Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had SpywareGuard2008 virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 bobboreb

bobboreb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxnard, Ca.
  • Local time:04:32 AM

Posted 30 December 2008 - 06:15 PM

I removed most of the Rogue.SpywareGuard2008 virus using SuperAntispyware, however, sometimes I'll click on something on my desktop and nothing happens. It seems to work again after I reboot. Before I had this SpywareGuard2008 virus I would always get "This app has failed to start cuz OdiAPI.dll was not found" everytime I started my computer. Usually there would be 3 of these red X warnings every time I started the computer. I have some printscreen copies which I will attach. Thank you for your help.

DDS (Version 1.1.0) - NTFSx86
Run by HP_Administrator at 14:33:53.89 on Tue 12/30/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1288 [GMT -8:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\iMesh Applications\Personalization\iMeshPersonalization.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=ivM2fU9O71koxaGwZoI00Q&ind=2008050920&url=http://www.ask.com/web&q={searchTerms}&l=zu&o=sb
uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: iMeshPersonalization: {2e172451-9577-461f-bd9d-16d2e88d0f50} - c:\program files\imesh applications\personalization\iMeshPersonalizationIE_v1040.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [iMeshPersonalization] "c:\program files\imesh applications\personalization\iMeshPersonalization.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ReminderApp] c:\program files\nova development\greeting card factory deluxe\ReminderApp.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
mRun: [LaunchList] c:\program files\pinnacle\studio 10\LaunchList.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\panasonic\videocamsuite\VideoCamSuiteAutoStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send from PC to TV Bookmark - file://c:\program files\send from pc to tv\SendFromPC2TV_Bookmark.htm
IE: Send from PC to TV Play/Pause - file://c:\program files\send from pc to tv\SendFromPC2TV_PlayPause.htm
IE: Send from PC to TV Stop - file://c:\program files\send from pc to tv\SendFromPC2TV_Stop.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: nnnlmNEx - nnnlmNEx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-27 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-27 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-27 81288]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-22 55024]
R2 aawservice;Ad-Aware 2007 Service;"c:\program files\lavasoft\ad-aware 2007\aawservice.exe" [2007-6-5 561152]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-1-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-27 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-27 1079176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-29 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081230.004\NAVENG.SYS [2008-12-30 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081230.004\NAVEX15.SYS [2008-12-30 876112]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-7-26 1245064]

=============== Created Last 30 ================

2008-12-30 13:08 <DIR> --d----- c:\program files\Trend Micro
2008-12-30 11:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-30 11:38 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-30 11:38 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2008-12-30 09:36 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-29 21:56 <DIR> --d----- c:\program files\Remove-it
2008-12-29 14:53 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-29 10:17 <DIR> --d----- c:\windows\system32\scripting
2008-12-29 10:17 <DIR> --d----- c:\windows\l2schemas
2008-12-29 10:17 <DIR> --d----- c:\windows\system32\en
2008-12-29 10:17 <DIR> --d----- c:\windows\system32\bits
2008-12-27 14:20 <DIR> --d----- c:\program files\Lavasoft
2008-12-27 14:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-27 13:34 2,139,086 a------- c:\docume~1\hp_adm~1\applic~1\winrar_4.6_full.exe
2008-12-27 12:46 <DIR> --d----- c:\program files\videosoft
2008-12-27 12:28 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-12-27 12:28 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-12-27 12:28 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-12-27 12:28 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-12-27 12:28 <DIR> --d----- c:\program files\Spyware Doctor
2008-12-27 12:28 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\PC Tools
2008-12-27 12:28 55,296 a------- c:\windows\system32\msqpdxtfhmpkal.dll
2008-12-27 12:28 <DIR> --dshr-- C:\resycled
2008-12-27 12:28 255 ---shr-- C:\autorun.inf
2008-12-18 12:54 <DIR> --d----- c:\program files\Microsoft Common
2008-12-17 08:52 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-17 08:52 1,409 a------- c:\windows\QTFont.for
2008-12-06 07:21 552 a------- c:\windows\system32\d3d8caps.dat
2008-12-05 18:41 <DIR> --d----- c:\program files\Inner Esteem Inc
2008-12-05 16:43 <DIR> --d----- c:\program files\DesignCAD Pro 2000
2008-12-05 16:09 <DIR> --d----- c:\windows\speech
2008-12-05 16:04 <DIR> --d----- c:\windows\lhsp
2008-12-05 16:00 <DIR> --d----- c:\program files\Inner Esteem
2008-12-05 15:54 299,520 a------- c:\windows\uninst.exe

==================== Find3M ====================

2008-12-29 14:59 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-29 14:16 32,768 -------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2008-12-12 22:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 04:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 05:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 05:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 08:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 23:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-14 23:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 02:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 02:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2007-08-28 17:23 34,816 a------- c:\program files\LCResume.doc
2007-08-12 11:05 7,489,923 a------- c:\program files\amc.exe
2007-06-10 07:42 70,729,900 a------- c:\program files\StudioPatch9_4_3.exe
2007-06-10 07:40 316,355 a------- c:\program files\MovieBoxDeluxe.exe
2007-06-09 08:02 27,521,592 a------- c:\program files\GCF_HolidayPack2007_1.2.exe
2007-06-09 07:52 176 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2007-04-16 15:39 190,064 a------- c:\program files\Morpheus.exe
2006-09-05 18:59 439,296 a------- c:\documents and settings\hp_administrator\remote.exe
2008-06-01 12:22 22 a--sh--- c:\windows\sminst\HPCD.sys
2007-03-08 23:12 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 14:34:55.05 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2008 5:38:58 AM
System Uptime: 12/30/2008 1:57:09 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | EMERY
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 104.373 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.047 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP319: 12/29/2008 2:45:48 PM - System Checkpoint
RP320: 12/30/2008 9:35:52 AM - Installed Java™ 6 Update 11
RP321: 12/30/2008 11:38:49 AM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

3100_3200_3300_Help
3100_3200_3300trb
3300
5 Card Slingo from HP Media Center (remove only)
Ad-Aware 2007
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AppCore
AstroPop Deluxe from HP Media Center (remove only)
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
BitComet 1.05
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Boris Graffiti
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
ccCommon
Chuzzle Deluxe from HP Media Center (remove only)
Component Framework
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
DesignCAD Pro 2000
DesignCAD Pro 2000 E-Learning Program
Destinations
DeviceManagementQFolder
DISCover
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
FaceOnBody
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
FormatFactory
Gadwin PrintScreen
GemMaster Mystic
Greeting Card Factory Deluxe
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 11
Java™ 6 Update 7
Lemonade Tycoon 2 from HP Media Center (remove only)
Lernout & Hauspie TruVoice American English TTS Engine
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.56.1
Lightwave 8.0 E-Learning Program
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic Bullet Looks Studio
Mah Jong Quest from HP Media Center (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
MyFantasyMaker
NewCopy
NewCopy_CDA
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
OpenOffice.org Installer 1.0
Otto
PanoStandAlone
Parrot Software Update Tool
PC-Doctor 5 for Windows
PhotoGallery
Pinnacle Hollywood FX 5
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
proDAD Vitascene 1.0
ProductContextNPI
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove-it
Replay AV 8
Replay Converter 2.8
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Send from PC to TV
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC 32bit
Spyware Doctor 6.0
Status
Studio 9
Studio Content DVD
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware Free Edition
Symantec Real Time Storage Protection Component
Symantec Technical Support Web Controls
SymNet
Tradewinds from HP Media Center (remove only)
TrayApp
TWC User Controls
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VideoCam Suite
VideoCam Suite 1.0
videosoft
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
Yahoo! Messenger
YouSendIt Application Plug-in SDK
YouSendIt Express
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

12/24/2008 7:11:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/24/2008 1:09:36 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2008 1:09:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
12/24/2008 8:10:57 AM, error: System Error [1003] - Error code 0000004e, parameter1 00000099, parameter2 0005a462, parameter3 00000000, parameter4 00000000.
12/24/2008 8:10:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
12/23/2008 8:37:32 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
12/23/2008 3:54:01 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
12/23/2008 8:29:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
12/23/2008 8:28:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
12/25/2008 9:55:07 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
12/27/2008 12:35:00 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2008 2:39:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ARSVC service to connect.
12/27/2008 2:39:57 PM, error: Service Control Manager [7000] - The ARSVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/28/2008 11:20:39 AM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
12/28/2008 2:29:06 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
12/29/2008 2:11:38 PM, error: NtServicePack [4374] - Windows XP installation failed, leaving Windows XP partially updated.
The installation of the Service Pack did not complete, and a rollback to the pre-installation state has been initiated. A rollback is a two-step process. Step one is complete; to complete step two, click OK. To be reminded at next login to complete step two, click Cancel. After you complete the rollback, your system will reboot and you may retry the installation of the Service Pack.
12/29/2008 2:30:42 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/29/2008 2:44:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000369' while processing the file 'MSI7495d.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/29/2008 3:03:50 PM, error: NtServicePack [4373] - Windows XP KB951748 installation failed.
An internal error occurred.
12/29/2008 3:04:09 PM, error: NtServicePack [4373] - Windows XP KB954211 installation failed.
An internal error occurred.
12/29/2008 3:04:38 PM, error: NtServicePack [4373] - Windows XP KB956803 installation failed.
An internal error occurred.
12/29/2008 3:04:40 PM, error: NtServicePack [4373] - Windows XP KB956841 installation failed.
An internal error occurred.
12/29/2008 3:04:43 PM, error: NtServicePack [4373] - Windows XP KB957095 installation failed.
An internal error occurred.
12/29/2008 3:04:46 PM, error: NtServicePack [4373] - Windows XP KB957097 installation failed.
An internal error occurred.
12/29/2008 10:03:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2008 10:03:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/29/2008 10:03:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 10:03:37 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 10:03:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 10:03:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2008 10:03:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips ftsata2 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip
12/29/2008 10:04:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/29/2008 10:43:50 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
12/30/2008 10:32:00 AM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.

==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:32 AM

Posted 10 January 2009 - 12:05 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:32 AM

Posted 19 January 2009 - 03:25 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users