Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

downloaded but not able to install


  • This topic is locked This topic is locked
1 reply to this topic

#1 lost locks

lost locks

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 20 July 2009 - 12:23 AM

Hi All,

I have downloaded a few software like Java, openoffice 3.1 but not able to install. As soon as the install window/wizard comes up, it hangs right where it is. I have done a diagnostic and found the following information;


Description
Service LiveShare P2P Server 9 hung on starting.

Problem signature
Problem Event Name: ServiceHang
Service Name: RoxLiveShare9
Image Name: RoxLiveShare9.exe"
Image Version: 0.0.0.0
Service Type: 110
Start Type: 2
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 18441

Files that help describe the problem
Version.txt
minidump.mdmp


I then downloaded the combofix as per instruction from bleeping computer and pls find my log as follows. Will appreciate you help.



ComboFix 09-07-19.04 - robin 20/07/2009 11:59.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.2908.1664 [GMT 8:00]
Running from: c:\users\robin\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Outdated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Norman Security Suite *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Outdated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.

((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-18 08:15 . 2009-07-18 08:15 -------- d-----w- c:\users\robin\{232e22bf-2747-4e51-a7f1-191308aff5db}
2009-07-17 02:45 . 2009-07-17 02:45 -------- d-----w- c:\users\robin\AppData\Local\Help
2009-07-14 21:32 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 21:32 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 21:32 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 21:32 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 21:32 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 07:39 . 2009-07-13 07:39 -------- d-----w- c:\users\robin\AppData\Local\TVU Networks
2009-07-13 07:39 . 2009-07-13 07:39 -------- d-----w- c:\programdata\TVU Networks
2009-07-13 07:39 . 2009-07-13 07:39 -------- d-----w- c:\program files\TVUPlayer
2009-07-13 00:53 . 2009-07-13 00:53 680 ----a-w- c:\users\robin\AppData\Local\d3d9caps.dat
2009-07-11 13:12 . 2009-05-26 13:47 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-07-11 13:11 . 2009-07-11 13:12 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 02:59 . 2009-03-13 10:31 -------- d-----w- c:\program files\Norman
2009-07-20 02:57 . 2009-03-12 08:09 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-20 02:55 . 2009-03-12 14:40 -------- d-----w- c:\users\robin\AppData\Roaming\Spyware Terminator
2009-07-20 02:07 . 2009-04-29 22:41 -------- d-----w- c:\program files\MSECache
2009-07-19 10:21 . 2009-03-12 13:08 -------- d-----w- c:\programdata\Google Updater
2009-07-18 12:26 . 2009-03-12 14:40 -------- d-----w- c:\programdata\Spyware Terminator
2009-07-18 08:53 . 2009-04-29 22:11 1 ----a-w- c:\users\robin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-18 08:21 . 2009-03-12 14:20 -------- d-----w- c:\users\robin\AppData\Roaming\Skype
2009-07-18 08:03 . 2009-03-12 15:00 -------- d-----w- c:\users\robin\AppData\Roaming\skypePM
2009-07-18 07:43 . 2009-04-04 06:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-17 11:46 . 2009-03-12 10:04 -------- d-----w- c:\programdata\TrueSuite Access Manager
2009-07-17 09:15 . 2009-03-14 03:27 -------- d-----w- c:\program files\Registry Easy
2009-07-17 07:58 . 2009-03-12 09:36 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-07-15 06:00 . 2009-03-12 09:40 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 23:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-11 15:00 . 2009-03-12 14:40 -------- d-----w- c:\program files\Spyware Terminator
2009-07-02 07:57 . 2009-03-12 14:26 -------- d-----w- c:\program files\DivX
2009-06-15 08:21 . 2009-03-12 09:46 102736 ----a-w- c:\users\robin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-10 07:42 . 2009-03-12 09:38 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 21:34 . 2009-03-12 14:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-06 06:46 . 2009-06-05 23:39 2851 ----a-w- c:\windows\checkip.dat
2009-06-05 23:19 . 2009-06-05 23:19 -------- d-----w- c:\users\robin\AppData\Roaming\Intel
2009-06-04 13:01 . 2009-06-04 13:01 390664 ----a-w- c:\users\robin\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-28 08:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 08:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 08:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 08:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 08:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 08:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 08:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 08:15 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 21:46 . 2009-05-21 21:46 552 ----a-w- c:\users\robin\AppData\Local\d3d8caps.dat
2009-05-09 05:50 . 2009-06-10 03:44 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 03:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-24 14:15 . 2009-05-04 12:07 713728 ----a-w- c:\users\robin\MicrosoftFixit50027.msi
2009-04-23 12:15 . 2009-06-10 03:44 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 03:44 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-10 03:43 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-07-18 08:50 . 2009-03-12 12:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 03:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-11 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-06-23 3151872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-12 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]
"NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-16 184320]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-11 2173440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\h:\0autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Startup Manager"="c:\users\robin\Temp\for Zip files\advance system optimizer\startUp manager.exe"
"Systweak Wallpaper Changer"=c:\users\robin\Temp\for Zip files\advance system optimizer\wallpaper.exe -minimize
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneCareUI"=c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"Windows Defender"=c:\program files\Windows Defender\MSASCui.exe -hide
"OODefragTray"=c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbsup::c2,b5,3d,8e,70,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4B1E96E9-76AD-47F4-8323-5F078B117186}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{388939DC-B1C8-44ED-9906-04A15E6766DC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E8D79F4-93D8-4159-9CCF-B0F621A56F5E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4D45ADCF-B518-480E-A4EF-109175F2CC28}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2B40D3AF-1081-4189-B118-271906C0C2AE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0F4617DB-37A9-41C2-9693-CCF1D256B72B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

P2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\Npf\Bin\npfsvc32.exe [13/3/2009 6:32 PM 597104]
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [12/3/2009 5:58 PM 42608]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys [11/1/2008 11:05 PM 28280]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [4/9/2007 10:30 AM 13336]
R1 ALE_NF;Norman Firewall ALE driver;c:\windows\System32\drivers\ale_nf.sys [13/3/2009 6:32 PM 42552]
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [13/3/2009 7:26 PM 22712]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [13/3/2009 6:41 PM 53816]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [12/3/2009 10:40 PM 142592]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [12/3/2009 5:58 PM 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/4/2008 3:19 PM 40960]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [13/3/2009 6:32 PM 20448]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [13/3/2009 6:32 PM 121912]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [13/3/2009 6:32 PM 126008]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [22/3/2009 10:59 AM 24936]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [4/12/2007 8:03 AM 126976]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [6/5/2008 1:32 AM 3658752]
R3 NPC;Norman Parental Control;c:\program files\Norman\Npc\Bin\npcsvc32.exe [13/3/2009 6:32 PM 416880]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [20/5/2009 6:22 PM 310328]
R3 NUAA;Norman User Activity Agent;c:\program files\Norman\Npc\Bin\nuaa.exe [13/3/2009 6:32 PM 121912]
R3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [13/3/2009 6:32 PM 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [13/3/2009 6:32 PM 195640]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/4/2008 10:13 AM 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [10/4/2007 8:13 AM 8192]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [13/5/2009 6:33 AM 130104]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [25/4/2008 9:35 AM 73728]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\bin\NVCSCHED.EXE" --> c:\program files\Norman\Npm\bin\NVCSCHED.EXE [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 12:03]

2009-07-18 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-03-14 04:02]

2009-07-20 c:\windows\Tasks\User_Feed_Synchronization-{003F618F-085C-463E-847D-291391293D6D}.job
- c:\windows\system32\msfeedssync.exe [2009-04-28 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Norman\npc\bin\nlf.dll
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\notepad.exe "%1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 12:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\robin\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,5b,32,d8,ad,5b,48,4a,a3,c5,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,5b,32,d8,ad,5b,48,4a,a3,c5,47,\

[HKEY_USERS\S-1-5-21-1416988350-2771125620-235056706-1000_Classes\CLSID\{5d79889f-ae84-47b2-aa87-d12a66cfcbd2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005b
"Therad"=dword:00000015

[HKEY_USERS\S-1-5-21-1416988350-2771125620-235056706-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1e,be,c8,b5,96,d5,1d,d4,21,21,d6,32,46,3a,8d,a4,92,f8,3c,20,b5,
d8,44,c4,1d,86,e9,67,53,71,37,4c,31,c8,ac,7e,53,66,c7,e3,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2316)
c:\program files\Norman\nvc\bin\Niphk.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
Completion time: 2009-07-20 12:09
ComboFix-quarantined-files.txt 2009-07-20 04:09

Pre-Run: 134,573,424,640 bytes free
Post-Run: 134,608,379,904 bytes free

259 --- E O F --- 2009-07-15 06:00


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:41 PM

Posted 20 July 2009 - 09:31 AM

Hello lost locks

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis Logs and Malware Removal forum and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. That's the decision by the creator and we will abide by that decision.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". When you have done that, post your combofix and DDS/HijackThis log in the HijackThis Logs and Malware Removal forum for assistance by the HJT Team Experts.

Alternatively you can start a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results but do not repost your combofix log. Then if needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users