Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Software Hive Corrupt or Missing

Started by RSBruce , Dec 06 2010 02:03 PM

  • This topic is locked This topic is locked
68 replies to this topic

#1 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 06 December 2010 - 02:03 PM

I am assisting a charity whose computer is blue screening with the corrupt or missing software hive message. I can do a system restore back to October 8 and get it to desktop, ran malwarebytes, found 4 (log will be posted based on your recommendation). Removed these, ran Registry mechanic and found 77 errors (corrected). Took a checkpoint. Still blue screen. Ran diagnostics, all hardware checks out, I even reset the memory and harddisk connections. Tried the Microsoft "repair" of the hive files, to no avail. In safe mode, ran malwarebytes again and it found "pum.disabled.cryptsvc" which it didn't find the first time around. deleted. Still blue screen for normal restart. Reran Registry Mechanic, found 78 errors that were repaired, still blue screen. Subsequent runs of Registry Mechanic and Malwarebyes (safe mode) come up clean but still no normal boot. This is on a Dell Dimension 3000 XP Home, SP3 machine. The harddrive has compression checked. I have an external drive I can swap between this computer and the affected one, but afraid to do so to install "Hijack" to get you the logs etc. Note - the affected computer is not connected to the network at this time until I feel it safe to do so. Advice on how to proceed safely? Bruce

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 December 2010 - 03:33 PM

Posted Image


DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:


XP Users

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.




Please do not delete anything unless instructed to.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Note:
If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.



Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.
Be sure to download any updates.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 06 December 2010 - 03:47 PM

Currently the affected computer is in "Safe" mode. Do I perform these functions in "Safe" mode? Or should I restore to the October 8 "normal" mode and perform these functions? Is it safe to connect this computer to my network? Is it safe to use the external drive to connect between the affected computer on those on my network should the affected need to remain isolated? dumb questions, just afraid to propagate this to my other computers.

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 December 2010 - 03:53 PM

I would try Safe Mode with networking to see if that gives you internet access and go from there. Combofix will run in Safe Mode.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 06 December 2010 - 08:18 PM

Well, I may have messed up, thought recovery console was installed, alas it was not :(

I was not able to get internet via safe mode networking :(

Used the external drive swapping it between computers to install and get the final logs.

It took quite a few tries, should I restore the system and get you fresh logs?

Behavior:

Still unable to boot normal to desktop.

After running this process, a lot of links on the desktop to word documents are hosed.

Here is the latestest log:

ComboFix 10-12-04.06 - Diane Boone 12/06/2010 17:11:52.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.371 [GMT -8:00]
Running from: c:\combo\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-07 00:25 . 2010-12-07 00:26 -------- dc----w- C:\Combo
2010-12-06 20:32 . 2010-12-06 20:33 -------- dc----w- C:\hijack
2010-12-06 17:34 . 2010-12-06 19:19 90112 ----a-w- c:\windows\DUMP5b00.tmp
2010-12-06 17:04 . 2010-12-06 17:04 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-09 22:06 . 2010-12-01 23:02 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-09 19:58 . 2010-11-09 19:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-09 19:49 . 2010-12-06 04:17 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-09 19:16 . 2010-11-09 19:48 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-09 18:18 . 2010-12-06 04:17 -------- dcs---w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 01:06 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP510e.tmp
2010-12-01 00:49 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP5841.tmp
2010-11-30 22:15 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP4fb6.tmp
2010-11-30 22:11 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP5071.tmp
2010-11-30 22:10 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP512d.tmp
2010-11-30 19:21 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP4093.tmp
2010-11-30 19:20 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP4110.tmp
2010-11-30 19:18 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP40e1.tmp
2010-11-30 01:42 . 2010-02-02 00:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 01:42 . 2010-02-02 00:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 18:15 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP5ac2.tmp
2010-11-09 04:53 . 2005-08-30 13:52 90112 ----a-w- c:\windows\DUMP58ce.tmp
2010-09-08 15:57 . 2004-08-10 17:51 389120 ----a-w- c:\windows\system32\html.iec
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}"= "c:\program files\Free_Radio_TV\tbFre0.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
2010-09-16 04:05 2735200 ----a-w- c:\program files\Free_Radio_TV\tbFre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}"= "c:\program files\Free_Radio_TV\tbFre0.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9DBB9AEB-5A16-4989-A66F-C0F1C909D647}"= "c:\program files\Free_Radio_TV\tbFre0.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-30 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-14 54472]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
? ???????Ÿ [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
? ???????Ÿ [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2008-11-26 17:18 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-03-09 19:47 71328 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 13:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 17:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 17:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 17:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 17:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-15 01:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-15 01:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-11-30 01:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 18:06 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-08-30 14:10 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-17 17:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
2003-09-06 16:36 70840 ----a-w- c:\program files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"Spooler"=2 (0x2)
"SNDSrvc"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=2 (0x2)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"NetSvc"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"navapsvc"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/29/2008 7:19 PM 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/29/2008 7:19 PM 20560]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/1/2010 4:52 PM 363344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/1/2010 4:52 PM 20952]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/23/2008 6:44 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-05 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Diane Boone.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.EXE [2003-08-17 02:22]

2010-12-05 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-17 02:22]

2010-11-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2010-01-31 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(368)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-12-06 17:25:55
ComboFix-quarantined-files.txt 2010-12-07 01:25
ComboFix2.txt 2010-12-07 00:41
ComboFix3.txt 2010-12-06 22:59

Pre-Run: 88,571,224,064 bytes free
Post-Run: 88,567,840,768 bytes free

- - End Of File - - 9F7B34313E4F63817FA972C3EE51289C

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 December 2010 - 06:48 AM

I see signs of 4 anti-virus programs. AV: avast! antivirus 4.8.1296 AV: Norton AntiVirus FW: Norton Internet Security c:\documents and settings\All Users\Application Data\AVG10 Go to Add/Remove programs and uninstall all 4 for now. See if it will boot normal now.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 07 December 2010 - 07:55 AM

Used Avast uninstall utility downloaded called aswclear5.exe to uninstall Avast Manually deleted the Avast folder in documents area Unable to uninstall Norton via add/remove programs. Says I must be in normal mode not safe mode. Shall I manually delete the Norton ? If so, program files area? Thank you.

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 December 2010 - 08:25 AM

restore to the October 8 "normal" mode and perform these functions?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 07 December 2010 - 08:35 AM

System Restore says there are currently no restore points available :(

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 December 2010 - 08:38 AM

Will it boot in normal mode? If so, do so and uninstall Norton

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#11 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 07 December 2010 - 08:48 AM

It will not boot to normal mode, get the blue screen: STOP: c0000218 {Registry File Failure} The registry cannot load the hive (file): or its log or alternate. It is corrupt, absent, or not writable. I can only boot to safe mode.

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 December 2010 - 09:39 AM

You'll have to do this in Safe Mode then.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

File::
c:\windows\DUMP5b00.tmp
c:\windows\DUMP510e.tmp
c:\windows\DUMP5841.tmp
c:\windows\DUMP4fb6.tmp
c:\windows\DUMP5071.tmp
c:\windows\DUMP512d.tmp
c:\windows\DUMP4093.tmp
c:\windows\DUMP4110.tmp
c:\windows\DUMP40e1.tmp
c:\windows\DUMP5ac2.tmp
c:\windows\DUMP58ce.tmp
c:\progra~1\SYMNET~1\SNDWarn.exe


Folder::
c:\documents and settings\All Users\Application Data\AVG10
c:\progra~1\SYMNET~1
c:\program files\Symantec\LiveUpdate
c:\program files\Common Files\Symantec Shared
c:\program files\Norton Internet Security
c:\Program Files\Logitech\Desktop Messenger
c:\program files\Viewpoint
c:\progra~1\NORTON~1
c:\windows\system32\drivers\aswSP.sys

Driver::
aswSP
aswFsBlk

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#13 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 07 December 2010 - 10:55 AM

ComboFix 10-12-04.06 - Diane Boone 12/07/2010 7:55.4.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.355 [GMT -8:00] Running from: c:\combo\ComboFix.exe Command switches used :: c:\combo\CFScript.txt AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C} FW: Norton Internet Security *disabled* {825036E0-9F94-4752-8789-8B92454AF49B} FILE :: "c:\progra~1\SYMNET~1\SNDWarn.exe" "c:\windows\DUMP4093.tmp" "c:\windows\DUMP40e1.tmp" "c:\windows\DUMP4110.tmp" "c:\windows\DUMP4fb6.tmp" "c:\windows\DUMP5071.tmp" "c:\windows\DUMP510e.tmp" "c:\windows\DUMP512d.tmp" "c:\windows\DUMP5841.tmp" "c:\windows\DUMP58ce.tmp" "c:\windows\DUMP5ac2.tmp" "c:\windows\DUMP5b00.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\progra~1\NORTON~1 c:\progra~1\NORTON~1\ACDisp.dll c:\progra~1\NORTON~1\actlang.DLL c:\progra~1\NORTON~1\AlertAst.exe c:\progra~1\NORTON~1\AlertAst.tlb c:\progra~1\NORTON~1\ALEScan.exe c:\progra~1\NORTON~1\Branding.ini c:\progra~1\NORTON~1\ccALE.dll c:\progra~1\NORTON~1\ccFWRuls.dll c:\progra~1\NORTON~1\ccFWSetg.dll c:\progra~1\NORTON~1\ccRuleIO.dll c:\progra~1\NORTON~1\cfgwiz.dat c:\progra~1\NORTON~1\CfgWzRes.dll c:\progra~1\NORTON~1\comms.txt c:\progra~1\NORTON~1\FREInteg.dll c:\progra~1\NORTON~1\FREPCtrl.dll c:\progra~1\NORTON~1\FREPrvcy.dll c:\progra~1\NORTON~1\FRERules.dll c:\progra~1\NORTON~1\FRESettg.dll c:\progra~1\NORTON~1\fwUI.dll c:\progra~1\NORTON~1\GNULicns.txt c:\progra~1\NORTON~1\HNetCore.dll c:\progra~1\NORTON~1\HNetWiz.exe c:\progra~1\NORTON~1\iamstats.exe c:\progra~1\NORTON~1\ISLAlert.dll c:\progra~1\NORTON~1\ISSTE.dll c:\progra~1\NORTON~1\LocWiz.dll c:\progra~1\NORTON~1\LogExprt.exe c:\progra~1\NORTON~1\LogExprt.txt c:\progra~1\NORTON~1\NISABOUT.DLL c:\progra~1\NORTON~1\NISAlert.dll c:\progra~1\NORTON~1\NisCfgWz.dll c:\progra~1\NORTON~1\niscmnht.dll c:\progra~1\NORTON~1\nisdef.dat c:\progra~1\NORTON~1\NisEmail.dll c:\progra~1\NORTON~1\NisEmSvr.exe c:\progra~1\NORTON~1\nislcom.dll c:\progra~1\NORTON~1\NISLUCBK.DLL c:\progra~1\NORTON~1\NisLVPlg.dll c:\progra~1\NORTON~1\nisopts.dll c:\progra~1\NORTON~1\NISPLUG.DLL c:\progra~1\NORTON~1\NISPLUG.NSI c:\progra~1\NORTON~1\NISProd.dll c:\progra~1\NORTON~1\nisres.dll c:\progra~1\NORTON~1\nissess.tpl c:\progra~1\NORTON~1\nissess.txt c:\progra~1\NORTON~1\NISVER.dat c:\progra~1\NORTON~1\Norton AntiVirus\ABOUTPLG.DLL c:\progra~1\NORTON~1\Norton AntiVirus\APWCMDNT.DLL c:\progra~1\NORTON~1\Norton AntiVirus\APWUTIL.DLL c:\progra~1\NORTON~1\Norton AntiVirus\AVApp.log c:\progra~1\NORTON~1\Norton AntiVirus\AVError.log c:\progra~1\NORTON~1\Norton AntiVirus\AVVirus.log c:\progra~1\NORTON~1\Norton AntiVirus\BOOTWARN.EXE c:\progra~1\NORTON~1\Norton AntiVirus\Branding.ini c:\progra~1\NORTON~1\Norton AntiVirus\CCIMSCAN.DLL c:\progra~1\NORTON~1\Norton AntiVirus\CCIMSCAN.EXE c:\progra~1\NORTON~1\Norton AntiVirus\CfgWiz.dat c:\progra~1\NORTON~1\Norton AntiVirus\CfgWzRes.dll c:\progra~1\NORTON~1\Norton AntiVirus\COUNTRY.DAT c:\progra~1\NORTON~1\Norton AntiVirus\DEFALERT.DLL c:\progra~1\NORTON~1\Norton AntiVirus\defloc.dat c:\progra~1\NORTON~1\Norton AntiVirus\DefUtDCS.dll c:\progra~1\NORTON~1\Norton AntiVirus\end_user.txt c:\progra~1\NORTON~1\Norton AntiVirus\exclude.dat c:\progra~1\NORTON~1\Norton AntiVirus\exclude.def c:\progra~1\NORTON~1\Norton AntiVirus\EXCLUDEL.DAT c:\progra~1\NORTON~1\Norton AntiVirus\excludel.def c:\progra~1\NORTON~1\Norton AntiVirus\N32CALL.DLL c:\progra~1\NORTON~1\Norton AntiVirus\N32EXCLU.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVAP32.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVAPSCR.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVAPSVC.EXE c:\progra~1\NORTON~1\Norton AntiVirus\NAVAPW32.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVAPW32.exe c:\progra~1\NORTON~1\Norton AntiVirus\NAVCfgWz.dll c:\progra~1\NORTON~1\Norton AntiVirus\NAVCOMUI.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVEMAIL.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVERROR.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVEVENT.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVINOC.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVLCOM.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVLNCH.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVLOGV.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVLUCBK.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVNTUTL.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NavOptRF.dll c:\progra~1\NORTON~1\Norton AntiVirus\NAVOPTS.BAK c:\progra~1\NORTON~1\Norton AntiVirus\navopts.dat c:\progra~1\NORTON~1\Norton AntiVirus\navopts.def c:\progra~1\NORTON~1\Norton AntiVirus\NAVOPTS.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVPROD.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVResc.dll c:\progra~1\NORTON~1\Norton AntiVirus\navsess.tpl c:\progra~1\NORTON~1\Norton AntiVirus\navsess.txt c:\progra~1\NORTON~1\Norton AntiVirus\NAVSHEXT.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVSTATS.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVSTUB.EXE c:\progra~1\NORTON~1\Norton AntiVirus\NAVTASKS.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVTSKWZ.DLL c:\progra~1\NORTON~1\Norton AntiVirus\NAVUI.DLL c:\progra~1\NORTON~1\Norton AntiVirus\navui.nsi c:\progra~1\NORTON~1\Norton AntiVirus\NAVUIRES.dll c:\progra~1\NORTON~1\Norton AntiVirus\NAVW32.EXE c:\progra~1\NORTON~1\Norton AntiVirus\NAVWNT.EXE c:\progra~1\NORTON~1\Norton AntiVirus\NETBREXT.DLL c:\progra~1\NORTON~1\Norton AntiVirus\OEHEUR.DLL c:\progra~1\NORTON~1\Norton AntiVirus\OFFICEAV.DLL c:\progra~1\NORTON~1\Norton AntiVirus\OPSCAN.EXE c:\progra~1\NORTON~1\Norton AntiVirus\patch25.dll c:\progra~1\NORTON~1\Norton AntiVirus\PATCH32I.DLL c:\progra~1\NORTON~1\Norton AntiVirus\QCONRES.DLL c:\progra~1\NORTON~1\Norton AntiVirus\QCONSOLE.EXE c:\progra~1\NORTON~1\Norton AntiVirus\QSPAK32.DLL c:\progra~1\NORTON~1\Norton AntiVirus\QUAR32.DLL c:\progra~1\NORTON~1\Norton AntiVirus\QuarOpts.dat c:\progra~1\NORTON~1\Norton AntiVirus\README.TXT c:\progra~1\NORTON~1\Norton AntiVirus\S32INTEG.DLL c:\progra~1\NORTON~1\Norton AntiVirus\S32NAVO.DLL c:\progra~1\NORTON~1\Norton AntiVirus\savrt.cat c:\progra~1\NORTON~1\Norton AntiVirus\savrt.dat c:\progra~1\NORTON~1\Norton AntiVirus\savrt.def c:\progra~1\NORTON~1\Norton AntiVirus\savrt.inf c:\progra~1\NORTON~1\Norton AntiVirus\savrt.sys c:\progra~1\NORTON~1\Norton AntiVirus\SAVRT32.DLL c:\progra~1\NORTON~1\Norton AntiVirus\savrtpel.cat c:\progra~1\NORTON~1\Norton AntiVirus\savrtpel.inf c:\progra~1\NORTON~1\Norton AntiVirus\savrtpel.sys c:\progra~1\NORTON~1\Norton AntiVirus\SAVSCAN.EXE c:\progra~1\NORTON~1\Norton AntiVirus\scancfg.dat c:\progra~1\NORTON~1\Norton AntiVirus\SCANDLVR.DLL c:\progra~1\NORTON~1\Norton AntiVirus\SCANDRES.DLL c:\progra~1\NORTON~1\Norton AntiVirus\ScanMgr.dll c:\progra~1\NORTON~1\Norton AntiVirus\SCRIPTUI.DLL c:\progra~1\NORTON~1\Norton AntiVirus\SDPCK32I.DLL c:\progra~1\NORTON~1\Norton AntiVirus\SDSND32I.DLL c:\progra~1\NORTON~1\Norton AntiVirus\SDSOK32I.DLL c:\progra~1\NORTON~1\Norton AntiVirus\SDSTP32I.DLL c:\progra~1\NORTON~1\Norton AntiVirus\SRTLEXCL.DAT c:\progra~1\NORTON~1\Norton AntiVirus\srtlexcl.def c:\progra~1\NORTON~1\Norton AntiVirus\srtsexcl.dat c:\progra~1\NORTON~1\Norton AntiVirus\srtsexcl.def c:\progra~1\NORTON~1\Norton AntiVirus\SYMNAVO.DLL c:\progra~1\NORTON~1\Norton AntiVirus\THREXCL.DAT c:\progra~1\NORTON~1\Norton AntiVirus\threxcl.def c:\progra~1\NORTON~1\Norton AntiVirus\THRLEXCL.DAT c:\progra~1\NORTON~1\Norton AntiVirus\thrlexcl.def c:\progra~1\NORTON~1\Norton AntiVirus\VERSION.DAT c:\progra~1\NORTON~1\pcwiz.dll c:\progra~1\NORTON~1\PCWiz.exe c:\progra~1\NORTON~1\PProfile.dll c:\progra~1\NORTON~1\readme.txt c:\progra~1\NORTON~1\RLevel.dll c:\progra~1\NORTON~1\rlsnotes.txt c:\progra~1\NORTON~1\SNLog.dll c:\progra~1\NORTON~1\SymFwAgt.DLL c:\progra~1\NORTON~1\SYMURL.DLL c:\progra~1\NORTON~1\techinfo.txt c:\progra~1\NORTON~1\TLData.dat c:\progra~1\NORTON~1\tldata2.dat c:\progra~1\NORTON~1\TLevel.dll c:\progra~1\NORTON~1\UrlLstCk.exe c:\progra~1\NORTON~1\Urlupdat.exe c:\progra~1\NORTON~1\WrapUM.dll c:\progra~1\SYMNET~1 c:\progra~1\SYMNET~1\SNDWarn.exe c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\ActRes.DLL c:\program files\Common Files\Symantec Shared\AdBlocking\adDef.dat c:\program files\Common Files\Symantec Shared\AdBlocking\AdTrash.exe c:\program files\Common Files\Symantec Shared\AdBlocking\FREAdblk.dll c:\program files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll c:\program files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe c:\program files\Common Files\Symantec Shared\AdBlocking\PxyLog.dll c:\program files\Common Files\Symantec Shared\AdBlocking\symad.dll c:\program files\Common Files\Symantec Shared\AdBlocking\SymWbOpt.dll c:\program files\Common Files\Symantec Shared\Antispam\asEngBay.dll c:\program files\Common Files\Symantec Shared\Antispam\ASEngBWL.dll c:\program files\Common Files\Symantec Shared\Antispam\asEngUR.dll c:\program files\Common Files\Symantec Shared\Antispam\asFilter.dll c:\program files\Common Files\Symantec Shared\Antispam\asLoader.dll c:\program files\Common Files\Symantec Shared\Antispam\asLogHlp.dll c:\program files\Common Files\Symantec Shared\Antispam\asLUCbk.dll c:\program files\Common Files\Symantec Shared\Antispam\asOEHook.dll c:\program files\Common Files\Symantec Shared\Antispam\asOELnch.exe c:\program files\Common Files\Symantec Shared\Antispam\asSpmEvt.dll c:\program files\Common Files\Symantec Shared\Antispam\asSpmLog.dll c:\program files\Common Files\Symantec Shared\Antispam\asUniPlg.dll c:\program files\Common Files\Symantec Shared\Antispam\EudoHelp.exe c:\program files\Common Files\Symantec Shared\Antispam\EudoPlug.dll c:\program files\Common Files\Symantec Shared\Antispam\FRESpam.dll c:\program files\Common Files\Symantec Shared\Antispam\Log\Spam.log c:\program files\Common Files\Symantec Shared\Antispam\MsouPlug.dll c:\program files\Common Files\Symantec Shared\Antispam\RuleWiz.exe c:\program files\Common Files\Symantec Shared\Antispam\SpamDefs\ENGLISH.MBK c:\program files\Common Files\Symantec Shared\Antispam\symspam.dll c:\program files\Common Files\Symantec Shared\CCALERT.DLL c:\program files\Common Files\Symantec Shared\CCAPP.EXE c:\program files\Common Files\Symantec Shared\CCDEC.DLL c:\program files\Common Files\Symantec Shared\CCEMLPXY.DLL c:\program files\Common Files\Symantec Shared\CCERRDSP.DLL c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE c:\program files\Common Files\Symantec Shared\CCLGVIEW.EXE c:\program files\Common Files\Symantec Shared\CCLOGIN.DLL c:\program files\Common Files\Symantec Shared\CCPD-LC\symlceng.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll c:\program files\Common Files\Symantec Shared\CCPROD.DLL c:\program files\Common Files\Symantec Shared\CCPROSUB.DLL c:\program files\Common Files\Symantec Shared\CCPROXY.EXE c:\program files\Common Files\Symantec Shared\CCPWD.DLL c:\program files\Common Files\Symantec Shared\CCPWDSVC.EXE c:\program files\Common Files\Symantec Shared\CCPXYEVT.DLL c:\program files\Common Files\Symantec Shared\CCSCAN.DLL c:\program files\Common Files\Symantec Shared\CCSET.DLL c:\program files\Common Files\Symantec Shared\CCSETEVT.DLL c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE c:\program files\Common Files\Symantec Shared\CCVRTRST.DLL c:\program files\Common Files\Symantec Shared\CCWEBWND.DLL c:\program files\Common Files\Symantec Shared\CfgWiz.exe c:\program files\Common Files\Symantec Shared\CfgWiz.tlb c:\program files\Common Files\Symantec Shared\Decomposers\DEC2.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2AMG.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2ARJ.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2CAB.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2EXE.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2GZIP.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2ID.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2LHA.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2LZ.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2MIME.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2RAR.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2RTF.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2SS.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2TAR.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2TEXT.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2TNEF.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DEC2ZIP.DLL c:\program files\Common Files\Symantec Shared\Decomposers\DECSDK.DLL c:\program files\Common Files\Symantec Shared\DJSAlert.dll c:\program files\Common Files\Symantec Shared\DPHTML.DLL c:\program files\Common Files\Symantec Shared\DPHTTP.DLL c:\program files\Common Files\Symantec Shared\DPJS.DLL c:\program files\Common Files\Symantec Shared\DPVBS.DLL c:\program files\Common Files\Symantec Shared\drWebWnd.dll c:\program files\Common Files\Symantec Shared\ECMLDR32.DLL c:\program files\Common Files\Symantec Shared\Firewall.BAK c:\program files\Common Files\Symantec Shared\Firewall.rul c:\program files\Common Files\Symantec Shared\Help\AB_FAQ.chm c:\program files\Common Files\Symantec Shared\Help\ad_block.chm c:\program files\Common Files\Symantec Shared\Help\ad_task.chm c:\program files\Common Files\Symantec Shared\Help\basics.chm c:\program files\Common Files\Symantec Shared\Help\basics.dll c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM c:\program files\Common Files\Symantec Shared\Help\CPDDRM00.chm c:\program files\Common Files\Symantec Shared\Help\CPDDRM00.chw c:\program files\Common Files\Symantec Shared\Help\CPDDRM01.chm c:\program files\Common Files\Symantec Shared\Help\CPDDRM01.chw c:\program files\Common Files\Symantec Shared\Help\disable.chm c:\program files\Common Files\Symantec Shared\Help\disable.dll c:\program files\Common Files\Symantec Shared\Help\edisk.chm c:\program files\Common Files\Symantec Shared\Help\edisk.dll c:\program files\Common Files\Symantec Shared\Help\emerg.chm c:\program files\Common Files\Symantec Shared\Help\emerg.dll c:\program files\Common Files\Symantec Shared\Help\FAQ.chm c:\program files\Common Files\Symantec Shared\Help\faq.dll c:\program files\Common Files\Symantec Shared\Help\feat_sum.chm c:\program files\Common Files\Symantec Shared\Help\feat_sum.dll c:\program files\Common Files\Symantec Shared\Help\firewall.chm c:\program files\Common Files\Symantec Shared\Help\getstart.chm c:\program files\Common Files\Symantec Shared\Help\getstart.dll c:\program files\Common Files\Symantec Shared\Help\I_AutoLU.chm c:\program files\Common Files\Symantec Shared\Help\IDS.chm c:\program files\Common Files\Symantec Shared\Help\location.chm c:\program files\Common Files\Symantec Shared\Help\LU_PC.chm c:\program files\Common Files\Symantec Shared\Help\LU_PC.dll c:\program files\Common Files\Symantec Shared\Help\LU_sub.chm c:\program files\Common Files\Symantec Shared\Help\LU_Sub.dll c:\program files\Common Files\Symantec Shared\Help\monitor.chm c:\program files\Common Files\Symantec Shared\Help\monitor.dll c:\program files\Common Files\Symantec Shared\Help\NAS_acc.chm c:\program files\Common Files\Symantec Shared\Help\NAS_dis.chm c:\program files\Common Files\Symantec Shared\Help\NAS_FAQ.chm c:\program files\Common Files\Symantec Shared\Help\NAS_task.chm c:\program files\Common Files\Symantec Shared\Help\NAV_acc.chm c:\program files\Common Files\Symantec Shared\Help\NAV_C_SB.chm c:\program files\Common Files\Symantec Shared\Help\NAV_dis.chm c:\program files\Common Files\Symantec Shared\Help\NAV_emrg.chm c:\program files\Common Files\Symantec Shared\Help\NAV_emSS.chm c:\program files\Common Files\Symantec Shared\Help\NAV_FAQ.chm c:\program files\Common Files\Symantec Shared\Help\NAV_feat.chm c:\program files\Common Files\Symantec Shared\Help\NAV_mon.chm c:\program files\Common Files\Symantec Shared\Help\NAV_opts.chm c:\program files\Common Files\Symantec Shared\Help\NAV_pvnt.chm c:\program files\Common Files\Symantec Shared\Help\NAV_task.chm c:\program files\Common Files\Symantec Shared\Help\NAV_unin.chm c:\program files\Common Files\Symantec Shared\Help\NIS_acc.chm c:\program files\Common Files\Symantec Shared\Help\NIS_acct.chm c:\program files\Common Files\Symantec Shared\Help\NIS_dis.chm c:\program files\Common Files\Symantec Shared\Help\NIS_FAQ.chm c:\program files\Common Files\Symantec Shared\Help\NIS_feat.chm c:\program files\Common Files\Symantec Shared\Help\NIS_mon.chm c:\program files\Common Files\Symantec Shared\Help\NIS_opts.chm c:\program files\Common Files\Symantec Shared\Help\NIS_task.chm c:\program files\Common Files\Symantec Shared\Help\NIS_unin.chm c:\program files\Common Files\Symantec Shared\Help\options.chm c:\program files\Common Files\Symantec Shared\Help\options.dll c:\program files\Common Files\Symantec Shared\Help\pc.chm c:\program files\Common Files\Symantec Shared\Help\privctrl.chm c:\program files\Common Files\Symantec Shared\Help\protect.chm c:\program files\Common Files\Symantec Shared\Help\Res_faq.chm c:\program files\Common Files\Symantec Shared\Help\rescue.chm c:\program files\Common Files\Symantec Shared\Help\sp_block.chm c:\program files\Common Files\Symantec Shared\Help\Supt_CPD.chm c:\program files\Common Files\Symantec Shared\Help\Supt_CPD.dll c:\program files\Common Files\Symantec Shared\Help\SymHelp.chm c:\program files\Common Files\Symantec Shared\Help\symhelp.dll c:\program files\Common Files\Symantec Shared\Help\unin.chm c:\program files\Common Files\Symantec Shared\Help\unin.dll c:\program files\Common Files\Symantec Shared\Help\V_AutoLU.chm c:\program files\Common Files\Symantec Shared\Help\v_found.chm c:\program files\Common Files\Symantec Shared\IDSDefs\IDSCoLU.exe c:\program files\Common Files\Symantec Shared\IDSDefs\IDSLU.exe c:\program files\Common Files\Symantec Shared\IraLsClt.dll c:\program files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe c:\program files\Common Files\Symantec Shared\LiveReg\Defaults.liveReg c:\program files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll c:\program files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe c:\program files\Common Files\Symantec Shared\LiveReg\iraLSCl2.dll c:\program files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll c:\program files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll c:\program files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll c:\program files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll c:\program files\Common Files\Symantec Shared\LiveReg\LRRes.dll c:\program files\Common Files\Symantec Shared\LiveReg\LrResEN.dll c:\program files\Common Files\Symantec Shared\LiveReg\LRWebWnd.dll c:\program files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll c:\program files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll c:\program files\Common Files\Symantec Shared\LiveReg\symcsub.exe c:\program files\Common Files\Symantec Shared\LiveReg\VcCleanUp.exe c:\program files\Common Files\Symantec Shared\LiveReg\VcResEN.dll c:\program files\Common Files\Symantec Shared\LiveReg\VcSetup.exe c:\program files\Common Files\Symantec Shared\LiveReg\Watermrk.gif c:\program files\Common Files\Symantec Shared\LocationMap.dat c:\program files\Common Files\Symantec Shared\LRSend.exe c:\program files\Common Files\Symantec Shared\NIMClick.wav c:\program files\Common Files\Symantec Shared\NIMOver.wav c:\program files\Common Files\Symantec Shared\NMain.exe c:\program files\Common Files\Symantec Shared\Persist.BAK c:\program files\Common Files\Symantec Shared\Persist.Dat c:\program files\Common Files\Symantec Shared\PFAdBlk.dll c:\program files\Common Files\Symantec Shared\PFMisc.dll c:\program files\Common Files\Symantec Shared\PFPriv.dll c:\program files\Common Files\Symantec Shared\PFRes.dll c:\program files\Common Files\Symantec Shared\PFSec.dll c:\program files\Common Files\Symantec Shared\PXYHTTP.DLL c:\program files\Common Files\Symantec Shared\PxyIM.dll c:\program files\Common Files\Symantec Shared\PxyNNTP.dll c:\program files\Common Files\Symantec Shared\Script Blocking\SBServ.exe c:\program files\Common Files\Symantec Shared\Script Blocking\ScrAuth.dll c:\program files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll c:\program files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll c:\program files\Common Files\Symantec Shared\Security Center\sscnav.dll c:\program files\Common Files\Symantec Shared\Security Center\sscnis56.dll c:\program files\Common Files\Symantec Shared\Security Center\sscnis7.dll c:\program files\Common Files\Symantec Shared\Security Center\SSCOpts.dat c:\program files\Common Files\Symantec Shared\Security Center\SymSCWb.dll c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe c:\program files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe c:\program files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll c:\program files\Common Files\Symantec Shared\SEVINST.EXE c:\program files\Common Files\Symantec Shared\SMNLnch.exe c:\program files\Common Files\Symantec Shared\SNDALRT.log c:\program files\Common Files\Symantec Shared\SNDCON.log c:\program files\Common Files\Symantec Shared\SNDDBG.log c:\program files\Common Files\Symantec Shared\SNDFW.log c:\program files\Common Files\Symantec Shared\SNDIDS.log c:\program files\Common Files\Symantec Shared\SNDInst.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\SNDSYS.log c:\program files\Common Files\Symantec Shared\STRMFILT.DLL c:\program files\Common Files\Symantec Shared\SYMICONV.DLL c:\program files\Common Files\Symantec Shared\SymLCUI.dll c:\program files\Common Files\Symantec Shared\SymLTCHK.dll c:\program files\Common Files\Symantec Shared\SymLTCOM.dll c:\program files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe c:\program files\Common Files\Symantec Shared\SymUIAx.ocx c:\program files\Common Files\Symantec Shared\SymUIHlp.dll c:\program files\Common Files\Symantec Shared\Validate.dat Part 1 of log

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 December 2010 - 11:16 AM

No need to post these rest of it. Are you still only able to boot in Safe Mode? Do you have your Windows OS CD?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#15 RSBruce

RSBruce

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 07 December 2010 - 11:29 AM

OOPSIE, just saw your no need to post rest of log. The computer boots to desktop in Normal mode now. However, there is no network connectivity. Yes, I have the WINXP install disk from DELL. Do you want me in normal or safe mode?

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·