Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • Please log in to reply
1 reply to this topic

#1 Sam7777

Sam7777

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 07 August 2009 - 12:36 AM

Once every other time, when I try to search on any search engine, I get redirected to some clickover.cn page. I have Symantec Anti Virus that is completely upto date (running it does not give anything). Ran Spyware Terminator (removed 2 threats), and Ran Malwarebytes' Anti-Malware (removed another 3-4).

Issue still happening.

At this point am completely stuck on what else could I try ... have attached the Attach.txt, DDS.txt and hijackthis.txt

DDS (Ver_09-07-30.01) - NTFSx86
Run by Sanjeet Singh at 0:25:42.46 on Fri 08/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.388 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Sanjeet Singh\Desktop\dds.scr
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://news.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [CARPService] carpserv.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [vptray] c:\progra~1\symant~1\symant~2\\vptray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\media server\MediaServer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: 2o7.net
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: overture.com
Trusted Zone: overture.com\secure
Trusted Zone: tdameritrade.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Chess - hxxp://download.games.yahoo.com/games/clients/y/ct2_x.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://download.sidestep.com/get/k00719/sb028.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231910838061
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} - hxxp://moneycentral.msn.com/cabs/pmupdate2.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - hxxp://moneycentral.msn.com/cabs/pmupdate.exe
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2004-2-9 301200]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-8-6 142592]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-2-29 291960]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 MP3_Driver;MP3_Driver;c:\windows\system32\drivers\windrvr.sys [2004-4-30 195060]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2004-7-20 1258712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090806.006\naveng.sys [2009-8-6 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090806.006\navex15.sys [2009-8-6 875728]
RUnknown qfvjljit;qfvjljit; [x]
S2 wdusb;Portable Digital Audio Player;c:\windows\system32\drivers\wdusb.sys [2004-5-1 4620]
S3 ADM8511;PA090 USB ETHERNET 10/100 ;c:\windows\system32\drivers\ADM8511.SYS [2002-1-16 24745]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-2-27 36608]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-30 33752]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2004-3-12 169192]

=============== Created Last 30 ================

2009-08-07 00:01 <DIR> --d----- c:\program files\Trend Micro
2009-08-06 22:46 0 a------- c:\documents and settings\sanjeet singh\settings.dat
2009-08-06 20:40 <DIR> --d----- c:\docume~1\sanjee~1\applic~1\Malwarebytes
2009-08-06 20:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 20:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-06 20:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 20:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-06 19:17 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-06 19:17 <DIR> --d----- c:\docume~1\sanjee~1\applic~1\Spyware Terminator
2009-08-06 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-08-06 19:17 <DIR> --d----- c:\program files\Spyware Terminator
2009-08-06 18:57 16,896 a--sh--- c:\windows\system32\Thumbs.db
2009-07-14 23:22 <DIR> --d----- c:\program files\Medieval Software
2009-07-14 23:04 <DIR> --d----- c:\program files\NCH Software

==================== Find3M ====================

2009-07-19 08:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 08:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 06:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 03:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 03:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 03:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2003-12-02 01:04 41,024 a------- c:\docume~1\sanjee~1\applic~1\GDIPFONTCACHEV1.DAT
2006-09-15 22:28 88 ---shr-- c:\windows\system32\A508277C6F.sys
2006-09-15 22:29 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-29 12:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 0:27:52.55 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/12/2003 6:22:28 PM
System Uptime: 8/6/2009 9:07:12 PM (3 hours ago)

Motherboard: Dell Computer Corporation | | 09U806
Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2392/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 1.832 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3BB02061324FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #7
PNP Device ID: V1394\NIC1394\3BB02061324FC000
Service: NIC1394

==== System Restore Points ===================

RP1343: 8/5/2009 7:09:12 PM - System Checkpoint
RP1344: 8/5/2009 7:09:12 PM - System Checkpoint
RP1345: 8/5/2009 7:09:13 PM - System Checkpoint
RP1346: 8/5/2009 7:09:13 PM - System Checkpoint
RP1347: 8/5/2009 7:09:14 PM - System Checkpoint
RP1348: 8/5/2009 7:09:14 PM - Software Distribution Service 3.0
RP1349: 8/5/2009 7:09:14 PM - System Checkpoint
RP1350: 8/5/2009 7:09:15 PM - System Checkpoint
RP1351: 8/5/2009 7:09:17 PM - System Checkpoint
RP1352: 8/5/2009 7:09:17 PM - System Checkpoint
RP1353: 8/5/2009 7:09:19 PM - System Checkpoint
RP1354: 8/5/2009 7:09:20 PM - System Checkpoint
RP1355: 8/5/2009 7:09:20 PM - System Checkpoint
RP1356: 8/5/2009 7:09:21 PM - System Checkpoint
RP1357: 8/5/2009 7:09:21 PM - System Checkpoint
RP1358: 8/5/2009 7:09:21 PM - System Checkpoint
RP1359: 8/5/2009 7:09:22 PM - System Checkpoint
RP1360: 8/5/2009 7:09:22 PM - Software Distribution Service 3.0
RP1361: 8/5/2009 7:09:23 PM - System Checkpoint
RP1362: 8/5/2009 7:09:23 PM - System Checkpoint
RP1363: 8/5/2009 7:09:24 PM - System Checkpoint
RP1364: 8/5/2009 7:09:24 PM - System Checkpoint
RP1365: 8/5/2009 7:09:25 PM - System Checkpoint
RP1366: 8/5/2009 7:09:25 PM - System Checkpoint
RP1367: 8/5/2009 7:09:25 PM - System Checkpoint
RP1368: 8/5/2009 7:09:25 PM - System Checkpoint
RP1369: 8/5/2009 7:09:26 PM - System Checkpoint
RP1370: 8/5/2009 7:09:26 PM - System Checkpoint
RP1371: 8/5/2009 7:09:26 PM - Installed McAfee Virtual Technician
RP1372: 8/5/2009 7:09:27 PM - Installed McAfee Virtual Technician
RP1373: 8/5/2009 7:09:27 PM - System Checkpoint
RP1374: 8/5/2009 7:09:27 PM - System Checkpoint
RP1375: 8/5/2009 7:09:28 PM - Installed Citrix XenApp Web Plugin
RP1376: 8/5/2009 7:09:28 PM - System Checkpoint
RP1377: 8/5/2009 7:09:28 PM - System Checkpoint
RP1378: 8/5/2009 7:09:28 PM - System Checkpoint
RP1379: 8/5/2009 7:09:29 PM - System Checkpoint
RP1380: 8/5/2009 7:09:29 PM - Software Distribution Service 3.0
RP1381: 8/5/2009 7:09:29 PM - Installed Medieval CUE Splitter
RP1382: 8/5/2009 7:09:30 PM - System Checkpoint
RP1383: 8/5/2009 7:09:30 PM - System Checkpoint
RP1384: 8/5/2009 7:09:30 PM - System Checkpoint
RP1385: 8/5/2009 7:09:30 PM - System Checkpoint
RP1386: 8/5/2009 7:09:30 PM - System Checkpoint
RP1387: 8/5/2009 7:09:31 PM - System Checkpoint
RP1388: 8/5/2009 7:09:31 PM - Software Distribution Service 3.0
RP1389: 8/5/2009 7:09:32 PM - System Checkpoint
RP1390: 8/5/2009 7:09:32 PM - System Checkpoint
RP1391: 8/5/2009 7:09:32 PM - System Checkpoint
RP1392: 8/5/2009 7:09:32 PM - Software Distribution Service 3.0
RP1393: 8/5/2009 7:09:32 PM - System Checkpoint
RP1394: 8/5/2009 7:09:33 PM - System Checkpoint
RP1395: 8/5/2009 7:09:33 PM - Software Distribution Service 3.0
RP1396: 8/5/2009 7:09:33 PM - System Checkpoint
RP1397: 8/5/2009 7:09:34 PM - System Checkpoint
RP1398: 8/5/2009 7:09:34 PM - System Checkpoint
RP1399: 8/5/2009 7:09:34 PM - System Checkpoint
RP1400: 8/6/2009 7:32:14 PM - Spyware Terminator - restore point
RP1401: 8/6/2009 7:33:01 PM - Spyware Terminator - restore point
RP1402: 8/6/2009 8:12:28 PM - Spyware Terminator - restore point
RP1403: 8/6/2009 8:13:12 PM - Spyware Terminator - restore point

==== Installed Programs ======================

µTorrent
AccessDirect
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
AiO_Scan_CDA
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
BACS
Bonjour
Broadcom Advanced Control Suite
BufferChm
Business Contact Manager for Outlook 2003
CCleaner (remove only)
Citrix XenApp Web Plugin
Conexant D480 MDC V.92 Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Dell Home Systems Services Agreement
Dell Networking Guide
Dell Picture Studio - Dell Image Expert
Dell Wireless WLAN Card
Destinations
DeviceManagementQFolder
Digital Line Detect
DocProc
DVDSentry
Easy CD Creator 5 Basic
eSupportQFolder
F300
F300_Help
F300Trb
Fax_CDA
FaxTools
getPlus® for Adobe
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Print Diagnostic Utility
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HPProductAssistant
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Virtual Technician
Medieval CUE Splitter
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NETGEAR Media Server Installer
NewCopy_CDA
Paint Shop Pro 7 Evaluation
PC Connectivity Solution
Picasa 2
ProductContextNPI
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2005
QuickTime
Readme
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SamsungConnectivityCableDriver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SolutionCenter
SoundCapture
Spelling Dictionaries Support For Adobe Reader 9
SPSS 11.0 for Windows Student Version
Spyware Terminator
Status
Symantec Client Security
Synaptics Pointing Device Driver
Toolbox
TrayApp
TurboTax Deluxe 2003
TurboTax Premier 2004
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
WebReg
Winamp (remove only)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Service Pack 3
Xvid 1.1.3 final uninstall
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/6/2009 7:04:26 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
8/6/2009 6:56:32 PM, error: Service Control Manager [7031] - The Integrated Multimedia Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/6/2009 1:05:53 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00904BB37E9F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/5/2009 8:07:15 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
8/5/2009 8:07:15 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL. Reference error message: The operation completed successfully. .
8/5/2009 8:07:15 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
8/5/2009 8:07:04 PM, error: Service Control Manager [7000] - The Portable Digital Audio Player service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/5/2009 8:07:04 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/5/2009 8:05:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss SAVRT StarOpen SYMTDI Tcpip
8/5/2009 8:05:23 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2009 8:05:23 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2009 8:05:23 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2009 8:05:23 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2009 8:05:23 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2009 8:05:23 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/5/2009 8:04:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/3/2009 8:39:57 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\Citrix\ICACLI~1\MFC80.DLL. Reference error message: The operation completed successfully. .
8/3/2009 8:39:57 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\PROGRA~1\Citrix\ICACLI~1\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.
8/3/2009 8:39:57 PM, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested
8/3/2009 8:39:56 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL. Reference error message: The operation completed successfully. .
8/3/2009 8:39:56 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.
8/3/2009 11:25:22 PM, error: Service Control Manager [7031] - The Symantec Network Proxy service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/1/2009 1:24:46 AM, error: Service Control Manager [7031] - The Symantec Network Proxy service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/31/2009 6:08:22 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Network Proxy service, but this action failed with the following error: An instance of the service is already running.

==== End Of File ===========================



Thanks!

Attached Files


Edited by SifuMike, 12 August 2009 - 07:03 PM.
insert logs for ease of reading


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:43 PM

Posted 12 August 2009 - 06:56 PM

Hello Sam7777,


Is this a business, corporate or work computer? :thumbup2:

Edited by SifuMike, 12 August 2009 - 07:05 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users