WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] Red X as my C drive Icon// Please Help

Started by divineservant2 , Apr 03 2008 06:59 PM

This topic is locked

21 replies to this topic

#1 divineservant2

New Member

New Member
13 posts

Posted 03 April 2008 - 06:59 PM

My system runs slow, There is a giant Red "X" on my C Drive and My "D" drive will not recognize CD's. Please help me. I posted this a few days ago so you may need me to rerun my hijack this report. I think that I may have posted this in the wrong place.

Logfile of HijackThis v1.99.1
Scan saved at 03:08, on 2008-03-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soulsingles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: www.apartments.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: http://www.blacksingles.com
O15 - Trusted Zone: http://mailcenter2.comcast.net
O15 - Trusted Zone: http://playgames.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www6.comcast.net
O15 - Trusted Zone: http://ad.doubleclick.net
O15 - Trusted Zone: http://*.emass2003apollogrp.edu
O15 - Trusted Zone: http://www.fredericks.com
O15 - Trusted Zone: http://pagead2.googlesyndication.com
O15 - Trusted Zone: http://www.hgtv.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://www.loverslane.com
O15 - Trusted Zone: http://www.mylifetime.com
O15 - Trusted Zone: http://www.nickjr.com
O15 - Trusted Zone: www.rent.com
O15 - Trusted Zone: http://*.rent.com
O15 - Trusted Zone: http://www.rockincodes.com
O15 - Trusted Zone: http://www.slumberparties.com
O15 - Trusted Zone: *.state.pa.us
O15 - Trusted Zone: http://financial.wellsfargo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://bubblingbeauty.zoomshare.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201977374671
O16 - DPF: {73D3D8EB-6C71-5444-67C8-54EC132A7D71} - http://bsa.safetydow...er/setup_en.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by114fd.bay11...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/...s/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: zfjxhpmq - zfjxhpmq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

Forum: HijackThis™ Logs and Infections Removal · Post Preview: #449473 · Replies: 0 · Views: 79

Advertisements

Register to Remove

#2 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 04 April 2008 - 06:20 AM

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#3 divineservant2

New Member

New Member
13 posts

Posted 07 April 2008 - 09:34 PM

I downloaded the combofix however my system will not allow it to run. I closed out of all windows, disabled my norton software and it still will not run. I get the blue box like it is going to start and then the box closes and nothing ever comes up again. I do not know what to do.
I ran another Hijack this report.

Logfile of HijackThis v1.99.1
Scan saved at 10:33, on 2008-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soulsingles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: www.apartments.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: http://www.blacksingles.com
O15 - Trusted Zone: http://mailcenter2.comcast.net
O15 - Trusted Zone: http://playgames.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www6.comcast.net
O15 - Trusted Zone: http://ad.doubleclick.net
O15 - Trusted Zone: http://*.emass2003apollogrp.edu
O15 - Trusted Zone: http://www.fredericks.com
O15 - Trusted Zone: http://pagead2.googlesyndication.com
O15 - Trusted Zone: http://www.hgtv.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://www.loverslane.com
O15 - Trusted Zone: http://www.mylifetime.com
O15 - Trusted Zone: http://www.nickjr.com
O15 - Trusted Zone: www.rent.com
O15 - Trusted Zone: http://*.rent.com
O15 - Trusted Zone: http://www.rockincodes.com
O15 - Trusted Zone: http://www.slumberparties.com
O15 - Trusted Zone: *.state.pa.us
O15 - Trusted Zone: http://financial.wellsfargo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://bubblingbeauty.zoomshare.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201977374671
O16 - DPF: {73D3D8EB-6C71-5444-67C8-54EC132A7D71} - http://bsa.safetydow...er/setup_en.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by114fd.bay11...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/...s/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: zfjxhpmq - zfjxhpmq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

#4 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 08 April 2008 - 09:59 AM

Can you delete ComboFix.exe and re-download it again as it gets updated often Then try run it and tell me how that goes

#5 divineservant2

New Member

New Member
13 posts

Posted 12 April 2008 - 01:11 PM

I'm sorry it has taken me so long to re post, my computer has been down. I tried to remove the combo fix and reload, however that did not work. All today I am working on removing old pictures and scanning the system to see if I can get combo fix to run and then I will re post. Thanks so much for your patience divineservant2

#6 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 12 April 2008 - 01:29 PM

Do this then

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#7 divineservant2

New Member

New Member
13 posts

Posted 12 April 2008 - 06:32 PM

I am only getting the Main.txt not the extra.txt

Deckard's System Scanner v20071014.68
Run by rakiba mcneil on 2008-04-12 08:28:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as rakiba mcneil.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\rakiba mcneil\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rakiba mcneil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soulsingles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: www.apartments.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: http://www.blacksingles.com
O15 - Trusted Zone: http://mailcenter2.comcast.net
O15 - Trusted Zone: http://playgames.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www6.comcast.net
O15 - Trusted Zone: http://ad.doubleclick.net
O15 - Trusted Zone: http://*.emass2003apollogrp.edu
O15 - Trusted Zone: http://www.fredericks.com
O15 - Trusted Zone: http://pagead2.googlesyndication.com
O15 - Trusted Zone: http://www.hgtv.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://www.loverslane.com
O15 - Trusted Zone: http://www.mylifetime.com
O15 - Trusted Zone: http://www.nickjr.com
O15 - Trusted Zone: www.rent.com
O15 - Trusted Zone: http://*.rent.com
O15 - Trusted Zone: http://www.rockincodes.com
O15 - Trusted Zone: http://www.slumberparties.com
O15 - Trusted Zone: *.state.pa.us
O15 - Trusted Zone: http://financial.wellsfargo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://bubblingbeauty.zoomshare.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201977374671
O16 - DPF: {73D3D8EB-6C71-5444-67C8-54EC132A7D71} - http://bsa.safetydow...er/setup_en.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by114fd.bay11...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/...s/msnchat45.cab
O20 - Winlogon Notify: zfjxhpmq - zfjxhpmq.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 10383 bytes

-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-12 07:45:08 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Malwarebytes
2008-04-12 07:44:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 07:44:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 07:07:59 0 -rahs---- C:\MSDOS.SYS
2008-04-12 07:07:59 0 -rahs---- C:\IO.SYS
2008-04-12 07:07:29 0 d-------- C:\WINDOWS\ERUNT
2008-04-09 11:13:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-09 01:45:21 0 d-------- C:\Documents and Settings\B5_BABYGURL\Application Data\Symantec
2008-04-06 23:54:35 16618 -----n--- C:\WINDOWS\hpomdl01.dat
2008-04-06 23:54:35 20454 --a------ C:\WINDOWS\hpoins01.dat
2008-04-03 09:36:43 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-03-28 07:46:51 0 d-------- C:\Program Files\Virtools
2008-03-27 22:22:15 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\MySpace
2008-03-27 19:33:02 0 d-------- C:\Program Files\Lavasoft
2008-03-26 21:34:08 0 d-------- C:\Program Files\Windows Sidebar
2008-03-26 21:33:08 0 d-------- C:\Program Files\Norton 360
2008-03-26 21:30:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 22:13:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-25 19:39:37 0 d-------- C:\Program Files\Trend Micro
2008-03-23 13:10:31 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\LimeWire
2008-03-23 13:09:42 0 d-------- C:\Program Files\LimeWire
2008-03-23 11:56:50 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Printer Info Cache
2008-03-20 01:56:39 0 d-------- C:\Documents and Settings\Michael McNeil\Application Data\Macromedia
2008-03-20 01:47:40 0 d-------- C:\Documents and Settings\Michael McNeil\Application Data\Symantec
2008-03-17 18:57:58 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2008-03-17 18:57:57 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\EA
2008-03-17 18:57:26 0 d-------- C:\Program Files\Oberon Media
2008-03-17 10:22:40 0 d-------- C:\Program Files\directx
2008-03-17 01:34:12 0 d-------- C:\N360_BACKUP
2008-03-16 20:10:41 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-16 20:10:41 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-16 20:10:41 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-16 20:10:41 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-16 17:46:43 1799 --a------ C:\WINDOWS\mozver.dat
2008-03-16 13:54:51 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Symantec
2008-03-16 13:33:14 0 d-------- C:\Program Files\Symantec
2008-03-16 13:33:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-16 12:53:28 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Mozilla
2008-03-16 12:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-16 12:40:43 0 d--hs---- C:\Documents and Settings\rakiba mcneil\Application Data\Earthlink
2008-03-15 21:19:01 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Jasc Software Inc
2008-03-15 21:19:01 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Identities
2008-03-15 21:19:00 0 dr------- C:\Documents and Settings\Administrator.PROSPERITY\Favorites
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Desktop
2008-03-15 21:19:00 0 d--hs---- C:\Documents and Settings\Administrator.PROSPERITY\Cookies
2008-03-15 21:19:00 0 dr-h----- C:\Documents and Settings\Administrator.PROSPERITY\Application Data
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Sun
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Sonic
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Real
2008-03-15 21:19:00 0 d---s---- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Microsoft
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\Templates
2008-03-15 21:18:59 0 dr------- C:\Documents and Settings\Administrator.PROSPERITY\Start Menu
2008-03-15 21:18:59 0 dr-h----- C:\Documents and Settings\Administrator.PROSPERITY\SendTo
2008-03-15 21:18:59 0 dr-h----- C:\Documents and Settings\Administrator.PROSPERITY\Recent
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\PrintHood
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\NetHood
2008-03-15 21:18:59 0 dr------- C:\Documents and Settings\Administrator.PROSPERITY\My Documents
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\Local Settings
2008-03-15 21:18:57 1048576 --ah----- C:\Documents and Settings\Administrator.PROSPERITY\NTUSER.DAT
2008-03-15 18:21:26 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Webroot
2008-03-15 12:44:51 0 d-------- C:\Documents and Settings\Michael McNeil\Application Data\Adobe

-- Find3M Report ---------------------------------------------------------------

2008-04-12 08:18:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 02:20:16 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\OpenOffice.org2
2008-04-08 07:06:31 0 d-------- C:\Program Files\RegistryFix
2008-04-08 03:15:29 0 d-------- C:\Program Files\Java
2008-04-07 09:37:07 0 d-------- C:\Program Files\Hasbro Interactive
2008-04-07 09:37:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 22:22:09 0 d-------- C:\Program Files\MySpace
2008-03-26 21:35:27 0 d-------- C:\Program Files\Common Files
2008-03-26 21:35:10 0 d-------- C:\Program Files\Yahoo!
2008-03-23 11:56:40 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Image Zone Express
2008-03-22 19:21:15 0 d-------- C:\Program Files\Windows NT
2008-03-17 10:21:45 592 --a----c- C:\WINDOWS\PowerReg.dat
2008-03-15 18:23:28 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Apple Computer
2008-03-15 13:45:37 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\McAfee
2008-03-07 00:13:15 0 d-------- C:\Program Files\OpenOffice.org 2.0
2008-03-06 20:12:45 0 d-------- C:\Program Files\Webroot
2008-03-05 20:08:47 0 d-------- C:\Program Files\Napster
2008-03-03 15:11:22 0 d-------- C:\Program Files\Google
2008-03-03 14:51:48 164 --a------ C:\install.dat
2008-03-02 14:49:04 0 d-------- C:\Program Files\3B Software
2008-03-02 11:09:34 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Lavasoft
2008-03-02 11:08:48 0 d-------- C:\Program Files\TurboTax
2008-03-02 11:08:34 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-02 11:00:32 0 dr-h----- C:\Documents and Settings\rakiba mcneil\Application Data\yahoo!
2008-03-02 01:10:07 0 d-------- C:\Program Files\FinePixViewer
2008-03-02 01:08:14 0 d-------- C:\Program Files\Comcast Play Games
2008-03-01 21:45:51 0 d-------- C:\Program Files\Incomplete
2008-01-12 03:05:23 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 22:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-26 21:35 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 22:08 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 07:00 C:\WINDOWS\BCMSMMSG.exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 15:37]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\rakiba mcneil\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DESKTOP.INI [2002-09-03 11:00:00]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zfjxhpmq]
zfjxhpmq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-04-12 08:28:59 ------------

#8 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 13 April 2008 - 07:50 AM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon Notify: zfjxhpmq - zfjxhpmq.dll (file missing)
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Reboot and do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

#9 divineservant2

New Member

New Member
13 posts

Posted 13 April 2008 - 12:36 PM

This is the mbam report nothing was detected Malwarebytes' Anti-Malware 1.11 Database version: 621 Scan type: Full Scan (A:\|C:\|D:\|E:\|) Objects scanned: 122767 Time elapsed: 58 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#10 divineservant2

New Member

New Member
13 posts

Posted 13 April 2008 - 01:13 PM

I finally got it to reboot and work

Main.txt
Deckard's System Scanner v20071014.68
Run by rakiba mcneil on 2008-04-13 02:59:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as rakiba mcneil.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:00, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\rakiba mcneil\desktop\dss.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\RAKIBA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soulsingles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: www.apartments.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: http://www.blacksingles.com
O15 - Trusted Zone: http://mailcenter2.comcast.net
O15 - Trusted Zone: http://playgames.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www6.comcast.net
O15 - Trusted Zone: http://ad.doubleclick.net
O15 - Trusted Zone: http://*.emass2003apollogrp.edu
O15 - Trusted Zone: http://www.fredericks.com
O15 - Trusted Zone: http://pagead2.googlesyndication.com
O15 - Trusted Zone: http://www.hgtv.com
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://www.loverslane.com
O15 - Trusted Zone: http://www.mylifetime.com
O15 - Trusted Zone: http://www.nickjr.com
O15 - Trusted Zone: www.rent.com
O15 - Trusted Zone: http://*.rent.com
O15 - Trusted Zone: http://www.rockincodes.com
O15 - Trusted Zone: http://www.slumberparties.com
O15 - Trusted Zone: *.state.pa.us
O15 - Trusted Zone: http://financial.wellsfargo.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://bubblingbeauty.zoomshare.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201977374671
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by114fd.bay11...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 9650 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080412-235900-457 O16 - DPF: {73D3D8EB-6C71-5444-67C8-54EC132A7D71} - http://bsa.safetydow...er/setup_en.cab
backup-20080412-235900-677 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080412-235900-698 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080412-235902-834 O20 - Winlogon Notify: zfjxhpmq - zfjxhpmq.dll (file missing)
backup-20080413-011742-281 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20080413-011742-856 O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
backup-20080413-011743-220 O24 - Desktop Component 0: (no name) - (no file)
backup-20080413-011743-893 O24 - Desktop Component 1: (no name) - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys

S3 catchme - c:\docume~1\rakiba~1\locals~1\temp\catchme.sys (file missing)
S3 CoachUsb (Dual Mode Digital Camera on USB) - c:\windows\system32\drivers\coachusb.sys <Not Verified; Accapella Ltd.; USB Driver for Digital Camera>
S3 Dual Mode (Dual Mode Video Capture) - c:\windows\system32\drivers\coachvc.sys <Not Verified; Accapella Ltd.; Video Capture Minidriver for Digital Camera>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 05:29:23 408 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F74708FD-5478-4F02-B118-F0836B8D7616}.job
2008-04-07 00:24:36 406 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1207541522.job

-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 01:20:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 07:45:08 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Malwarebytes
2008-04-12 07:44:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 07:07:59 0 -rahs---- C:\MSDOS.SYS
2008-04-12 07:07:59 0 -rahs---- C:\IO.SYS
2008-04-12 07:07:29 0 d-------- C:\WINDOWS\ERUNT
2008-04-09 11:13:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-09 01:45:21 0 d-------- C:\Documents and Settings\B5_BABYGURL\Application Data\Symantec
2008-04-06 23:54:35 16618 -----n--- C:\WINDOWS\hpomdl01.dat
2008-04-06 23:54:35 20454 --a------ C:\WINDOWS\hpoins01.dat
2008-04-03 09:36:43 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-03-28 07:46:51 0 d-------- C:\Program Files\Virtools
2008-03-27 22:22:15 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\MySpace
2008-03-26 21:34:08 0 d-------- C:\Program Files\Windows Sidebar
2008-03-26 21:33:08 0 d-------- C:\Program Files\Norton 360
2008-03-25 22:13:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-25 19:39:37 0 d-------- C:\Program Files\Trend Micro
2008-03-23 13:10:31 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\LimeWire
2008-03-23 13:09:42 0 d-------- C:\Program Files\LimeWire
2008-03-23 11:56:50 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Printer Info Cache
2008-03-20 01:56:39 0 d-------- C:\Documents and Settings\Michael McNeil\Application Data\Macromedia
2008-03-20 01:47:40 0 d-------- C:\Documents and Settings\Michael McNeil\Application Data\Symantec
2008-03-17 18:57:58 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2008-03-17 18:57:57 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\EA
2008-03-17 18:57:26 0 d-------- C:\Program Files\Oberon Media
2008-03-17 10:22:40 0 d-------- C:\Program Files\directx
2008-03-17 01:34:12 0 d-------- C:\N360_BACKUP
2008-03-16 20:10:41 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-16 20:10:41 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-16 20:10:41 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-16 20:10:41 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-16 17:46:43 1799 --a------ C:\WINDOWS\mozver.dat
2008-03-16 13:54:51 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Symantec
2008-03-16 13:33:14 0 d-------- C:\Program Files\Symantec
2008-03-16 13:33:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-16 12:53:28 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Mozilla
2008-03-16 12:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-16 12:40:43 0 d--hs---- C:\Documents and Settings\rakiba mcneil\Application Data\Earthlink
2008-03-15 21:19:01 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Jasc Software Inc
2008-03-15 21:19:01 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Identities
2008-03-15 21:19:00 0 dr------- C:\Documents and Settings\Administrator.PROSPERITY\Favorites
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Desktop
2008-03-15 21:19:00 0 d--hs---- C:\Documents and Settings\Administrator.PROSPERITY\Cookies
2008-03-15 21:19:00 0 dr-h----- C:\Documents and Settings\Administrator.PROSPERITY\Application Data
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Sun
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Sonic
2008-03-15 21:19:00 0 d-------- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Real
2008-03-15 21:19:00 0 d---s---- C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Microsoft
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\Templates
2008-03-15 21:18:59 0 dr------- C:\Documents and Settings\Administrator.PROSPERITY\Start Menu
2008-03-15 21:18:59 0 dr-h----- C:\Documents and Settings\Administrator.PROSPERITY\SendTo
2008-03-15 21:18:59 0 dr-h----- C:\Documents and Settings\Administrator.PROSPERITY\Recent
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\PrintHood
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\NetHood
2008-03-15 21:18:59 0 dr------- C:\Documents and Settings\Administrator.PROSPERITY\My Documents
2008-03-15 21:18:59 0 d--h----- C:\Documents and Settings\Administrator.PROSPERITY\Local Settings
2008-03-15 21:18:57 1048576 --ah----- C:\Documents and Settings\Administrator.PROSPERITY\NTUSER.DAT
2008-03-15 18:21:26 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Webroot
2008-03-15 12:44:51 0 d-------- C:\Documents and Settings\Michael McNeil\Application Data\Adobe

-- Find3M Report ---------------------------------------------------------------

2008-04-13 02:44:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 10:30:07 0 d-------- C:\Program Files\Common Files
2008-04-12 02:20:16 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\OpenOffice.org2
2008-04-08 07:06:31 0 d-------- C:\Program Files\RegistryFix
2008-04-08 03:15:29 0 d-------- C:\Program Files\Java
2008-04-07 09:37:07 0 d-------- C:\Program Files\Hasbro Interactive
2008-04-07 09:37:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 22:22:09 0 d-------- C:\Program Files\MySpace
2008-03-26 21:35:10 0 d-------- C:\Program Files\Yahoo!
2008-03-23 11:56:40 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Image Zone Express
2008-03-22 19:21:15 0 d-------- C:\Program Files\Windows NT
2008-03-17 10:21:45 592 --a----c- C:\WINDOWS\PowerReg.dat
2008-03-15 18:23:28 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Apple Computer
2008-03-15 13:45:37 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\McAfee
2008-03-07 00:13:15 0 d-------- C:\Program Files\OpenOffice.org 2.0
2008-03-06 20:12:45 0 d-------- C:\Program Files\Webroot
2008-03-05 20:08:47 0 d-------- C:\Program Files\Napster
2008-03-03 15:11:22 0 d-------- C:\Program Files\Google
2008-03-03 14:51:48 164 --a------ C:\install.dat
2008-03-02 14:49:04 0 d-------- C:\Program Files\3B Software
2008-03-02 11:09:34 0 d-------- C:\Documents and Settings\rakiba mcneil\Application Data\Lavasoft
2008-03-02 11:08:48 0 d-------- C:\Program Files\TurboTax
2008-03-02 11:08:34 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-02 11:00:32 0 dr-h----- C:\Documents and Settings\rakiba mcneil\Application Data\yahoo!
2008-03-02 01:10:07 0 d-------- C:\Program Files\FinePixViewer
2008-03-02 01:08:14 0 d-------- C:\Program Files\Comcast Play Games
2008-03-01 21:45:51 0 d-------- C:\Program Files\Incomplete

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 22:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-26 21:35 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 22:08 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 07:00 C:\WINDOWS\BCMSMMSG.exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 15:37]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\rakiba mcneil\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 11:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DESKTOP.INI [2002-09-03 11:00:00]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-04-13 03:01:57 ------------

Advertisements

Register to Remove

#11 divineservant2

New Member

New Member
13 posts

Posted 13 April 2008 - 01:14 PM

This is the extra.txt scan

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 503 MiB / 115.29 MiB
Pagefile Memory (total/avail): 1238.35 MiB / 873.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.25 GiB total, 24.46 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 2F040L0 - 38.29 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 38.25 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo! Games\\Alien Shooter\\AlienShooter.exe"="C:\\Program Files\\Yahoo! Games\\Alien Shooter\\AlienShooter.exe:*:Disabled:AlienShooter Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\rakiba mcneil\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PROSPERITY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\rakiba mcneil
LOGONSERVER=\\PROSPERITY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRAM FILES\COMMON FILES\SONIC SHARED;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RAKIBA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RAKIBA~1\LOCALS~1\Temp
USERDOMAIN=PROSPERITY
USERNAME=rakiba mcneil
USERPROFILE=C:\Documents and Settings\rakiba mcneil
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

rakiba mcneil (admin)
B5_BABYGURL (admin)
Michael McNeil
Administrator.PROSPERITY (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Funhouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCBD0769-BAD5-40AD-BCD9-68FADC5231D5}\SETUP.EXE" -l0x9 -uninst
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{797703D4-461B-4BC9-AACA-292917F3A47F}\SETUP.EXE" -l0x9 -uninst
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
CC_ccProxyExt --> MsiExec.exe /I{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccPxyCore --> MsiExec.exe /I{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DS21Patch --> MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
Dual Mode Digital Camera 3.0M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{095C4517-3E7A-4C70-A981-7146CFAD4D39}\Setup.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Genesys USB Mass Storage Device --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4BF87C8-3EEC-4774-82A2-584F109187B1}\Setup.exe"
GSIM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\gsim.inf, Uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Intel® Integrated Performance Primitives RTI 4.0 --> MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Producer for Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691033}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Add-on Pack (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_2_1_0_55\Setup.exe" /X
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus Help --> MsiExec.exe /I{69CCCF13-601F-43FC-A4A7-4A2ADF0821D1}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
OpenOffice.org 2.0 --> MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1}
Parental Control --> MsiExec.exe /I{66B9BD1F-4189-4F35-BD82-9948720A04CF}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-- Application Event Log -------------------------------------------------------

Event Record #/Type28485 / Warning
Event Submitted/Written: 04/13/2008 02:45:07 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type28484 / Warning
Event Submitted/Written: 04/13/2008 02:45:07 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type28450 / Warning
Event Submitted/Written: 04/12/2008 11:15:15 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type28449 / Warning
Event Submitted/Written: 04/12/2008 11:15:15 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type28414 / Warning
Event Submitted/Written: 04/12/2008 07:17:49 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type387382 / Error
Event Submitted/Written: 04/12/2008 07:14:30 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type387381 / Error
Event Submitted/Written: 04/12/2008 07:05:43 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type387380 / Error
Event Submitted/Written: 04/12/2008 07:03:52 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type387379 / Error
Event Submitted/Written: 04/12/2008 07:03:49 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type387378 / Error
Event Submitted/Written: 04/12/2008 07:02:09 AM / 04/12/2008 07:03:09 AM
Event ID/Source: 1 / sfsync04
Event Description:

-- End of Deckard's System Scanner: finished at 2008-04-13 03:01:57 ------------

#12 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 14 April 2008 - 09:50 AM

How is your PC running ? Any problems

#13 divineservant2

New Member

New Member
13 posts

Posted 14 April 2008 - 10:08 PM

The system is a little sluggish and some programs are taking a while to open, and I still have the red X on my c drive and I have some temp files that will not delete off my system with the Norton scan. Divineservant2

Edited by divineservant2, 14 April 2008 - 10:11 PM.

#14 Rorschach112

Teacher Emeritus

Authentic Member
3,651 posts

Posted 17 April 2008 - 05:33 PM

Lets fix that

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.

@ECHO OFF
If exist DrvIconQuery.txt Del DrvIconQuery.txt
Echo Report>>DrvIconQuery.txt
Echo %date% %time% >>DrvIconQuery.txt
Echo.>>DrvIconQuery.txt
@ECHO Working.......
Reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /s >> DrvIconQuery.txt
start notepad DrvIconQuery.txt

Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in FixService.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find FixService.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.

Make sure you attach the report in your reply

#15 divineservant2

New Member

New Member
13 posts

Posted 18 April 2008 - 05:22 PM

Aft cleaner report, Not sure if this is correct Report 2008-04-18 7:20:36.59 That is all that came up Can you please help me remove these temp files that seem to keep duplicating.

Edited by divineservant2, 18 April 2008 - 05:27 PM.

Body Background

skin color theme