 Virus Alert! In Taskbar, And Other Annoyances., Cannot run in normal mode! |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jul 3 2008, 03:00 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 3-July 08 Member No.: 220,263  |
The clock in my Taskbar has been replaced by Virus Alert! Other noticeable and frustrating side-effects on the infection: -Computer does not recognize C (Main) Drive -Task Manager has been 'disabled by Administrator' -Programs shut down within minutes of restart, leaving an empty desktop (image remains) and mouse pointer. HiJackThis Log (Main) Deckard's System Scanner v20071014.68 Run by Administrator on 2008-07-03 15:50:12 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; computer is in safe mode. -- Last 5 Restore Point(s) -- 69: 2008-07-03 19:35:14 UTC - RP335 - System Checkpoint 68: 2008-07-03 19:35:13 UTC - RP334 - System Checkpoint 67: 2008-07-03 19:35:13 UTC - RP333 - System Checkpoint 66: 2008-07-03 19:35:13 UTC - RP332 - System Checkpoint 65: 2008-07-03 19:35:13 UTC - RP331 - System Checkpoint -- First Restore Point -- 1: 2008-07-03 19:35:09 UTC - RP267 - AntiVir PersonalEdition Classic - 4/4/2008 0:21 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:51:26 PM, on 7/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Administrator\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://kukkakreck.com/cehpmoin/?cmp=hmr&am...mp;uid=302f13fb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8} - C:\WINDOWS\system32\tuvSkLcY.dll O2 - BHO: (no name) - {85C8D198-7C50-4085-A3B2-205B634449E2} - C:\WINDOWS\system32\ddcBRjKa.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [302f1354] rundll32.exe "C:\WINDOWS\system32\tgmrmdot.dll",b O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199332093037 O20 - AppInit_DLLs: C:\WINDOWS\system32\mmssylqyl.dll O20 - Winlogon Notify: tuvSkLcY - C:\WINDOWS\SYSTEM32\tuvSkLcY.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6953 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Si3114r5 (SiI-3114 SoftRaid 5 Controller) - c:\windows\system32\drivers\si3114r5.sys <Not Verified; Silicon Image, Inc; SoftRAID 5> R1 mapledxp - c:\windows\system32\drivers\mapledxp.sys <Not Verified; Jeff Hurchalla and Marble Sound; MarbleSound Maple Midi XP Driver SYS> S1 AsIO - c:\windows\system32\drivers\asio.sys S1 netbtt - c:\windows\system32\drivers\netbtt.sys (file missing) S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> S2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3> S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing) S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing) S3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\windows\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" (file missing) S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048 Manufacturer: Marvell Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048 Service: yukonwxp Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01 Manufacturer: NVIDIA Name: NVIDIA nForce Networking Controller PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01 Service: NVENETFD -- Files created between 2008-06-03 and 2008-07-03 ----------------------------- 2008-07-03 15:50:57 0 d-------- C:\Program Files\Trend Micro 2008-07-03 15:35:44 91520 --a------ C:\WINDOWS\system32\tgmrmdot.dll 2008-07-03 15:34:59 231345 --ahs---- C:\WINDOWS\system32\aKjRBcdd.ini2 2008-07-03 15:34:53 318720 --a------ C:\WINDOWS\system32\ddcBRjKa.dll 2008-07-03 15:11:51 0 d-------- C:\cmdcons 2008-07-03 15:11:29 68096 --a------ C:\WINDOWS\zip.exe 2008-07-03 15:11:29 49152 --a------ C:\WINDOWS\VFind.exe 2008-07-03 15:11:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-07-03 15:11:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-07-03 15:11:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-07-03 15:11:29 98816 --a------ C:\WINDOWS\sed.exe 2008-07-03 15:11:29 80412 --a------ C:\WINDOWS\grep.exe 2008-07-03 15:11:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-07-03 14:13:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-07-03 14:13:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-03 14:13:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-03 13:37:30 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-07-03 13:33:26 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-07-03 13:15:46 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-07-03 12:34:22 0 d-------- C:\Documents and Settings\Jonno\Application Data\TmpRecentIcons 2008-07-03 12:17:54 0 d-------- C:\Program Files\msn gaming zone 2008-07-03 12:07:14 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-07-02 22:13:35 28288 --a------ C:\WINDOWS\system32\tuvSkLcY.dll 2008-07-02 22:04:19 967 --a------ C:\WINDOWS\ScUnin.pif 2008-07-02 22:04:19 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller> 2008-07-02 22:04:19 35190 --a------ C:\WINDOWS\scunin.dat 2008-07-01 21:24:50 0 d-------- C:\Program Files\Starcraft 2008-06-30 18:01:50 0 d-------- C:\WINDOWS\Freecorder Toolbar 2008-06-30 18:01:50 0 d-------- C:\Program Files\Freecorder Toolbar 2008-06-26 19:49:21 0 d-------- C:\Program Files\Common Files\L&H 2008-06-26 19:48:58 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-06-26 19:47:45 0 d-------- C:\Program Files\Microsoft Works 2008-06-26 19:47:27 0 d-------- C:\WINDOWS\SHELLNEW 2008-06-26 19:47:24 0 d-------- C:\Program Files\Microsoft.NET 2008-06-26 18:35:50 0 d-------- C:\Program Files\Symantec 2008-06-26 18:35:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-26 17:41:56 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-06-26 17:38:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-06-26 17:30:42 0 d-------- C:\Program Files\Common Files\Macrovision Shared -- Find3M Report --------------------------------------------------------------- 2008-07-03 11:19:53 0 d-------- C:\Program Files\Windows NT 2008-06-26 19:49:21 0 d-------- C:\Program Files\Common Files 2008-06-26 18:38:17 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-26 17:37:57 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-03 16:22:10 0 d-------- C:\Program Files\ZSNES 2008-05-30 14:50:04 0 d-------- C:\Program Files\NDS 2008-05-14 18:06:59 0 d-------- C:\Program Files\Zune 2008-04-05 13:16:06 1700352 --a------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}] 07/02/2008 10:13 PM 28288 --a------ C:\WINDOWS\system32\tuvSkLcY.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85C8D198-7C50-4085-A3B2-205B634449E2}] 07/03/2008 03:34 PM 318720 --a------ C:\WINDOWS\system32\ddcBRjKa.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [11/15/2004 06:20 PM C:\WINDOWS\SOUNDMAN.EXE] "Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [01/18/2006 05:09 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/19/2007 01:26 PM] "nwiz"="nwiz.exe" [04/19/2007 01:26 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/19/2007 01:26 PM] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [02/22/2004 11:44 PM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 06:54 PM] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/01/2008 01:25 AM] "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [06/28/2008 02:16 PM] "302f1354"="C:\WINDOWS\system32\tgmrmdot.dll" [07/03/2008 03:35 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [11/10/2007 6:51:41 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{1EB4BF0F-852F-4B75-B8FB-21EDAF9DC3C8}"= C:\WINDOWS\system32\tuvSkLcY.dll [07/02/2008 10:13 PM 28288] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSkLcY] tuvSkLcY.dll 07/02/2008 10:13 PM 28288 C:\WINDOWS\system32\tuvSkLcY.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\mmssylqyl.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcBRjKa [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe -- End of Deckard's System Scanner: finished at 2008-07-03 15:52:04 ------------ HiJackThis (Extra) Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon™ 64 Processor 4000+ Percentage of Memory in Use: 24% Physical Memory (total/avail): 1023.48 MiB / 771.28 MiB Pagefile Memory (total/avail): 2461.53 MiB / 2267.67 MiB Virtual Memory (total/avail): 2047.88 MiB / 1926.29 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 153.38 GiB total, 116.11 GiB free. D: is CDROM (No Media) E: is Fixed (FAT32) - 57.23 GiB total, 25.77 GiB free. \\.\PHYSICALDRIVE0 - Maxtor 96147H6 - 57.25 GiB - 1 partition \PARTITION0 (bootable) - Unknown - 57.25 GiB - E: \\.\PHYSICALDRIVE1 - WDC WD1600YS-01SHB1 - 153.38 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 153.38 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. UpdatesDisableNotify is set. FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.) AV: Symantec Endpoint Protection v11.0.2000.1253 (Symantec Corporation) Disabled [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Variations2\\JRE\\bin\\javaw.exe"="C:\\Program Files\\Variations2\\JRE\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\Zune\\Zune.exe"="C:\\Program Files\\Zune\\Zune.exe:*:Enabled:Zune" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service" "C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service" "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=WARLOCK-85D3A04 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator LOGONSERVER=\\WARLOCK-85D3A04 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 10, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=070a ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip SAFEBOOT_OPTION=NETWORK SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=WARLOCK-85D3A04 USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator VARIATIONS2DIR=C:\Program Files\Variations2\ windir=C:\WINDOWS __COMPAT_LAYER=DisableNXShowUI -- User Profiles --------------------------------------------------------------- Jonno (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3114 SATARAID5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9 Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A} Adobe Integrated Runtime (AIR) --> MsiExec.exe /I{199FC15D-2E06-47BE-B3EA-CA086FCB94CF} Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9} Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AIM 6 --> C:\Program Files\AIM6\uninst.exe Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly Freecorder Toolbar 3.02 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml" Garritan Personal Orchestra --> C:\PROGRA~1\GARRIT~1\UNWISE.EXE C:\PROGRA~1\GARRIT~1\INSTALL.LOG Garritan Personal Orchestra Studio v1.2 --> "C:\Program Files\Garritan Personal Orchestra\Studio\unins000.exe" Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040} LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Meridian Advance (remove only) --> "C:\Program Files\Meridian Advance\uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C} Native Instruments Kontakt Player 2 --> C:\PROGRA~1\NATIVE~1\KONTAK~2\\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~2\\INSTALL.LOG Native Instruments Service Center --> C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe" NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI Paint.NET v3.20 --> MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F} PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9 PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall PdfEdit995 --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything Sibelius 5 --> MsiExec.exe /X{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E} Sibelius Sounds Essentials --> C:\PROGRA~1\SIBELI~1\SIBELI~2\ESSENT~1\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SIBELI~2\ESSENT~1\INSTALL.LOG Signature995 --> C:\Program Files\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall Sound Set Editor --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0.5\Adobe AIR Application Installer.exe -uninstall sse Sound Set Editor --> MsiExec.exe /I{0FD08A97-6323-74C9-96DB-210206EF3477} Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat Symantec Endpoint Protection --> MsiExec.exe /I{76B2BC31-2D96-4170-9C44-09E13B5555F3} Variations2 --> MsiExec.exe /X{F8511EB9-9E7B-4E5C-A53C-D8FB681E26A9} Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} XML Paper Specification Shared Components Pack 1.0 --> Zune --> c:\Program Files\Zune\ZuneSetup.exe /x Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2} Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF} Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3} -- Application Event Log ------------------------------------------------------- Event Record #/Type2253 / Warning Event Submitted/Written: 07/03/2008 03:29:55 PM Event ID/Source: 22 / Symantec AntiVirus Event Description: Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent Event Record #/Type2245 / Warning Event Submitted/Written: 07/03/2008 03:18:40 PM Event ID/Source: 22 / Symantec AntiVirus Event Description: Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent Event Record #/Type2238 / Warning Event Submitted/Written: 07/03/2008 03:10:07 PM Event ID/Source: 22 / Symantec AntiVirus Event Description: Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent Event Record #/Type2232 / Warning Event Submitted/Written: 07/03/2008 03:02:46 PM Event ID/Source: 22 / Symantec AntiVirus Event Description: Symantec Endpoint Protection Auto-Protect failed to load.Application has encountered an error. For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent Event Record #/Type2227 / Warning Event Submitted/Written: 07/03/2008 02:18:34 PM Event ID/Source: 1015 / MsiInstaller Event Description: Failed to connect to server. Error: 0x8007043C -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type22133 / Error Event Submitted/Written: 07/03/2008 03:30:58 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: AmdK8 AsIO eeCtrl Fips SCDEmu SPBBCDrv SRTSP SRTSPX ssmdrv SYMTDI Event Record #/Type22132 / Error Event Submitted/Written: 07/03/2008 03:29:44 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} Event Record #/Type22131 / Error Event Submitted/Written: 07/03/2008 03:29:43 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type22130 / Error Event Submitted/Written: 07/03/2008 03:29:43 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} Event Record #/Type22129 / Error Event Submitted/Written: 07/03/2008 03:29:42 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} -- End of Deckard's System Scanner: finished at 2008-07-03 15:52:04 ------------ Thanks! -Jonn |
 |
 
|
|
Jul 5 2008, 04:31 PM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 2,349 Joined: 12-December 05 From: Belgium Member No.: 44,294 |
Hello John and welcome to BleepingComputer,
You can perdorm next steps in safe mode : 1. * Clean your Cache and Cookies in IE:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !). The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC) In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial. It must be saved directly to your desktop. Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze. Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply.  If you have any questions along the way, STOP and ask them before proceeding !! Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------  - If I have helped you in any way, please consider a donation to help me continue the fight against malware.----------------------------------------------------------------------- Stand Up & Be Counted -->  <-- And make a difference |
|
|
|
|
Aug 3 2008, 06:17 AM
Post
#3
|
|
|
Forum Addict Group: HJT Team Posts: 2,349 Joined: 12-December 05 From: Belgium Member No.: 44,294 |
Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Whatever happens, make believe it was intended to ...
----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 10th October 2008 - 01:39 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.