GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Virus??? Help!

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:59 am

A black box flashes on the screen. It doesn't stay so, how do I copy?

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 6:57 am

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\froman\fcharset0 Times New Roman;}{\f1\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\sb100\sa100\f0\fs24 @echo off\line echo The log can be found at %systemdrive%\\startup.txt if Notepad doesn't open automatically.\line if exist %systemdrive%\\peek*.txt del /q %systemdrive%\\peek*.txt\line if exist %systemdrive%\\startup.txt del /q %systemdrive%\\startup.txt\line regedit /e %systemdrive%\\peek1.txt "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Shared Tools\\MSConfig\\startupreg"\line regedit /e %systemdrive%\\peek2.txt "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Shared Tools\\MSConfig\\startupfolder"\line regedit /e %systemdrive%\\peek3.txt "HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\services"\line type %systemdrive%\\peek*.txt >> %systemdrive%\\startup.txt\line echo End >> %systemdrive%\\startup.txt\line del /q %systemdrive%\\peek*.txt\line notepad %systemdrive%\\startup.txt\line\par
\pard\f1\fs20\par
}

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Thu Dec 04, 2008 2:19 pm

Hello.
That went wrong, don't know why.
OTViewIt log looks clean.

What problems still remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 10:20 pm

My original problem still remains....I cannot connect to the internet through main computer. I have been using another computer in the same house to do thie things you have asked....I've been downloading from the internet on one of my computers, saving to flashdrive and installing and running on the computer that does not connect. Now the computer i have been using is not connecting to the internet. I connected my old computer and am using now. I really need help!!! 2 computer not connecting....when i try and connect they both do the same thing....try using a dial-up.

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Thu Dec 04, 2008 10:31 pm

Okay.
Only one is able to do this, we'll scan for it in a minute.
But otherwise, the connection problem is likely to be some settings need configuring in your dialup connection. And trust me, I used to have dial-up, and one of the tech staff here still have dial-up, I know what a pain it can be.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\test.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Leave the box below it unticked.
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 2:14 am

That is a problem....I don't have dial-up...I have cable and all my computers are connected by wireless router.

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 2:17 am

I tried to restore system today on both computers. That did not solve the problem. I tired to reinstall wireless router...I had an error message that said something about network and port..

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 2:25 am

I don't have avenger I have norton installed.

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 12:36 pm

Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005
Warning: Action failed for registry key HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}: creating registry key....
Error 0x80070005
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: creating registry value....
Parent registry key for value creation has not been initialized.
Rollback:
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: removing registry value....
Internal error. Registry handle has not been opened.
Warning: Action failed for registry key HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}: removing registry key....
Error 0x80070005

This is what happened when tried to install avenger!! Can you please help? There is something blocking my access to the internet. Now I have 2 computers down. Isn't it strange that the computer that I was using to download all the information now can't connect to internet but another computer on the same system connects....this one.

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 3:04 pm

Hello.
The avenger doesn't install, it's standalone and runs by itself.

Can you get me a new combofix log, download and run combofix again. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:07 pm

ComboFix 08-12-01.03 - Owner 2008-12-05 12:44:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.498 [GMT -5:00]
Running from: G:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\outfit.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
C:\smp.bat

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 12:51 . 2008-12-05 12:51 d-------- c:\documents and settings\Owner\WPDNSE
2008-12-05 12:48 . 2008-12-05 12:48 60,416 --a------ C:\Perflib_Perfdata__755.dat
2008-12-02 21:15 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 5 for Silent Runners.zip
2008-12-02 21:14 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 4 for Silent Runners.zip
2008-12-02 21:13 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 3 for Silent Runners.zip
2008-12-02 21:11 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 2 for Silent Runners.zip
2008-12-02 21:10 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 1 for Silent Runners.zip
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\windows\system32\drivers\NAV
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\program files\Windows Sidebar
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\program files\Symantec
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\program files\Norton AntiVirus
2008-12-02 08:14 . 2008-12-02 08:14 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-02 08:14 . 2008-12-02 08:14 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-02 08:14 . 2008-12-02 08:14 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-12-02 08:14 . 2008-12-02 08:14 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-02 08:14 . 2008-12-02 08:14 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-02 08:13 . 2008-12-02 08:13 d-------- c:\program files\NortonInstaller
2008-11-29 00:44 . 2008-11-29 00:44 d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-28 13:28 . 2007-01-02 11:23 d-------- c:\documents and settings\Administrator.DGXLCBC1\Application Data\InstallShield
2008-11-28 13:28 . 2007-01-02 11:26 d--h----- c:\documents and settings\Administrator.DGXLCBC1\Application Data\Gtek
2008-11-28 13:28 . 2008-12-04 14:11 d-------- c:\documents and settings\Administrator.DGXLCBC1
2008-11-28 11:04 . 2008-12-05 12:50 2,206 --a------ c:\windows\system32\wpa.dbl
2008-11-28 10:35 . 2008-11-27 11:28 1,409 --a------ c:\windows\QTFont.for
2008-11-28 09:39 . 2008-11-28 09:39 2 --a------ c:\windows\msoffice.ini
2008-11-28 09:37 . 2008-06-03 01:08 122,880 --------- c:\documents and settings\Owner\uninst.dll
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WERf9a9.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WERa830.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WER8f4e.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WER6f07.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WER59b1.dir00
2008-11-28 09:26 . 2008-11-28 09:26 d-------- c:\documents and settings\Owner\WERc056.dir00
2008-11-28 09:25 . 2008-11-28 09:25 d-------- c:\documents and settings\Owner\WERafce.dir00
2008-11-28 09:25 . 2008-11-28 09:26 d-------- c:\documents and settings\Owner\WER4cc2.dir00
2008-11-28 09:24 . 2008-11-28 09:24 d-------- c:\documents and settings\Owner\WER28a1.dir00
2008-11-28 09:24 . 2008-11-28 09:24 d-------- c:\documents and settings\Owner\WER04e3.dir00
2008-11-27 11:28 . 2008-11-28 13:51 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-26 23:16 . 2008-11-28 10:15 d-------- c:\documents and settings\Owner\~nsu.tmp
2008-11-19 08:56 . 2008-11-19 08:56 d-------- c:\documents and settings\Owner\WER941d.dir00
2008-11-19 08:56 . 2008-11-19 08:56 d-------- c:\documents and settings\Owner\WER8fcb.dir00
2008-11-19 08:56 . 2008-11-19 08:56 d-------- c:\documents and settings\Owner\WER8bf2.dir00
2008-11-19 08:56 . 2008-11-19 08:57 d-------- c:\documents and settings\Owner\WER5c61.dir00
2008-11-19 08:55 . 2008-11-19 08:55 d-------- c:\documents and settings\Owner\WER9a7a.dir00
2008-11-19 08:55 . 2008-11-19 08:55 d-------- c:\documents and settings\Owner\WER818f.dir00
2008-11-19 08:55 . 2008-11-19 08:55 d-------- c:\documents and settings\Owner\WER7b39.dir00
2008-11-15 11:41 . 2008-12-04 14:14 54,980 --a------ C:\VETlog.dmp
2008-11-14 23:47 . 2008-11-14 23:47 d-------- c:\documents and settings\Owner\WER6ae3.dir00
2008-11-14 22:53 . 2008-11-14 22:54 d-------- c:\documents and settings\Owner\Application Data\TypingMaster7
2008-11-12 23:20 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 23:18 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:00 . 2008-11-25 07:07 4,194,310 --a------ c:\windows\pfirewall.log.old
2008-11-10 02:54 . 2008-12-04 14:14 79 --a------ c:\windows\win.ini
2008-11-10 01:25 . 2008-11-29 00:45 d-------- c:\windows\system32\%windir%
2008-11-09 21:11 . 2008-12-05 12:43 d-------- c:\documents and settings\Owner\Application Data\U3
2008-11-08 13:22 . 2008-11-08 13:22 d-------- c:\documents and settings\Owner\WERdf90.dir00
2008-11-08 13:22 . 2008-11-08 13:22 d-------- c:\documents and settings\Owner\WERd62c.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WERdff4.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WERdacc.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WER48cb.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WER41fc.dir00
2008-11-07 18:36 . 2008-11-07 18:36 d-------- c:\documents and settings\Owner\{7981fc64-5f91-49c3-91b6-3fddb8e77997}
2008-11-07 18:36 . 2008-11-07 18:36 d-------- c:\documents and settings\Owner\_tf20.tmp
2008-11-07 15:52 . 2008-11-07 16:36 d-------- c:\documents and settings\Owner\WERd6c8.dir00
2008-11-07 15:52 . 2008-11-07 16:36 d-------- c:\documents and settings\Owner\WER4354.dir00
2008-11-06 12:14 . 2008-11-06 12:14 d-------- c:\documents and settings\LocalService\SEE2B99.tmp
2008-11-06 12:14 . 2008-11-06 12:30 d-------- c:\documents and settings\LocalService\~nsu.tmp
2008-11-06 12:12 . 2008-11-06 12:12 d-------- c:\program files\Common Files\Winferno
2008-11-06 12:12 . 2006-10-09 12:28 835,584 --a------ c:\windows\system32\WINCTL4.OCX
2008-11-06 12:12 . 2006-10-09 13:06 495,616 --a------ c:\windows\system32\WINUTIL5.DLL
2008-11-06 12:12 . 2006-05-17 08:40 393,216 --a------ c:\windows\system32\WINLCTL5.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M .2008-11-13 08:04:16

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:09 pm

008-11-07 15:52 . 2008-11-07 16:36 d-------- c:\documents and settings\Owner\WER4354.dir00
2008-11-06 12:14 . 2008-11-06 12:14 d-------- c:\documents and settings\LocalService\SEE2B99.tmp
2008-11-06 12:14 . 2008-11-06 12:30 d-------- c:\documents and settings\LocalService\~nsu.tmp
2008-11-06 12:12 . 2008-11-06 12:12 d-------- c:\program files\Common Files\Winferno
2008-11-06 12:12 . 2006-10-09 12:28 835,584 --a------ c:\windows\system32\WINCTL4.OCX
2008-11-06 12:12 . 2006-10-09 13:06 495,616 --a------ c:\windows\system32\WINUTIL5.DLL
2008-11-06 12:12 . 2006-05-17 08:40 393,216 --a------ c:\windows\system32\WINLCTL5.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:34 --------- d-----w c:\program files\BAE
2008-12-02 13:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-02 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2008-11-28 14:44 --------- d-----w c:\program files\Java
2008-11-28 14:40 --------- d-----w c:\program files\Common Files\aolshare
2008-11-28 14:40 --------- d-----w c:\program files\Common Files\AOL
2008-11-28 14:40 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-27 16:32 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2008-11-27 04:16 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-11-27 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-25 21:10 1,188 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-11-07 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-07 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-06 17:59 666 ----a-w c:\documents and settings\Owner\_uninsep.bat
2008-11-03 17:43 --------- d-----w c:\program files\Google
2008-10-30 17:13 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-30 14:59 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-10-29 16:47 --------- d-----w c:\documents and settings\Owner\Application Data\Itsth
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 14:34 122,268 ----a-w c:\documents and settings\Owner\GLF2BB1.EXE
2008-10-16 15:21 30 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2008-10-09 14:56 43,879,424 ----a-w c:\documents and settings\Owner\Stp651_TMP.EXE
2008-10-09 14:54 --------- d-----w c:\program files\Common Files\Download Manager
2008-09-06 06:27 2,597,608 ----atw c:\documents and settings\Owner\ytb_7.2.2.0_1.6.1_ysp_1.2.6_mail_bts_pub_us_setup_.exe
2008-09-05 17:41 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-05 17:41 249,856 ------w c:\windows\Setup1.exe
2008-06-03 05:36 4,085,904 ------w c:\documents and settings\Owner\WMFDist.exe
2008-01-09 14:29 122,007 ----a-w c:\documents and settings\Owner\GLF2BBF.EXE
2007-10-11 11:20 116,096 ----a-w c:\documents and settings\Owner\AcsInstall.dll
2004-04-23 05:00 13,824 ----a-w c:\documents and settings\Owner\cnmss Canon PIXMA iP4000 (Local).exe
2004-04-23 05:00 13,824 ----a-w c:\documents and settings\LocalService\cnmss Canon PIXMA iP4000 (Local).exe
2003-10-23 18:27 22,528 ----a-w c:\documents and settings\Owner\SHFOLDER.DLL
2002-07-26 21:02 153,088 ----a-w c:\documents and settings\Owner\uninst.exe
2008-09-03 07:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090320080904\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"tkbellexe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-25 185896]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360]
"sunjavaupdatesched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"maxtoronetouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"dla"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"callcontrol 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-03-20 122880]
"adobe reader speed launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
BJ Status Monitor Canon PIXMA iP4000.lnk - c:\documents and settings\Owner\cnmss Canon PIXMA iP4000 (Local).exe [2008-04-15 13824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^owner^start menu^programs^startup^bj status monitor canon pixma ip4000.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\BJ Status Monitor Canon PIXMA iP4000.lnk
backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP4000.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\corel photo downloader]
--a------ 2006-08-14 14:20 462336 c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\google desktop search]
--a------ 2007-08-14 23:53 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager]
--a------ 2007-10-08 16:50 41824 c:\program files\Common Files\AOL\1171071908\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isusscheduler]
--a------ 2004-07-27 16:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1171071908\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Owner\\7zS6B2.tmp\\SymNRT.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1001000.021\SYMEFA.SYS [2008-12-02 309296]
R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NAV\1001000.021\BHDrvx86.sys [2008-12-02 255536]
R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NAV\1001000.021\ccHPx86.sys [2008-12-02 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2008-12-02 274808]
R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-02 99376]
S1 1864aebb;1864aebb;c:\windows\system32\drivers\1864aebb.sys []
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\Drivers\olcamudp.sys [2007-02-19 10379]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc3ae7e-b178-11db-8214-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-sigmatelsystrayapp - stsystra.exe
MSConfigStartUp-quicktime task - c:\program files\QuickTime\QTTask.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\s2l4rf8v.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [You must be registered and logged in to see this link.]
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdnu.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-05 12:51:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\combofix\hidec.exe
c:\windows\stsystra.exe
c:\program files\FaxTalk Communicator\fapiexe.exe
c:\windows\system32\spool\drivers\w32x86\3\CNMSM64.EXE
c:\windows\system32\rasautou.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\combofix\Catchme.tmp
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-12-05 12:56:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-05 17:54:45

Pre-Run: 137,945,124,864 bytes free
Post-Run: 138,119,168,000 bytes free

289 --- E O F --- 2008-11-13 08:04:16

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:27 pm

I am still unable to connect to the internet. Error message 769...WAN miniport

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 6:32 pm

Seems mywebsearch got in. Lets get rid of the infections before the troubleshoot that.

Now open a new notepad file.
Input this into the notepad file:

Driver::
1864aebb

File::
c:\documents and settings\Owner\Temporary Directory 5 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 4 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 3 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 2 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 1 for Silent Runners.zip
c:\documents and settings\Owner\~nsu.tmp
c:\documents and settings\Owner\_tf20.tmp
c:\documents and settings\Owner\_uninsep.bat
c:\windows\system32\drivers\1864aebb.sys

DirLook::
c:\windows\system32\%windir%

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MyWebSearch Email Plugin"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc3ae7e-b178-11db-8214-00038a000015}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:59 pm

First it kept telling me that I had misspelled CFScript and would not run and now it does nothing

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 7:02 pm

Now combofix will not run. The little box comes up and then....nothing

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 7:19 pm

Maybe we can use OTMoveIt.


Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :processes
    explorer.exe

    :files
    c:\documents and settings\Owner\Temporary Directory 5 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 4 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 3 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 2 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 1 for Silent Runners.zip
    c:\documents and settings\Owner\~nsu.tmp
    c:\documents and settings\Owner\_tf20.tmp
    c:\documents and settings\Owner\_uninsep.bat
    c:\windows\system32\drivers\1864aebb.sys

    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MyWebSearchService"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MyWebSearch Email Plugin"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc3ae7e-b178-11db-8214-00038a000015}]

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:50 pm

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 OTViewIt Extras logfile created on: 2008-12-03 15:20:31 - Run \par
OTViewIt by OldTimer - Version 1.0.20.0 Folder = G:\\\par
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation\par
Internet Explorer (Version = 7.0.5730.11)\par
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd\par
\par
958.42 Mb Total Physical Memory | 544.86 Mb Available Physical Memory | 56.85% Memory free\par
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.75% Paging File free\par
Paging file location(s): C:\\pagefile.sys 1440 2880;\par
\par
%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files\par
Drive C: | 145.87 Gb Total Space | 128.56 Gb Free Space | 88.14% Space Free | Partition Type: NTFS\par
D: Drive not present or media not loaded\par
E: Drive not present or media not loaded\par
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
Drive G: | 1.86 Gb Total Space | 1.67 Gb Free Space | 89.45% Space Free | Partition Type: FAT\par
H: Drive not present or media not loaded\par
I: Drive not present or media not loaded\par
\par
Computer Name: DGXLCBC1\par
Current User Name: Owner\par{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 OTViewIt Extras logfile created on: 2008-12-03 15:20:31 - Run \par
OTViewIt by OldTimer - Version 1.0.20.0 Folder = G:\\\par
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation\par
Internet Explorer (Version = 7.0.5730.11)\par
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd\par
\par
958.42 Mb Total Physical Memory | 544.86 Mb Available Physical Memory | 56.85% Memory free\par
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.75% Paging File free\par
Paging file location(s): C:\\pagefile.sys 1440 2880;\par
\par
%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files\par
Drive C: | 145.87 Gb Total Space | 128.56 Gb Free Space | 88.14% Space Free | Partition Type: NTFS\par
D: Drive not present or media not loaded\par
E: Drive not present or media not loaded\par
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
Drive G: | 1.86 Gb Total Space | 1.67 Gb Free Space | 89.45% Space Free | Partition Type: FAT\par
H: Drive not present or media not loaded\par
I: Drive not present or media not loaded\par
\par
Computer Name: DGXLCBC1\par
Current User Name: Owner\par
Logged in as Administrator.\par
\par
Current Boot Mode: Normal\par
Scan Mode: Current user\par
Whitelist: On\par
File Age = 30 Days\par
\par
========== File Associations ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\]\par
.reg [@ = regfile] -- regedit.exe "%1"\par
\par
========== Security Center Settings ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]\par
"FirstRunDisabled"=1\par
"AntiVirusDisableNotify"=0\par
"FirewallDisableNotify"=0\par
"UpdatesDisableNotify"=0\par
"AntiVirusOverride"=1\par
"FirewallOverride"=0\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]\par
\par
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\par
"EnableFirewall"=1\par
"DoNotAllowExceptions"=0\par
"DisableNotifications"=0\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications]\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts]\par
\par
========== Authorized Applications List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
[2007-10-08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\1171071908\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\par
[2007-08-30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger\par
[2007-08-30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server\par
File not found -- C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody Media Player\par
[2008-03-30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes\par
File not found -- C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client\par
[2008-08-23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\par
File not found -- C:\\Program Files\\Tams11\\Games\\Spades\\spades.exe:*:Enabled:spades\par
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.] Transfer Program\par
File not found -- C:\\WINDOWS\\LMI789.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-06-03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.) -- C:\\AOL 9.1\\waol.exe:*:Enabled:AOL\par
[2007-04-02 07:33:32 | 00,063,120 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed\par
[2005-07-11 16:35:18 | 00,011,352 | ---- | M] (America Online, Inc.) -- C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader\par
[2007-09-17 08:02:47 | 00,206,176 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information\par
[2008-04-13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console\par
File not found -- C:\\WINDOWS\\LMID58.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2007-01-01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\par
File not found -- C:\\WINDOWS\\LMI6B1.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-09-29 01:35:23 | 02,499,928 | ---- | M] (Symantec Corporation) -- C:\\Documents and Settings\\Owner\\7zS6B2.tmp\\SymNRT.exe:*:Enabled:Norton Removal Tool\par
File not found -- C:\\WINDOWS\\LMI31.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-04-17 18:27:00 | 09,117,696 | ---- | M] () -- C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM\par
\par
========== (O18) Protocol Handlers ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\]\par
ipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL ipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
msdaipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\oledb:\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:51 pm

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\oledb:\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAIPP.BINDER]\par
[2006-06-04 18:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Information Retrieval\\msitss.dll (ms-itss:\{0A9007C0-4076-11D3-8789-0000F8105754\} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])\par
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\11\\OWC11.DLL (mso-offdap11:\{32505114-5902-49B2-880A-1F7738E5A384\} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])\par
\par
========== (O18) Protocol Filters ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\] - Protocol Filters\par
[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\MSOXMLMF.DLL text/xml:\{807553E5-5146-11D5-A672-00B0D022E945\} (HKLM) [Reg Error: Value does not exist or could not be read.]\par
\par
========== HKEY_LOCAL_MACHINE Uninstall List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"\{02DFF6B1-1654-411C-8D7B-FD6052EF016F\}"=Apple Software Update\par
"\{075473F5-846A-448B-BCB3-104AA1760205\}"=Roxio RecordNow Data\par
"\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B\}"=Microsoft Plus! Photo Story 2 LE\par
"\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6\}"=Roxio DLA\par
"\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD\}"=QuickTime\par
"\{1EA8F972-45F7-497D-8A03-F40F1A421099\}"=Hallmark Card Studio 3\par
"\{20c53fa2-4307-4671-a93f-9463b29dfcf1\}"=Symantec Technical Support Web Controls\par
"\{21657574-BD54-48A2-9450-EB03B2C7FC29\}"=Roxio MyDVD LE\par
"\{226b64e8-dc75-4eea-a6c8-abcb496320f2\}-Google Talk"=Google Talk (remove only)\par
"\{2318C2B1-4965-11d4-9B18-009027A5CD4F\}"=Google Toolbar for Internet Explorer\par
"\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31\}"=Rhapsody Player Engine\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160010\}"=Java(TM) SE Runtime Environment 6 Update 1\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160020\}"=Java(TM) 6 Update 2\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160030\}"=Java(TM) 6 Update 3\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160050\}"=Java(TM) 6 Update 5\par
"\{33BB4982-DC52-4886-A03B-F4C5C80BEE89\}"=Windows Media Player 10\par
"\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227\}"=WebFldrs XP\par
"\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C\}"=URL Assistant\par
"\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54\}"=Dell CinePlayer\par
"\{44734179-8A79-4DEE-BB08-73037F065543\}"=Apple Mobile Device Support\par
"\{55B30AF2-7331-4436-9318-D9EA45A42F79\}"=The Print Shop 21\par
"\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B\}"=iTunes\par
"\{5AF8C46D-A141-4E69-9EB5-76A43ED29281\}"=Charter High Speed Internet Self-Installation Wizard\par
"\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1\}"=Sonic Activation Module\par
"\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2\}"=EarthLink Setup Files\par
"\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C\}"=AOLIcon\par
"\{6D52C408-B09A-4520-9B18-475B81D393F1\}"=Microsoft Works\par
"\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7\}"=Microsoft Plus! Digital Media Edition Installer\par
"\{7299052b-02a4-4627-81f2-1818da5d550d\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{748F4870-8350-11D3-B0BF-080009FB4A19\}"=HP Share-to-Web\par
"\{74F7662C-B1DB-489E-A8AC-07A06B24978B\}"=Dell System Restore\par
"\{7ADE3A47-B425-45E9-8FF6-11BE2B775645\}"=Corel Snapfire Plus\par
"\{91CA0409-6000-11D3-8CFE-0150048383C9\}"=Microsoft Office Small Business Edition 2003\par
"\{95F9D960-C571-11D0-90F0-00001B1EFBA8\}"=QuickBooks 2001\par
"\{A06275F4-324B-4E85-95E6-87B2CD729401\}"=Windows Defender\par
"\{A49F249F-0C91-497F-86DF-B2585E8E76B7\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{AB708C9B-97C8-4AC9-899B-DBF226AC9382\}"=Roxio RecordNow Audio\par
"\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B\}"=Dell Media Experience\par
"\{AC76BA86-7AD7-1033-7B44-A81200000003\}"=Adobe Reader 8.1.2\par
"\{B1182355-1464-4B43-8986-031A86808495\}"=Event Planner\par
"\{B12665F4-4E93-4AB4-B7FC-37053B524629\}"=Roxio RecordNow Copy\par
"\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C\}"=Adobe ActiveShare 1.5\par
"\{B702CCCE-3176-4DBF-B932-D1B8F402F330\}"=Digital Content Portal\par
"\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1\}"=Microsoft .NET Framework 1.1\par
"\{CEE2252C-4035-4B27-8EC6-0B085DD3A413\}"=Dell Support 3.2.1\par
"\{D2988E9B-C73F-422C-AD4B-A66EBE257120\}"=MCU\par
"\{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE\}"=Canon PhotoRecord\par
"\{DBEA1034-5882-4A88-8033-81C4EF0CFA29\}"=Google Toolbar for Internet Explorer\par
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX\par
"AOL Toolbar 5.0"=\par
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)\par
"CANONBJ_Deinstall_CNMCP64.DLL"=Canon PIXMA iP4000\par
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint\par
"Easytoon 1.9.5"=Easytoon 1.9.5\par
"Easy-WebPrint"=Easy-WebPrint\par
"Family Feud"=Family Feud (remove only)\par
"FaxTalk Communicator 4.5"=FaxTalk Communicator 4.5\par
"Google Desktop"=Google Desktop\par
"HijackThis"=HijackThis 2.0.2\par
"HP PrecisionScan LTX"=HP PrecisionScan LTX\par
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs\par
"ie7"=Windows Internet Explorer 7\par
"InstallShield_\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"iPod Copy Expert_is1"=iPod Copy Expert 3.1.2\par
"iPod To Computer Transfer_is1"=iPod To Computer Transfer 3.5\par
"kb940157"=Windows Search 4.0\par
"Macromedia Shockwave Player"=Macromedia Shockwave Player\par
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1\par
"Monopoly"=Monopoly (remove only)\par
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP\par
"MSNINST"=MSN\par
"MXOFX"=USB Storage Adapter FX (MXO)\par
"MySpaceIM"=MySpaceIM\par
"NAV"=Norton AntiVirus\par
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs\par
"NVIDIA Drivers"=NVIDIA Drivers\par
"RealArcade 1.2"=RealArcade\par
"RealPlayer 6.0"=RealPlayer\par
"SoftwareUpdUtility"=Download Updater (AOL LLC)\par
"Solitaire Master 4"=Solitaire Master 4\par
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6\par
"ViewpointMediaPlayer"=Viewpoint Media Player\par
"WebPost"=Microsoft Web Publishing Wizard 1.52\par
"Windows Media Format Runtime"=Windows Media Format 11 runtime\par
"Windows Media Player"=Windows Media Player 11\par
"Windows XP Service Pack"=Windows XP Service Pack 3\par
"WMFDist11"=Windows Media Format 11 runtime\par
"wmp11"=Windows Media Player 11\par
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0\par
"Yahoo! Companion"=Yahoo! Toolbar\par
"Yahoo! Mail"=Yahoo! Internet Mail\par
"Yahoo! Messenger"=Yahoo! Messenger\par
"YInstHelper"=Yahoo! Install Manager\par
\par
========== HKEY_CURRENT_USER Uninstall List ==========\par
\par
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer\par
"Sprint Digital Lounge"=Sprint Digital Lounge\par
\par
========== Last 10 Event Log Errors ==========\par
\par
[ Application Events ]\par
Error - 2008-11-28 18:07:08 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-11-28 18:13:51 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-12-02 11:49:54 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1000\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:13 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
Error - 2008-12-02 21:54:37 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:54:41 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
[ System Events ]\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7011\par
Description = Timeout (30000 milliseconds) waiting for a transaction response from\par
the NVSvc service.\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-02 11:54:46 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7034\par
Description = The NVIDIA Display Driver Service service terminated unexpectedly.\par
It has done this 1 time(s).\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
\par
< End of report >\par
}

Logged in as Administrator.\par

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:53 pm

\par
Current Boot Mode: Normal\par
Scan Mode: Current user\par
Whitelist: On\par
File Age = 30 Days\par
\par
========== File Associations ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\]\par
.reg [@ = regfile] -- regedit.exe "%1"\par
\par
========== Security Center Settings ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]\par
"FirstRunDisabled"=1\par
"AntiVirusDisableNotify"=0\par
"FirewallDisableNotify"=0\par
"UpdatesDisableNotify"=0\par
"AntiVirusOverride"=1\par
"FirewallOverride"=0\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]\par
\par
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\par
"EnableFirewall"=1\par
"DoNotAllowExceptions"=0\par
"DisableNotifications"=0\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications]\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts]\par
\par
========== Authorized Applications List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
[2007-10-08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\1171071908\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\par
[2007-08-30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger\par
[2007-08-30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server\par
File not found -- C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody Media Player\par
[2008-03-30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes\par
File not found -- C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client\par
[2008-08-23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\par
File not found -- C:\\Program Files\\Tams11\\Games\\Spades\\spades.exe:*:Enabled:spades\par
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.] Transfer Program\par
File not found -- C:\\WINDOWS\\LMI789.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-06-03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.) -- C:\\AOL 9.1\\waol.exe:*:Enabled:AOL\par
[2007-04-02 07:33:32 | 00,063,120 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed\par
[2005-07-11 16:35:18 | 00,011,352 | ---- | M] (America Online, Inc.) -- C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader\par
[2007-09-17 08:02:47 | 00,206,176 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information\par
[2008-04-13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console\par
File not found -- C:\\WINDOWS\\LMID58.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2007-01-01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\par
File not found -- C:\\WINDOWS\\LMI6B1.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-09-29 01:35:23 | 02,499,928 | ---- | M] (Symantec Corporation) -- C:\\Documents and Settings\\Owner\\7zS6B2.tmp\\SymNRT.exe:*:Enabled:Norton Removal Tool\par
File not found -- C:\\WINDOWS\\LMI31.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-04-17 18:27:00 | 09,117,696 | ---- | M] () -- C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM\par
\par
========== (O18) Protocol Handlers ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\]\par
ipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL ipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
msdaipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\oledb:\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAIPP.BINDER]\par
[2006-06-04 18:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Information Retrieval\\msitss.dll (ms-itss:\{0A9007C0-4076-11D3-8789-0000F8105754\} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])\par
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\11\\OWC11.DLL (mso-offdap11:\{32505114-5902-49B2-880A-1F7738E5A384\} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])\par
\par
========== (O18) Protocol Filters ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\] - Protocol Filters\par
[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\MSOXMLMF.DLL text/xml:\{807553E5-5146-11D5-A672-00B0D022E945\} (HKLM) [Reg Error: Value does not exist or could not be read.]\par
\par
========== HKEY_LOCAL_MACHINE Uninstall List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"\{02DFF6B1-1654-411C-8D7B-FD6052EF016F\}"=Apple Software Update\par
"\{075473F5-846A-448B-BCB3-104AA1760205\}"=Roxio RecordNow Data\par
"\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B\}"=Microsoft Plus! Photo Story 2 LE\par
"\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6\}"=Roxio DLA\par
"\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD\}"=QuickTime\par
"\{1EA8F972-45F7-497D-8A03-F40F1A421099\}"=Hallmark Card Studio 3\par
"\{20c53fa2-4307-4671-a93f-9463b29dfcf1\}"=Symantec Technical Support Web Controls\par
"\{21657574-BD54-48A2-9450-EB03B2C7FC29\}"=Roxio MyDVD LE\par
"\{226b64e8-dc75-4eea-a6c8-abcb496320f2\}-Google Talk"=Google Talk (remove only)\par
"\{2318C2B1-4965-11d4-9B18-009027A5CD4F\}"=Google Toolbar for Internet Explorer\par
"\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31\}"=Rhapsody Player Engine\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160010\}"=Java(TM) SE Runtime Environment 6 Update 1\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160020\}"=Java(TM) 6 Update 2\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160030\}"=Java(TM) 6 Update 3\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160050\}"=Java(TM) 6 Update 5\par
"\{33BB4982-DC52-4886-A03B-F4C5C80BEE89\}"=Windows Media Player 10\par
"\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227\}"=WebFldrs XP\par
"\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C\}"=URL Assistant\par
"\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54\}"=Dell CinePlayer\par
"\{44734179-8A79-4DEE-BB08-73037F065543\}"=Apple Mobile Device Support\par
"\{55B30AF2-7331-4436-9318-D9EA45A42F79\}"=The Print Shop 21\par
"\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B\}"=iTunes\par
"\{5AF8C46D-A141-4E69-9EB5-76A43ED29281\}"=Charter High Speed Internet Self-Installation Wizard\par
"\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1\}"=Sonic Activation Module\par
"\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2\}"=EarthLink Setup Files\par
"\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C\}"=AOLIcon\par
"\{6D52C408-B09A-4520-9B18-475B81D393F1\}"=Microsoft Works\par
"\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7\}"=Microsoft Plus! Digital Media Edition Installer\par
"\{7299052b-02a4-4627-81f2-1818da5d550d\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{748F4870-8350-11D3-B0BF-080009FB4A19\}"=HP Share-to-Web\par
"\{74F7662C-B1DB-489E-A8AC-07A06B24978B\}"=Dell System Restore\par
"\{7ADE3A47-B425-45E9-8FF6-11BE2B775645\}"=Corel Snapfire Plus\par
"\{91CA0409-6000-11D3-8CFE-0150048383C9\}"=Microsoft Office Small Business Edition 2003\par
"\{95F9D960-C571-11D0-90F0-00001B1EFBA8\}"=QuickBooks 2001\par
"\{A06275F4-324B-4E85-95E6-87B2CD729401\}"=Windows Defender\par
"\{A49F249F-0C91-497F-86DF-B2585E8E76B7\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{AB708C9B-97C8-4AC9-899B-DBF226AC9382\}"=Roxio RecordNow Audio\par
"\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B\}"=Dell Media Experience\par
"\{AC76BA86-7AD7-1033-7B44-A81200000003\}"=Adobe Reader 8.1.2\par
"\{B1182355-1464-4B43-8986-031A86808495\}"=Event Planner\par
"\{B12665F4-4E93-4AB4-B7FC-37053B524629\}"=Roxio RecordNow Copy\par
"\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C\}"=Adobe ActiveShare 1.5\par
"\{B702CCCE-3176-4DBF-B932-D1B8F402F330\}"=Digital Content Portal\par
"\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1\}"=Microsoft .NET Framework 1.1\par
"\{CEE2252C-4035-4B27-8EC6-0B085DD3A413\}"=Dell Support 3.2.1\par
"\{D2988E9B-C73F-422C-AD4B-A66EBE257120\}"=MCU\par
"\{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE\}"=Canon PhotoRecord\par
"\{DBEA1034-5882-4A88-8033-81C4EF0CFA29\}"=Google Toolbar for Internet Explorer\par
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX\par
"AOL Toolbar 5.0"=\par
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)\

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:53 pm

"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint\par
"Easytoon 1.9.5"=Easytoon 1.9.5\par
"Easy-WebPrint"=Easy-WebPrint\par
"Family Feud"=Family Feud (remove only)\par
"FaxTalk Communicator 4.5"=FaxTalk Communicator 4.5\par
"Google Desktop"=Google Desktop\par
"HijackThis"=HijackThis 2.0.2\par
"HP PrecisionScan LTX"=HP PrecisionScan LTX\par
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs\par
"ie7"=Windows Internet Explorer 7\par
"InstallShield_\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"iPod Copy Expert_is1"=iPod Copy Expert 3.1.2\par
"iPod To Computer Transfer_is1"=iPod To Computer Transfer 3.5\par
"kb940157"=Windows Search 4.0\par
"Macromedia Shockwave Player"=Macromedia Shockwave Player\par
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1\par
"Monopoly"=Monopoly (remove only)\par
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP\par
"MSNINST"=MSN\par
"MXOFX"=USB Storage Adapter FX (MXO)\par
"MySpaceIM"=MySpaceIM\par
"NAV"=Norton AntiVirus\par
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs\par
"NVIDIA Drivers"=NVIDIA Drivers\par
"RealArcade 1.2"=RealArcade\par
"RealPlayer 6.0"=RealPlayer\par
"SoftwareUpdUtility"=Download Updater (AOL LLC)\par
"Solitaire Master 4"=Solitaire Master 4\par
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6\par
"ViewpointMediaPlayer"=Viewpoint Media Player\par
"WebPost"=Microsoft Web Publishing Wizard 1.52\par
"Windows Media Format Runtime"=Windows Media Format 11 runtime\par
"Windows Media Player"=Windows Media Player 11\par
"Windows XP Service Pack"=Windows XP Service Pack 3\par
"WMFDist11"=Windows Media Format 11 runtime\par
"wmp11"=Windows Media Player 11\par
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0\par
"Yahoo! Companion"=Yahoo! Toolbar\par
"Yahoo! Mail"=Yahoo! Internet Mail\par
"Yahoo! Messenger"=Yahoo! Messenger\par
"YInstHelper"=Yahoo! Install Manager\par
\par
========== HKEY_CURRENT_USER Uninstall List ==========\par
\par
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer\par
"Sprint Digital Lounge"=Sprint Digital Lounge\par
\par
========== Last 10 Event Log Errors ==========\par
\par
[ Application Events ]\par
Error - 2008-11-28 18:07:08 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-11-28 18:13:51 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-12-02 11:49:54 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1000\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:13 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
Error - 2008-12-02 21:54:37 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:54:41 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
[ System Events ]\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7011\par
Description = Timeout (30000 milliseconds) waiting for a transaction response from\par
the NVSvc service.\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-02 11:54:46 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7034\par
Description = The NVIDIA Display Driver Service service terminated unexpectedly.\par
It has done this 1 time(s).\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
\par
< End of report >\par
}

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 8:58 pm

Why did you run OTViewIt?

But on the other hand, you may have helped us figure out why your net connection cut out.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 12:59 am

So, you think you know what is wrong with computer??? Is it good or bad? Is is something I can fix?

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Sat Dec 06, 2008 1:06 am

Hello.
Maybe, we just need to figure out what's causing it.
I will ask one of our techs to take a peek at this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 1:13 am

The computer I had been working on and downloading and transferring files started doing the same thing...I noticed during the night the computer had restarted and I could no longer connect to internet. It is trying to use a dial up connection. Also, earlier that night I downloaded security updates from microsoft. I really would appreciate any help you can give!! Thanks

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Sat Dec 06, 2008 1:19 am

You just gave me an idea.
You don't have dialup, yet it's trying to use a dialup.
Which means you might still have dial-up drivers installed on this machine.

What dial-up company is it trying to connect to?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 1:25 am

First window ask which dial up then the only thing listed is broadband connection...next window says trying to connect through WANminiport
Error 769..unreachable

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Sat Dec 06, 2008 1:29 am

Okay, thanks.
I'll wait for Digitalocksmith to drop by and see what he makes of this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 11:47 am

Do you have any ideas on how to solve my problem? Thanks

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 9:08 pm

Does anyone have any ideas on how I might solve my problems? I am not able to connect to internet. Please help if you can, I would really, really appreciate it!!!

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Sat Dec 06, 2008 9:09 pm

Hello Sara.
I am waiting for digital to come by, he will be able to help here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 9:23 pm

Thank You. I didn't want you to forget about me. Smile

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Sat Dec 06, 2008 9:30 pm

I won't, yours is at the top of my list, even if I don't reply, I am still watching this topic.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sun Dec 07, 2008 8:46 pm

Any ideas yet on how I might repair my computers? What do you think about my computer that was working and I was using to download files to a flashdrive and transferring to computer that was not connecting to internet? That computer is now doing the exact same thing as my original computer. Wouldn't that be a virus?

sara
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2008-12-02
OS : windows xp
Points : 29230
# Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Doctor Inferno on Fri Dec 26, 2008 4:35 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64
Points : 104574
# Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum