / Error
Event Submitted/Written: 07/03/2008 03:29:44 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}
Event Record #/Type22131 / Error
Event Submitted/Written: 07/03/2008 03:29:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type22130 / Error
Event Submitted/Written: 07/03/2008 03:29:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}
Event Record #/Type22129 / Error
Event Submitted/Written: 07/03/2008 03:29:42 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}
-- End of Deckard's System Scanner: finished at 2008-07-03 15:52:04 ------------
Thanks!
-Jonn
Full Version: Virus Alert! In Taskbar, And Other Annoyances.
Hello John and welcome to BleepingComputer,
You can perdorm next steps in safe mode :
1. * Clean your Cache and Cookies in IE:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)
In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.
Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.
Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply.
If you have any questions along the way, STOP and ask them before proceeding !!
Greetings,
Thunder
You can perdorm next steps in safe mode :
1. * Clean your Cache and Cookies in IE:
- Close all instances of Outlook Express and Internet Explorer
- Go to Control Panel > Internet Options > General tab
- Under Browsing History, click Delete.
- Click Delete Files, Delete cookies and Delete history
- Click Close below.
- Go to Tools > Options.
- Click Privacy in the menu..
- Click the Clear now button below.. A new window will popup what to clear.
- Select all and click the Clear button again.
- Click OK to close the Options window
- Go to start > run and type: cleanmgr and click ok.
- Let it scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
- Press OK to remove them.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)
In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.
Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.
Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply.
If you have any questions along the way, STOP and ask them before proceeding !!
Greetings,
Thunder
Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.