Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
Re: Windows Install 'not correctly installed'[moved from xp] Re: Windows Install 'not correctly installed'[moved from xp]
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 09-09-2007, 01:10 PM   #1 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 33
OS: XP


Re: Windows Install 'not correctly installed'[moved from xp]
Original post:

Right, I've been scouring the internet for a couple of days to try and get this sorted, but so far I've had no success.

I think there are a lot of underlying issues aside from this problem, but at the moment this is probably the most important.

I'm a relative beginner as far as computer geekness goes, being only 16 years old, but being more than computer literate.

The problem arose when I tried to clear up my registry using RegSeeker and CCleaner a few days ago. Everything seemed to be fine. Then everything wasn't fine. I tried to system restore back 1 day, then 2, then 3, but none of them worked.

I tried to go restore the backup files within RegSeeker but they didn't seem to work, and then of course they disappeared after I had tried.

So then it all began I guess. I followed some advice from a friend on getting rid of the 'LiveCall' Process, which was hogging quite a bit of CPU, then things started to go wrong. I removed LiveCall and other .dll's from the Messenger folder in Program Files, then when trying to open Windows Messenger, it came up with the windows installer box 'Preparing to Install..' after a while an error popped up saying 'Windows installer could not be accessed. This can occur if you are running in safe mode or the installer is not correctly installed'. I put all the LiveCall and .dll's I had removed back to where they are supposed to be, but still the same problems. I probably screwed things up even more whilst trying to fix them but hey.

So I try re-installing messenger but the same error pops up. I look on the internet and tried going into 'Services' via Control Panel to make sure Installer was started. It's set as Manual startup, but the service status is set as Stopped. When I click start the message 'Windows Installer service started then stopped. Some services stop automatically if they have no work to do etc'.

The path to executable is 'C:\WINDOWS\System32\msiexec.exe /V' As it apparently should be, from looking on other help sites.

I've typed 'msiexec /unreg' then msiexec /regserver' in Run, as advised by many sites too.

I've typed in 'cmd' then tried the 'ren msiexec.dll msiexec.old' commands as advised by the windows sites. But nothing has worked.

I've tried installing the newest version of Windows Installer (3.1?) but that won't work.

I tried repairing Windows XP using the disc I got when I got my computer (4 years old) but thats just set me back onto service pack one, windows installer STILL doesn't work, tried updating to service pack two (what I was on a few days ago) but now that won't work saying 'The update cannot be applied'. It's the SP-2 update for Microsoft Office 2000 to let you know.

Every couple of weeks, sometimes everyday, my computer also restarts itself, when I log back on it says Windows has recovered from a serious error. I have no viruses when I scan with Norton Antivirus 2006, no problems when I scan with Spybot - Search and Destroy, SpySweeper or Adaware. I rarely get any problems when I scan using Windows Defender.

I probably am a bit naive when downloading certain things or going on certain websites, and also quite impatient when trying to get things to work. This might have contributed to the problems I'm having.

My computer is working. I'm typing from it right now whilst also on Windows Messenger (I have to install Messenger Plus! everytime I want to open up Messenger as it opens it up itself).


HiJack This Log:

Deckard's System Scanner v20070905.67
Run by Mr Frosdick on 2007-09-09 19:57:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-09-09 18:57:44 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-09-09 18:50:05 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Mr Frosdick.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:08, on 09/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Mr Frosdick\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mr Frosdick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: QuickTranslate - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\edtrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/j...avx86_3805.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108212661453
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3140D56-E30F-4444-B29D-9F40EE48294E}: NameServer = 192.168.0.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9679 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 netwg311 (NETGEAR WG311v2 802.11g Wireless PCI Adapter) - c:\windows\system32\drivers\netwg311.sys <Not Verified; NETGEAR, Inc; NETGEAR WG311 Adapter>
S3 ovt519 (D-Link VGA Webcam) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SaiNtHid - c:\windows\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe

S0 wscsvc (Security Center) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
Device ID: USB\VID_0846&PID_6A00\00184DF0D58E
Manufacturer: NETGEAR Inc.
Name: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
PNP Device ID: USB\VID_0846&PID_6A00\00184DF0D58E
Service: RTLWUSB


-- Scheduled Tasks -------------------------------------------------------------

2007-09-09 19:56:29 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-09-08 19:35:00 288 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2007-09-06 17:27:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-25 18:03:47 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Mr Frosdick.job


-- Files created between 2007-08-09 and 2007-09-09 -----------------------------

2007-09-09 18:33:02 0 d-------- C:\Program Files\SpywareBlaster
2007-09-09 17:02:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-09-08 21:29:20 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2007-09-08 21:29:15 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2007-09-08 21:29:12 32528 -ra------ C:\WINDOWS\amcap.exe
2007-09-08 21:29:10 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2007-09-08 21:29:09 25211 -ra------ C:\WINDOWS\System32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-09-08 21:23:31 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application>
2007-09-08 21:23:26 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2007-09-08 21:23:24 174530 -ra------ C:\WINDOWS\System32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2007-09-08 21:23:13 40960 -ra------ C:\WINDOWS\System32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-09-08 21:23:12 16426 -ra------ C:\WINDOWS\System32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-09-08 20:16:29 0 d-------- C:\Program Files\nLite
2007-09-08 18:41:42 0 d-------- C:\Program Files\Trend Micro
2007-09-08 17:01:57 0 d-------- C:\e7e6b5e83e16583c07a649b4dd7836f1
2007-09-08 16:00:43 0 d-------- C:\2c4499a45de648c5d9bc780f88
2007-09-08 15:19:32 0 d-------- C:\62946cfc9bec811d3975f3
2007-09-08 13:27:23 0 d-------- C:\39f66fbb5cd4547a9e6d
2007-09-08 0104 76864 --a------ C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
2007-09-07 23:55:32 0 d-------- C:\fba5649408df1be4d7021555
2007-09-07 22:09:54 0 d-------- C:\WINDOWS\Prefetch
2007-09-06 20:07:26 0 d-------- C:\Program Files\Windows Live
2007-09-06 20:07:24 0 d-------- C:\Program Files\Messenger Plus! Live
2007-09-06 16:18:55 0 d-------- C:\Documents and Settings\Mr Frosdick\Application Data\Uniblue
2007-09-05 15:33:17 0 dr-h----- C:\Documents and Settings\Mr Frosdick\Recent
2007-08-20 18:04:18 0 d-------- C:\Program Files\ACW
2007-08-16 16:32:49 0 d-------- C:\Program Files\iTunes


-- Find3M Report ---------------------------------------------------------------

2007-09-09 19:59:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-09 18:29:34 0 d-------- C:\Program Files\Windows Defender
2007-09-09 18:20:58 0 d-------- C:\Program Files\MSN Messenger
2007-09-09 18:18:08 0 d-------- C:\Program Files\Messenger
2007-09-08 22:27:27 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-07 21:57:25 0 d-------- C:\Program Files\Movie Maker
2007-09-07 21:56:44 23348 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-09-07 21:55:31 0 d-------- C:\Program Files\Online Services
2007-09-07 21:55:25 0 d-------- C:\Program Files\Windows NT
2007-09-05 15:38:01 0 d-------- C:\Program Files\RegScrubXP
2007-08-29 17:15:43 0 d-------- C:\Program Files\NudgeMania
2007-08-29 17:04:26 0 d-------- C:\Program Files\DivX
2007-08-16 16:33:08 0 d-------- C:\Program Files\iPod
2007-08-16 16:27:57 0 d-------- C:\Program Files\Apple Software Update
2007-07-28 18:41:16 0 d-------- C:\Program Files\BitTorrent
2007-07-20 15:56:19 0 d-------- C:\Program Files\Java
2007-07-12 16:58:53 0 d-------- C:\Program Files\QuickTime
2007-06-22 00:59:45 7141 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [30/07/2002 16:50 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 23:19]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Smss"=ssms.exe
"Microsoft Updates"=wkssvrs.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Slim Multimedia Keyboard.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr Frosdick^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
"C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??? ?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mercora]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NudgeMania]
C:\Program Files\NudgeMania\NudgeMania.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??? ?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart




-- End of Deckard's System Scanner: finished at 2007-09-09 20:03:37 ------------

I also did a Panda ActiveScan and can post the Report if required.

Thanks.
Attached Files
File Type: txt extra.txt (16.6 KB, 2 views)
Last edited by adfro7 : 09-09-2007 at 01:33 PM.
adfro7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-12-2007, 06:04 PM   #2 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,584
OS: Windows XP Pro


Re: Windows Install 'not correctly installed'[moved from xp]
Hello,

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Messenger Plus! Live <<< This program is known to install the LOP infection, which you have. If the program is a must have, reinstall it and decline when asked to install the sponsor's software.


--------------------------------------------------------------
  1. Download combofix.exe to your desktop.
  2. Disconnect from the internet....pull the plug!
  3. Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
  4. Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan.
  5. When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    --------------------------------------------------------------
  6. Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
  7. Re-establish an internet connection.

    --------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/j...avx86_3805.exe

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------

Delete the following Folder indicated in BLUE

C:\Program Files\ Messenger Plus! Live

--------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

DO NOT run SDFix yet. We will shortly

--------------------------------------------------------------

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Paste the contents of the Report.txt back on the forum

--------------------------------------------------------------

Restart your computer in Normal Mode

--------------------------------------------------------------

Please Download NoLop to your desktop from here or here

First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

--------------------------------------------------------------

Run Deckard's System Scanner (dss.exe) again, and post the resulting log.

--------------------------------------------------------------

Download fl.zip
  • Extract the contents of the fl.zip to a new folder on Desktop.
  • Within the folder, locate & double-click fl.bat.
  • It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

--------------------------------------------------------------

Please reply back with the following:

C:\ComboFix.txt
C:\SDFix\report.txt
C:\NoLop.log
DSS Log (main.txt)
C:\findlop.txt
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by forhockey : 09-12-2007 at 09:58 PM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-13-2007, 06:32 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 33
OS: XP


Re: Windows Install 'not correctly installed'[moved from xp]
Thank you for the reply. Much appreciated.

ComboFix.txt

ComboFix 07-09-13.1 - "Mr Frosdick" 2007-09-13 12:21:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.226 [GMT 1:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\install.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\zjwptlc.dat
C:\WINDOWS\system32\zjwptlc_nav.dat
C:\WINDOWS\system32\zjwptlc_navps.dat

.
((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.

2007-09-13 12:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 18:20 991,232 --a--c--- C:\WINDOWS\system32\dllcache\esent.dll
2007-09-11 18:20 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-09-11 16:32 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-09-11 16:32 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-09-11 16:32 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2007-09-11 16:32 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-09-11 16:32 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-09-11 16:32 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-09-11 16:17 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-10 16:34 <DIR> d-------- C:\Program Files\LGSCC
2007-09-10 14:54 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2007-09-10 14:54 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-09-10 14:54 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2007-09-10 14:54 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-09-10 14:54 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-09-09 19:49 <DIR> d-------- C:\Deckard
2007-09-09 18:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-09 17:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-08 20:16 <DIR> d-------- C:\Program Files\nLite
2007-09-08 18:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-08 17:01 <DIR> d-------- C:\e7e6b5e83e16583c07a649b4dd7836f1
2007-09-08 16:00 <DIR> d-------- C:\2c4499a45de648c5d9bc780f88
2007-09-08 15:19 <DIR> d-------- C:\62946cfc9bec811d3975f3
2007-09-08 13:27 <DIR> d-------- C:\39f66fbb5cd4547a9e6d
2007-09-08 01:06 76,864 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-09-07 23:55 <DIR> d-------- C:\fba5649408df1be4d7021555
2007-09-07 22:46 2,854,400 --a--c--- C:\WINDOWS\system32\dllcache\msi.dll
2007-09-07 22:46 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2007-09-07 21:52 50,048 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2007-09-07 21:52 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-09-07 21:52 5,888 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-09-07 21:52 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-09-07 21:51 56,576 --a--c--- C:\WINDOWS\system32\dllcache\redbook.sys
2007-09-07 21:51 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-07 21:51 23,070 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2007-09-07 21:51 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-09-07 21:48 38,024 --a--c--- C:\WINDOWS\system32\dllcache\termdd.sys
2007-09-07 21:48 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-09-07 21:46 71,168 --a--c--- C:\WINDOWS\system32\dllcache\storprop.dll
2007-09-07 21:46 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-09-07 21:46 696,320 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2007-09-07 21:46 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-09-07 21:46 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-07 21:46 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-09-07 21:46 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-07 21:46 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2007-09-07 21:46 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-09-06 16:18 <DIR> d-------- C:\DOCUME~1\MRFROS~1\APPLIC~1\Uniblue
2007-08-20 18:04 <DIR> d-------- C:\Program Files\ACW
2007-08-16 16:32 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 12:18 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 12:13 --------- d-------- C:\Program Files\MSN Messenger
2007-09-09 18:29 --------- d-------- C:\Program Files\Windows Defender
2007-09-09 17:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-05 15:38 --------- d-------- C:\Program Files\RegScrubXP
2007-09-03 17:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-31 19:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
2007-08-29 17:15 --------- d-------- C:\Program Files\NudgeMania
2007-08-29 17:04 --------- d-------- C:\Program Files\DivX
2007-08-16 16:33 --------- d-------- C:\Program Files\iPod
2007-08-16 16:27 --------- d-------- C:\Program Files\Apple Software Update
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 18:41 --------- d-------- C:\Program Files\BitTorrent
2005-02-13 17:53 1608258711 -----c--- C:\DOCUME~1\GAMESP~1\PlanetSide_Trial.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-07-30 16:50 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MessengerPlusLiveUninstall"="C:\DOCUME~1\MRFROS~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Smss"=ssms.exe
"Microsoft Updates"=wkssvrs.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Slim Multimedia Keyboard.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr Frosdick^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
"C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??? ?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mercora]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NudgeMania]
C:\Program Files\NudgeMania\NudgeMania.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??? ?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\System32\drivers\cdrbsvsd.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\System32\drivers\kbfilter.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
S3 ovt519;D-Link VGA Webcam;C:\WINDOWS\System32\Drivers\ov519vid.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-06 16:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-08 18:35:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-09-13 11:11:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-08-25 17:03:47 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Mr Frosdick.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 12:25:27
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-13 12:26:50
C:\ComboFix-quarantined-files.txt ... 2007-09-13 12:26
.
--- E O F ---

SDFix report:



SDFix: Version 1.104

Run by Mr Frosdick on 13/09/2007 at 12:51

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\photo album.zip - Deleted
C:\WINDOWS\system32\TFTP108 - Deleted
C:\WINDOWS\system32\TFTP1584 - Deleted
C:\WINDOWS\system32\TFTP1828 - Deleted
C:\WINDOWS\system32\TFTP2204 - Deleted
C:\WINDOWS\system32\TFTP2256 - Deleted
C:\WINDOWS\system32\TFTP2312 - Deleted
C:\WINDOWS\system32\TFTP2388 - Deleted
C:\WINDOWS\system32\TFTP2424 - Deleted
C:\WINDOWS\system32\TFTP2456 - Deleted
C:\WINDOWS\system32\TFTP2468 - Deleted
C:\WINDOWS\system32\TFTP2508 - Deleted
C:\WINDOWS\system32\TFTP2524 - Deleted
C:\WINDOWS\system32\TFTP2540 - Deleted
C:\WINDOWS\system32\TFTP2584 - Deleted
C:\WINDOWS\system32\TFTP2640 - Deleted
C:\WINDOWS\system32\TFTP2664 - Deleted
C:\WINDOWS\system32\TFTP2776 - Deleted
C:\WINDOWS\system32\TFTP2912 - Deleted
C:\WINDOWS\system32\TFTP2920 - Deleted
C:\WINDOWS\system32\TFTP3068 - Deleted
C:\WINDOWS\system32\TFTP3108 - Deleted
C:\WINDOWS\system32\TFTP3152 - Deleted
C:\WINDOWS\system32\TFTP3180 - Deleted
C:\WINDOWS\system32\TFTP3308 - Deleted
C:\WINDOWS\system32\TFTP3468 - Deleted
C:\WINDOWS\system32\TFTP3572 - Deleted
C:\WINDOWS\system32\TFTP3860 - Deleted
C:\WINDOWS\system32\TFTP3988 - Deleted
C:\WINDOWS\system32\TFTP4040 - Deleted
C:\WINDOWS\system32\TFTP596 - Deleted
C:\WINDOWS\system32\TFTP736 - Deleted
C:\WINDOWS\system32\TFTP828 - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Mr Frosdick\Local Settings\Application Data\Microsoft\Messenger\adfro7@hotmail.com\Sharing Folders\james.silcocks@virgin.net\Thumbs.db
C:\Documents and Settings\Mr Frosdick\Local Settings\Application Data\Microsoft\Messenger\adfro7@hotmail.com\Sharing Folders\just-another-gurl@hotmail.co.uk\Thumbs.db
C:\Documents and Settings\Mr Frosdick\Local Settings\Application Data\Microsoft\Messenger\adfro7@hotmail.com\Sharing Folders\shopingirl@hotmail.co.uk\Thumbs.db
C:\Documents and Settings\Mr Frosdick\Local Settings\Application Data\Microsoft\Messenger\adfro7@hotmail.com\Sharing Folders\sparky512@hotmail.com\Thumbs.db
C:\Program Files\MSN\msnupdate!@#@.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL0502.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL0794.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL0945.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL1081.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL1131.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL1562.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL1768.tmp
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft\Word\~WRL3795.tmp
C:\Documents and Settings\Mr Frosdick\My Documents\School Coursework\Chemistry Coursework\~WRL3844.tmp
C:\WINDOWS\SoftwareDistribution\Download\0517cc2832608c5f74e53ec8a1135de0\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\18c1a1593af784d8ae89fb6c900d638b\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\1b89e3340d93b6277003025acd5249a7\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\2aa01bbee9359c4caf92cfc9ca3fbcab\BIT10.tmp
C:\WINDOWS\SoftwareDistribution\Download\3e0b4501d29a5fd00cd66fad3878e2d9\BITB.tmp
C:\WINDOWS\SoftwareDistribution\Download\9f7cccb506518c997838d49cb7f4058a\BIT3.tmp
C:\WINDOWS\SoftwareDistribution\Download\a01e50cfb4102993289bf8a1cda60c90\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\a5011208915d16a381f507ca5ca1e58b\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\bce8b448be8ab78bf5554cb891433e02\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\c2c4fa677e639c07d30b1f09126e4e6d\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\c73c66b25486d50bb7ed9541eceb63f5\BITD.tmp
C:\WINDOWS\SoftwareDistribution\Download\d10774f067cd8298a1fc3fe386492c55\BIT6.tmp
C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\BIT1.tmp
C:\WINDOWS\SoftwareDistribution\Download\ee8ad039568a6693a19ccd1ccc209dd3\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\f037f96e464f48eb02f3d2bac4f56206\BITE.tmp
C:\WINDOWS\SoftwareDistribution\Download\f9c8d0becd9aaabc91af18775ce2309f\BIT6.tmp
C:\WINDOWS\SoftwareDistribution\Download\fb9eba34e2b13bc7149fc804c17504d2\BIT3.tmp
C:\WINDOWS\SoftwareDistribution\Download\fe6814035c4cb28fd3442d25c7d06b32\BITC.tmp
C:\WINDOWS\SoftwareDistribution\Download\ff9579795cae5d14822c80acd30cca3d\BIT1.tmp

Finished!


NoLop! Log:

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Mr Frosdick\Desktop
[13/09/2007]
[13:24:29]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn Messenger 7.0.0604 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Od2
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbt
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users\Application Data\Zylom
C:\Documents and Settings\All Users\Application Data\{70fe9869-8d38-4eb3-8541-a735c2285cf7}
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Mr Frosdick\Application Data\.abc
C:\Documents and Settings\Mr Frosdick\Application Data\.abc 3.01
C:\Documents and Settings\Mr Frosdick\Application Data\Adobe
C:\Documents and Settings\Mr Frosdick\Application Data\Apple Computer
C:\Documents and Settings\Mr Frosdick\Application Data\Bittorrent
C:\Documents and Settings\Mr Frosdick\Application Data\Corel
C:\Documents and Settings\Mr Frosdick\Application Data\Google
C:\Documents and Settings\Mr Frosdick\Application Data\Help
C:\Documents and Settings\Mr Frosdick\Application Data\Identities
C:\Documents and Settings\Mr Frosdick\Application Data\Intertrust
C:\Documents and Settings\Mr Frosdick\Application Data\Intervideo
C:\Documents and Settings\Mr Frosdick\Application Data\Kontiki
C:\Documents and Settings\Mr Frosdick\Application Data\Lavasoft
C:\Documents and Settings\Mr Frosdick\Application Data\Leadertech
C:\Documents and Settings\Mr Frosdick\Application Data\Macromedia
C:\Documents and Settings\Mr Frosdick\Application Data\Mercora
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft
C:\Documents and Settings\Mr Frosdick\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Mr Frosdick\Application Data\Mozilla
C:\Documents and Settings\Mr Frosdick\Application Data\Msn6
C:\Documents and Settings\Mr Frosdick\Application Data\Od2
C:\Documents and Settings\Mr Frosdick\Application Data\Real
C:\Documents and Settings\Mr Frosdick\Application Data\Roxio
C:\Documents and Settings\Mr Frosdick\Application Data\Sports Interactive
C:\Documents and Settings\Mr Frosdick\Application Data\Sun
C:\Documents and Settings\Mr Frosdick\Application Data\Symantec
C:\Documents and Settings\Mr Frosdick\Application Data\Talkback
C:\Documents and Settings\Mr Frosdick\Application Data\Teamspeak2
C:\Documents and Settings\Mr Frosdick\Application Data\Ubi.com
C:\Documents and Settings\Mr Frosdick\Application Data\Uniblue
C:\Documents and Settings\Mr Frosdick\Application Data\Webroot
C:\Documents and Settings\Mr Frosdick\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Mr Frosdick\Application Data\Yahoo!
C:\Documents and Settings\Mr Frosdick\Application Data\Zylom
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec



DSS Log:


Deckard's System Scanner v20070905.67
Run by Mr Frosdick on 2007-09-13 13:25:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Mr Frosdick.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:44, on 13/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mr Frosdick\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MRFROS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: QuickTranslate - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\edtrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108212661453
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3140D56-E30F-4444-B29D-9F40EE48294E}: NameServer = 192.168.0.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9457 bytes

-- Files created between 2007-08-13 and 2007-09-13 -----------------------------

2007-09-13 13:22:23 212 --a------ C:\delete.bat
2007-09-13 12:49:53 0 d-------- C:\WINDOWS\ERUNT
2007-09-12 19:08:52 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:51 171280 --a------ C:\WINDOWS\System32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:50 139536 --a------ C:\WINDOWS\System32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:50 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-09-12 19:08:49 313856 --a------ C:\WINDOWS\System32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-09-12 19:08:27 113 --a------ C:\WINDOWS\System32\zonedon.reg
2007-09-12 19:08:26 113 --a------ C:\WINDOWS\System32\zonedoff.reg
2007-09-12 19:08:25 171792 --a------ C:\WINDOWS\System32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:23 286992 --a------ C:\WINDOWS\System32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:23 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:21 947472 --a------ C:\WINDOWS\System32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:20 154384 --a------ C:\WINDOWS\System32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:20 172304 --a------ C:\WINDOWS\System32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:20 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:19 404752 --a------ C:\WINDOWS\System32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:19 63248 --a------ C:\WINDOWS\System32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:18 187152 --a------ C:\WINDOWS\System32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-12 19:08:17 49424 --a------ C:\WINDOWS\System32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-11 16:17:16 0 d-------- C:\WINDOWS\LastGood
2007-09-10 16:34:44 0 d-------- C:\Program Files\LGSCC
2007-09-10 14:55:19 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2007-09-10 14:55:19 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application>
2007-09-10 14:55:18 174530 -ra------ C:\WINDOWS\System32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2007-09-10 14:55:17 16426 -ra------ C:\WINDOWS\System32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-09-10 14:55:17 40960 -ra------ C:\WINDOWS\System32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-09-10 14:54:55 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-09-09 18:33:02 0 d-------- C:\Program Files\SpywareBlaster
2007-09-09 17:02:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-09-08 21:29:20 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2007-09-08 21:29:15 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2007-09-08 21:29:12 32528 -ra------ C:\WINDOWS\amcap.exe
2007-09-08 21:29:10 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2007-09-08 21:29:09 25211 -ra------ C:\WINDOWS\System32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2007-09-08 20:16:29 0 d-------- C:\Program Files\nLite
2007-09-08 18:41:42 0 d-------- C:\Program Files\Trend Micro
2007-09-08 17:01:57 0 d-------- C:\e7e6b5e83e16583c07a649b4dd7836f1
2007-09-08 16:00:43 0 d-------- C:\2c4499a45de648c5d9bc780f88
2007-09-08 15:19:32 0 d-------- C:\62946cfc9bec811d3975f3
2007-09-08 13:27:23 0 d-------- C:\39f66fbb5cd4547a9e6d
2007-09-08 0104 76864 --a------ C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
2007-09-07 23:55:32 0 d-------- C:\fba5649408df1be4d7021555
2007-09-07 22:09:54 0 d-------- C:\WINDOWS\Prefetch
2007-09-06 16:18:55 0 d-------- C:\Documents and Settings\Mr Frosdick\Application Data\Uniblue
2007-09-05 15:33:17 0 dr-h----- C:\Documents and Settings\Mr Frosdick\Recent
2007-08-20 18:04:18 0 d-------- C:\Program Files\ACW
2007-08-16 16:32:49 0 d-------- C:\Program Files\iTunes


-- Find3M Report ---------------------------------------------------------------

2007-09-13 12:40:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 12:13:46 0 d-------- C:\Program Files\MSN Messenger
2007-09-09 18:29:34 0 d-------- C:\Program Files\Windows Defender
2007-09-09 18:18:08 0 d-------- C:\Program Files\Messenger
2007-09-08 22:27:27 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-07 21:57:25 0 d-------- C:\Program Files\Movie Maker
2007-09-07 21:56:44 23348 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-09-07 21:55:31 0 d-------- C:\Program Files\Online Services
2007-09-07 21:55:25 0 d-------- C:\Program Files\Windows NT
2007-09-05 15:38:01 0 d-------- C:\Program Files\RegScrubXP
2007-08-29 17:15:43 0 d-------- C:\Program Files\NudgeMania
2007-08-29 17:04:26 0 d-------- C:\Program Files\DivX
2007-08-16 16:33:08 0 d-------- C:\Program Files\iPod
2007-08-16 16:27:57 0 d-------- C:\Program Files\Apple Software Update
2007-07-28 18:41:16 0 d-------- C:\Program Files\BitTorrent
2007-07-20 15:56:19 0 d-------- C:\Program Files\Java
2007-06-22 00:59:45 7141 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [30/07/2002 16:50 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 23:19]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Smss"=ssms.exe
"Microsoft Updates"=wkssvrs.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Slim Multimedia Keyboard.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mr Frosdick^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
"C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??? ?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mercora]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NudgeMania]
C:\Program Files\NudgeMania\NudgeMania.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??? ?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart




-- End of Deckard's System Scanner: finished at 2007-09-13 13:26:34 ------------




findlop.txt:


Volume in drive C has no label.
Volume Serial Number is 5049-F76E

Directory of C:\Documents and Settings\All Users\Application Data

05/07/2007 00:12 <DIR> Apple
13/10/2006 17:47 <DIR> Apple Computer
13/12/2002 10:18 <DIR> CyberLink
24/10/2005 20:07 <DIR> MSN Messenger 7.0.0604
25/12/2002 08:25 <DIR> MSN6
04/12/2005 19:55 <DIR> Napster
12/02/2005 15:47 <DIR> OD2
21/05/2007 19:30 1,774 QTSBandwidthCache
21/04/2005 20:35 <DIR> QuickTime
18/12/2002 10:06 <DIR> SBT
18/04/2006 19:34 <DIR> Sony Ericsson
03/09/2007 17:09 <DIR> Spybot - Search & Destroy
09/09/2007 17:36 <DIR> Symantec
31/05/2007 00:17 <DIR> Trymedia
03/05/2006 20:50 <DIR> Windows Genuine Advantage
15/12/2006 22:02 <DIR> Yahoo!
18/11/2006 15:45 <DIR> Yahoo! Companion
31/08/2007 19:14 <DIR> Zylom
11/02/2005 21:50 <DIR> {70FE9869-8D38-4EB3-8541-A735C2285CF7}
1 File(s) 1,774 bytes
18 Dir(s) 21,946,482,688 bytes free
Volume in drive C has no label.
Volume Serial Number is 5049-F76E

Directory of C:\Documents and Settings\Mr Frosdick\Application Data

31/05/2007 01:19 <DIR> .ABC
20/08/2006 20:43 <DIR> .ABC 3.01
04/12/2002 13:16 <DIR> Adobe
22/01/2006 00:58 <DIR> Apple Computer
04/11/2006 00:52 <DIR> BitTorrent
26/12/2002 16:07 <DIR> Corel
25/12/2005 19:54 <DIR> Google
06/02/2004 17:22 <DIR> Help
20/09/2005 17:25 <DIR> Identities
04/12/2002 13:16 <DIR> InterTrust
13/12/2002 10:15 <DIR> InterVideo
18/12/2003 21:02 <DIR> Kontiki
03/03/2007 18:34 <DIR> Lavasoft
11/07/2003 17:48 <DIR> Leadertech
11/03/2005 23:14 <DIR> Macromedia
14/02/2006 00:21 <DIR> Mercora
18/12/2002 09:59 <DIR> Microsoft Web Folders
12/02/2005 14:04 <DIR> Mozilla
11/01/2003 20:11 <DIR> MSN6
12/02/2005 15:46 <DIR> OD2
06/07/2005 21:32 <DIR> Real
31/03/2005 16:30 <DIR> Roxio
04/11/2006 22:22 <DIR> Sports Interactive
13/02/2005 20:40 <DIR> Sun
04/12/2002 13:25 <DIR> Symantec
07/03/2005 23:00 <DIR> Talkback
21/01/2007 20:05 <DIR> teamspeak2
16/01/2004 20:07 <DIR> ubi.com
06/09/2007 16:18 <DIR> Uniblue
15/10/2006 15:28 1,388 ViewerApp.dat
03/03/2007 19:40 <DIR> Webroot
31/05/2007 00:32 <DIR> WinRAR
14/11/2006 20:24 <DIR> Yahoo!
27/06/2005 20:46 <DIR> Zylom
1 File(s) 1,388 bytes
33 Dir(s) 21,946,482,688 bytes free
Volume in drive C has no label.
Volume Serial Number is 5049-F76E

Directory of C:\Documents and Settings\Default User\Application Data

04/12/2002 05:09 <DIR> .
04/12/2002 05:09 <DIR> ..
07/09/2007 21:46 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 21,946,482,688 bytes free
Volume in drive C has no label.
Volume Serial Number is 5049-F76E

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 5049-F76E

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 09/06/2007 17:27:00
NextRun: 09/13/2007 17:27:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ....R..
StartDate: 08/16/2007
EndDate: 00/00/0000
StartTime: 17:27
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Disk Cleanup.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\system32\cleanmgr.exe'
Parameters: ''
WorkingDirectory: 'C:\WINDOWS\system32'
Comment: ''
Creator: 'Adam's Tidy Account'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 09/15/2007 19:35:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 1
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ......A
StartDate: 09/22/2004
EndDate: 00/00/0000
StartTime: 19:35
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'MP Scheduled Scan.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Windows Defender\MpCmdRun.exe'
Parameters: 'Scan -RestrictPrivileges'
WorkingDirectory: ''
Comment: 'Scheduled Scan'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 09/14/2007 1:57:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 09/13/2007
EndDate: 00/00/0000
StartTime: 01:57
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Run Full System Scan - Mr Frosdick.j
ob'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\Yahoo!\NAV\Navw32.exe'
Parameters: '/TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Mr Frosdick'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/25/2007 18:00:00
NextRun: 09/22/2007 18:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 4
DaysOfTheWeek: ......A
StartDate: 11/17/2006
EndDate: 00/00/0000
StartTime: 18:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


Thanks again for the help.
adfro7 is offline  
Digg this Post!Add Post to del.icio.us