Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Virus Removal After-Effects
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 3 1 23
View First Unread View First Unread  
LinkBack Thread Tools
Old 10-31-2009, 04:44 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Virus Removal After-Effects
Hi there,

I recently discovered that my Dell Inspiron 1520 laptop had contracted at least 1 virus/trojan/etc. I downloaded free antivirus software which found a number of issues and it proceeded to deal with them. Well, the good news is that it appears the viruses have been taken care of. The bad news is that I believe a file called rarivove.dll may have been quarantined or deleted by the antivirus program. When I restart my computer it gives me an error saying it's trying to access this file but can't. I used msconfig to check under the "startup" tab and found "rarivove.dll" mentioned. When I tried unchecking it to remove it I am prompted to reboot. Once I do, though it acts like I am starting up in some special mode.

My question is: How can I get rid of this error? I just want to remove "rarivove.dll" from the startup of the computer.

Thank you VERY much for your help!

-TC


DDS (Ver_09-10-26.01) - NTFSx86
Run by Daddy at 16:32:23.42 on Sat 10/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1527 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Daddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3080321
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080321
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: {253f6869-6c93-4f32-8f1c-46f13ee5b92d} - pihuzura.dll
BHO: {51142D02-1906-4DAD-8B87-CFD2232F3EB3} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [Google Update] "c:\documents and settings\daddy\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [kozudivak] Rundll32.exe "c:\windows\system32\rarivove.dll",a
StartupFolder: c:\docume~1\daddy\startm~1\programs\startup\scandisk.lnk -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bullhorn.com
Trusted Zone: bullhornstaffing.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4503BC07-768C-4872-9AE3-A5558E73C2FE} - hxxp://www.bullhornstaffing.com/BullhornHelp/Tools/bhconfigactivex.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: efcCrOif - efcCrOif.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: vodayufi.dll c:\windows\system32\rarivove.dll
SSODL: ComponentVolume - {8db1c4a2-e027-46f0-87cf-c28f25eecf13} - No File
SSODL: zip - {e7c2b9bb-df5e-4dc4-9155-705fb98cd941} - c:\windows\installer\{e7c2b9bb-df5e-4dc4-9155-705fb98cd941}\zip.dll
SSODL: omlbpkaw - {4F8BF616-11D6-47D1-A8AA-7FBDADE106B6} - No File
SSODL: pmsoarbf - {70B59C7B-589A-4EB4-8D56-6A8F1D3F5C08} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: rukipojuk - {29be6aa7-2e33-40d0-aa4e-b3e7324f681f} - No File
STS: {29be6aa7-2e33-40d0-aa4e-b3e7324f681f}: kupuhivus
SEH: {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyvvVmL
LSA: Notification Packages = scecli kanupele.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daddy\applic~1\mozilla\firefox\profiles\b1vvvszk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\daddy\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\daddy\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-27 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-29 24652]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-3-21 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-3-21 7424]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys --> c:\windows\system32\drivers\usbbc.sys [?]

=============== Created Last 30 ================

2009-10-29 02:29:18 0 d-----w- c:\windows\system32\NtmsData
2009-10-29 01:43:35 2105344 ----a-w- c:\windows\system32\secsetup.sdb
2009-10-28 02:12:02 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-28 02:11:58 0 d-----w- c:\program files\Avira
2009-10-28 02:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-10-27 23:24:00 1393 ----a-w- c:\windows\imsins.BAK
2009-10-27 23:07:43 0 d-----w- c:\program files\CCleaner
2009-10-27 22:27:09 0 d--h--w- c:\windows\PIF
2009-10-27 05:04:18 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-27 04:56:37 122464 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-27 04:16:50 0 d-----w- c:\windows\pss
2009-10-27 03:37:33 0 d-----w- C:\3ca381f6758cbe65e33b10a376
2009-10-27 03:28:56 0 d-----w- c:\documents and settings\daddy\Tracing
2009-10-27 03:27:43 0 d-----w- c:\program files\Microsoft
2009-10-27 03:27:23 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-27 03:24:21 0 d-----w- c:\program files\common files\Windows Live
2009-10-27 01:33:53 0 d-----w- c:\docume~1\alluse~1\applic~1\78207428
2009-10-27 01:28:03 0 ----a-w- c:\windows\win32k.sys
2009-10-22 00:52:00 0 d-----w- c:\documents and settings\daddy\.thumbnails
2009-10-22 00:50:42 0 d-----w- c:\documents and settings\daddy\.gimp-2.6
2009-10-22 00:50:11 0 d-----w- c:\program files\GIMP-2.0

==================== Find3M ====================

2009-09-26 01:47:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-26 01:47:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 08:08:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-04-19 23:35:03 321208 --sha-w- c:\windows\system32\LmVvvyxx.ini2
2008-04-19 01:04:17 6493 --sha-w- c:\windows\system32\PrBdLRqr.ini2
2008-08-23 15:43:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 16:32:44.64 ===============
Attached Files
File Type: zip Attach.zip (4.2 KB, 5 views)
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-03-2009, 10:05 AM   #2 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2009, 07:27 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Thanks for the help - here's the log!

ComboFix 09-11-05.05 - Daddy 11/06/2009 21:11.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1618 [GMT -5:00]
Running from: c:\documents and settings\Daddy\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Daddy\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\a.bat
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\FVProtect.exe
c:\windows\Installer\{e7c2b9bb-df5e-4dc4-9155-705fb98cd941}\zip.dll
c:\windows\iTunesMusic.exe
c:\windows\mssecu.exe
c:\windows\system32\isapeep.sys
c:\windows\system32\LmVvvyxx.ini
c:\windows\system32\LmVvvyxx.ini2
c:\windows\system32\PrBdLRqr.ini
c:\windows\system32\PrBdLRqr.ini2
c:\windows\system32akttzn.exe
c:\windows\system32anticipator.dll
c:\windows\system32awtoolb.dll
c:\windows\system32bdn.com
c:\windows\system32bsva-egihsg52.exe
c:\windows\system32dpcproxy.exe
c:\windows\system32emesx.dll
c:\windows\system32h@tkeysh@@k.dll
c:\windows\system32hoproxy.dll
c:\windows\system32hxiwlgpm.dat
c:\windows\system32hxiwlgpm.exe
c:\windows\system32medup012.dll
c:\windows\system32medup020.dll
c:\windows\system32msgp.exe
c:\windows\system32msnbho.dll
c:\windows\system32mssecu.exe
c:\windows\system32msvchost.exe
c:\windows\system32mtr2.exe
c:\windows\system32mwin32.exe
c:\windows\system32netode.exe
c:\windows\system32newsd32.exe
c:\windows\system32ps1.exe
c:\windows\system32psof1.exe
c:\windows\system32psoft1.exe
c:\windows\system32regc64.dll
c:\windows\system32regm64.dll
c:\windows\system32Rundl1.exe
c:\windows\system32smp
c:\windows\system32smp\msrc.exe
c:\windows\system32sncntr.exe
c:\windows\system32ssurf022.dll
c:\windows\system32ssvchost.com
c:\windows\system32ssvchost.exe
c:\windows\system32sysreq.exe
c:\windows\system32taack.dat
c:\windows\system32taack.exe
c:\windows\system32temp#01.exe
c:\windows\system32thun.dll
c:\windows\system32thun32.dll
c:\windows\system32VBIEWER.OCX
c:\windows\system32vbsys2.dll
c:\windows\system32vcatchpi.dll
c:\windows\system32winlogonpc.exe
c:\windows\system32winsystem.exe
c:\windows\system32WINWGPX.EXE
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-10-29 02:29 . 2009-11-07 01:59 -------- d-----w- c:\windows\system32\NtmsData
2009-10-29 01:17 . 2009-11-01 22:21 -------- d-----w- c:\documents and settings\Daddy\Local Settings\Application Data\Temp
2009-10-28 02:12 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-28 02:12 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-28 02:12 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-28 02:12 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-28 02:11 . 2009-10-28 02:11 -------- d-----w- c:\program files\Avira
2009-10-28 02:11 . 2009-10-28 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-28 00:45 . 2009-10-27 05:04 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-10-28 00:44 . 2009-10-27 05:04 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-10-28 00:44 . 2009-10-27 05:04 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-10-27 23:07 . 2009-10-27 23:07 -------- d-----w- c:\program files\CCleaner
2009-10-27 22:27 . 2009-10-27 23:27 -------- d--h--w- c:\windows\PIF
2009-10-27 05:04 . 2009-10-29 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-27 04:56 . 2009-10-27 04:56 122464 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-27 04:55 . 2009-10-27 04:55 -------- d-----w- c:\program files\Safari
2009-10-27 03:37 . 2009-10-27 03:37 -------- d-----w- C:\3ca381f6758cbe65e33b10a376
2009-10-27 03:28 . 2009-10-27 03:33 -------- d-----w- c:\documents and settings\Daddy\Tracing
2009-10-27 03:27 . 2009-10-27 03:27 -------- d-----w- c:\program files\Microsoft
2009-10-27 03:27 . 2009-10-27 03:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-27 03:26 . 2009-10-27 03:27 -------- d-----w- c:\program files\Windows Live
2009-10-27 03:24 . 2009-10-27 03:24 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-27 02:38 . 2009-10-27 02:38 -------- d-sh--w- c:\documents and settings\Administrator.PICARD\IETldCache
2009-10-27 01:33 . 2009-10-27 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\78207428
2009-10-27 01:33 . 2009-10-27 01:33 274 ----a-w- c:\documents and settings\All Users\Application Data\78207428\78207428.bat
2009-10-27 01:28 . 2009-10-29 01:40 0 ----a-w- c:\windows\win32k.sys
2009-10-22 00:54 . 2009-10-22 00:54 -------- d-----w- c:\documents and settings\Daddy\Application Data\gtk-2.0
2009-10-22 00:52 . 2009-10-22 00:52 -------- d-----w- c:\documents and settings\Daddy\.thumbnails
2009-10-22 00:50 . 2009-10-22 01:03 -------- d-----w- c:\documents and settings\Daddy\.gimp-2.6
2009-10-22 00:50 . 2009-10-22 00:50 -------- d-----w- c:\program files\GIMP-2.0
2009-10-13 20:53 . 2009-10-13 20:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 22:03 . 2008-10-23 02:35 -------- d-----w- c:\documents and settings\Mommy\Application Data\Skype
2009-11-06 21:54 . 2008-10-23 02:37 -------- d-----w- c:\documents and settings\Mommy\Application Data\skypePM
2009-11-02 01:47 . 2008-08-03 23:29 -------- d-----w- c:\documents and settings\Daddy\Application Data\Skype
2009-11-02 00:29 . 2008-03-28 23:56 -------- d-----w- c:\documents and settings\Daddy\Application Data\skypePM
2009-11-01 18:39 . 2008-03-26 23:59 166560 ----a-w- c:\documents and settings\Daddy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-01 02:17 . 2009-10-03 20:56 -------- d-----w- c:\documents and settings\Daddy\Application Data\Move Networks
2009-10-27 05:04 . 2008-04-19 00:54 -------- d-----w- c:\program files\AVG
2009-10-27 04:56 . 2008-03-29 15:38 -------- d-----w- c:\documents and settings\Daddy\Application Data\Apple Computer
2009-10-27 03:16 . 2008-03-27 00:14 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-15 11:56 . 2008-03-21 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 20:53 . 2008-04-01 00:34 -------- d-----w- c:\documents and settings\Daddy\Application Data\Roxio
2009-10-04 02:44 . 2008-10-01 01:57 256 ----a-w- c:\windows\system32\pool.bin
2009-09-26 01:47 . 2008-05-26 15:27 -------- d-----w- c:\program files\Common Files\Real
2009-09-26 01:47 . 2009-09-26 01:47 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-26 01:47 . 2008-03-21 17:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-26 01:47 . 2008-05-26 15:27 -------- d-----w- c:\program files\Real
2009-09-26 01:47 . 2008-03-21 17:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-11 22:27 . 2008-08-12 00:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-10 18:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Daddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"combofix"="c:\combofix\CF11429.exe" [2009-11-07 389120]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-07-10 405504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-21 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=
"c:\\WINDOWS\\system32\\WLTRAY.EXE"=
"c:\\WINDOWS\\system32\\ctfmon.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/27/2009 9:12 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/29/2008 5:50 PM 24652]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [3/21/2008 12:17 PM 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [3/21/2008 12:17 PM 7424]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys --> c:\windows\system32\Drivers\usbbc.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2861158407-3291394557-279429582-1006Core.job
- c:\documents and settings\Daddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 01:16]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2861158407-3291394557-279429582-1006UA.job
- c:\documents and settings\Daddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 01:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=3080321
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080321
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bullhorn.com
Trusted Zone: bullhornstaffing.com
DPF: {4503BC07-768C-4872-9AE3-A5558E73C2FE} - hxxp://www.bullhornstaffing.com/BullhornHelp/Tools/bhconfigactivex.CAB
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
FF - ProfilePath - c:\documents and settings\Daddy\Application Data\Mozilla\Firefox\Profiles\b1vvvszk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Daddy\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{253f6869-6c93-4f32-8f1c-46f13ee5b92d} - pihuzura.dll
BHO-{51142D02-1906-4DAD-8B87-CFD2232F3EB3} - (no file)
Toolbar-{3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)
HKCU-Run-Aim6 - (no file)
SharedTaskScheduler-{29be6aa7-2e33-40d0-aa4e-b3e7324f681f} - (no file)
ShellExecuteHooks-{6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - (no file)
SSODL-ComponentVolume-{8db1c4a2-e027-46f0-87cf-c28f25eecf13} - (no file)
SSODL-zip-{e7c2b9bb-df5e-4dc4-9155-705fb98cd941} - c:\windows\Installer\{e7c2b9bb-df5e-4dc4-9155-705fb98cd941}\zip.dll
SSODL-omlbpkaw-{4F8BF616-11D6-47D1-A8AA-7FBDADE106B6} - (no file)
SSODL-pmsoarbf-{70B59C7B-589A-4EB4-8D56-6A8F1D3F5C08} - (no file)
SSODL-rukipojuk-{29be6aa7-2e33-40d0-aa4e-b3e7324f681f} - (no file)
Notify-efcCrOif - efcCrOif.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 21:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-07 21:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 02:24

Pre-Run: 90,411,397,120 bytes free
Post-Run: 90,673,385,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 93096B29312A46CE3850358B000C0AEA
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2009, 07:56 PM   #4 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Hello neckstomp. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Viewpoint Media Player<<This is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Please read here and here

------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 17 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click Continue The page will refresh.
  • Click on the link to download Windows Offline Installation and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or My Computer) > Control Panel and double-click on Add or Remove Programs and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java(TM) SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
    • Delete jre-6u17-windows-i586-p.exe from your desktop.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at any Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

Kaspersky report
report on system behavior
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 09:24 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Hi again,

My system is working very well...seems to boot up faster, and I haven't run into any strange errors or behaviors, etc. However, one problem still remains even though it appears (see report below) that my laptop is virus-free. I am now trying to re-install Internet Explorer but can't.

Before following all the instructions you've given me I would try to install the program but it would fail during installation at the "Scanning your computer for malicious software" stage but now it gets past that and fails at the "Installing Internet Explorer 8" step which is the next step in the process.

It does place a shortcut on my desktop that takes me to Microsoft's site and gives troubleshooting tips, but I don't want to do that unless you think it's best. I'll wait to hear from you before doing anything else.

Thanks!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, November 7, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, November 07, 2009 13:30:30
Records in database: 3170369
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 87622
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:29:37

No threats found. Scanned area is clean.

Selected area has been scanned.
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 10:07 AM   #6 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Follow the troubleshooting tips and let me know.
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-12-2009, 07:11 PM   #7 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Hi, I tried all of the suggestions that the troubleshooting offered but none of them had any effect. I spoke to the IT guy at my work and he suggested that it could be something in the registry that is preventing the installation.

Any other suggestions?

Thanks!
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-12-2009, 07:52 PM   #8 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Hello again, neckstomp. Are these the steps you tried? Did you try them all?

http://support.microsoft.com/kb/949220

Have you tried installing IE7 first?

http://www.microsoft.com/downloads/d...displaylang=en

Then try installing IE8. Let me know.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-13-2009, 08:01 PM   #9 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Hi Chemist,

Yes, that is the page that I was being directed to and I believe that I tried all of the troubleshooting suggestions there. Tonight I tried installing IE7 and that failed as well. I made sure that I had my antivirus software disabled too to no avail.

Any more ideas?
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-13-2009, 08:29 PM   #10 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Hello again, neckstomp. Run dds again and post/attach the logs.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
Last edited by chemist; 11-13-2009 at 08:30 PM.
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-15-2009, 02:29 PM   #11 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Hi Chemist,

As requested, here's the results from DDS.

-NECKSTOMP

==================================================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Daddy at 16:24:49.51 on Sun 11/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1523 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\daddy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bullhorn.com
Trusted Zone: bullhornstaffing.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4503BC07-768C-4872-9AE3-A5558E73C2FE} - hxxp://www.bullhornstaffing.com/BullhornHelp/Tools/bhconfigactivex.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daddy\applic~1\mozilla\firefox\profiles\b1vvvszk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\daddy\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-27 108289]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-3-21 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-3-21 7424]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys --> c:\windows\system32\drivers\usbbc.sys [?]

=============== Created Last 30 ================

2009-11-13 02:14:03 0 d-----w- c:\program files\Free Window Registry Repair
2009-11-09 02:17:08 0 d-----w- c:\program files\ACW
2009-11-07 13:46:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-07 13:46:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-07 02:08:32 0 d-sha-r- C:\cmdcons
2009-11-07 02:07:31 98816 ----a-w- c:\windows\sed.exe
2009-11-07 02:07:31 77312 ----a-w- c:\windows\MBR.exe
2009-11-07 02:07:31 267264 ----a-w- c:\windows\PEV.exe
2009-11-07 02:07:31 161792 ----a-w- c:\windows\SWREG.exe
2009-11-07 02:07:22 0 d-----w- C:\ComboFix
2009-10-29 02:29:18 0 d-----w- c:\windows\system32\NtmsData
2009-10-29 01:43:35 2105344 ----a-w- c:\windows\system32\secsetup.sdb
2009-10-28 02:12:02 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-28 02:11:58 0 d-----w- c:\program files\Avira
2009-10-28 02:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-10-27 23:24:00 1374 ----a-w- c:\windows\imsins.BAK
2009-10-27 23:07:43 0 d-----w- c:\program files\CCleaner
2009-10-27 22:27:09 0 d--h--w- c:\windows\PIF
2009-10-27 05:04:18 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-27 04:56:37 122464 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-27 04:16:50 0 d-----w- c:\windows\pss
2009-10-27 03:37:33 0 d-----w- C:\3ca381f6758cbe65e33b10a376
2009-10-27 03:28:56 0 d-----w- c:\documents and settings\daddy\Tracing
2009-10-27 03:27:43 0 d-----w- c:\program files\Microsoft
2009-10-27 03:27:23 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-27 03:24:21 0 d-----w- c:\program files\common files\Windows Live
2009-10-27 01:33:53 0 d-----w- c:\docume~1\alluse~1\applic~1\78207428
2009-10-27 01:28:03 0 ----a-w- c:\windows\win32k.sys
2009-10-22 00:52:00 0 d-----w- c:\documents and settings\daddy\.thumbnails
2009-10-22 00:50:42 0 d-----w- c:\documents and settings\daddy\.gimp-2.6
2009-10-22 00:50:11 0 d-----w- c:\program files\GIMP-2.0

==================== Find3M ====================

2009-09-26 01:47:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-26 01:47:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 08:08:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-08-23 15:43:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 16:25:35.82 ===============
Attached Files
File Type: zip Attach.zip (3.5 KB, 1 views)
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-15-2009, 04:14 PM   #12 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Hello again, neckstomp. I'm running out of ideas here. I read where a user uninstalled SP3, then reinstalled it and was able to install IE8. Would you be willing to do that?

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard] 
"ShellNext"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
dir /a /s "c:\documents and settings\all users\application data\78207428" > log.txt
notepad log.txt
del peek.bat
Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-16-2009, 05:55 PM   #13 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Thanks yet again, Chemist...here's the contents of the peek.bat file...

Volume in drive C has no label.
Volume Serial Number is E0EE-8006

Directory of c:\documents and settings\all users\application data\78207428

10/27/2009 12:16 AM <DIR> .
10/27/2009 12:16 AM <DIR> ..
10/26/2009 08:33 PM 274 78207428.bat
1 File(s) 274 bytes

Total Files Listed:
1 File(s) 274 bytes
2 Dir(s) 89,257,508,864 bytes free
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-16-2009, 06:49 PM   #14 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Hello again, neckstomp. Did you read my last question?

Go to Start > Run and copy/paste the following into the Run box and click OK:

cmd /c rd /s/q "c:\documents and settings\all users\application data\78207428"

A DOS window will open and close again, this is normal.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-17-2009, 05:54 PM   #15 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Hi Chemist,

Yes, I did read the question...I think. If the question was whether or not I was willing to try uninstalling and then reinstalling SP3 the answer is yes. I thought that the last couple steps you've had me do were doing that but correct me if I'm wrong.

I completed the last step (i.e.
cmd /c rd /s/q "c:\documents and settings\all users\application data\78207428") and will wait to hear what I should do next.

Thanks yet again,
TC
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-17-2009, 06:16 PM   #16 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Hello again, neckstomp. That last step was just to delete a stray folder.

To uninstall SP3 > http://support.microsoft.com/kb/950249

------------------------------------------------------

If Automatic Updates are enabled, you should be prompted to install both SP3 and IE8.

If not, go to > http://update.microsoft.com

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2009, 05:41 PM   #17 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Uh-oh.

I uninstalled SP3 without any problems. However, I have now tried 3 or 4 separate times to download and install it again from Microsoft's website and it fails every time.

-TC
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2009, 06:08 PM   #18 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,627
OS: XP SP3


Re: Virus Removal After-Effects
Did you reboot after uninstalling it? What happens when you try to install it? How far does it get? Any error messages?

Do you have a relatively fast download speed?
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2009, 06:27 PM   #19 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
Yes, I rebooted after the uninstallation. Once I go to the Microsoft website it says that I need to get the SP3 update. I click through and it says that it's downloading but then it fails and gives the following message...

Windows XP Service Pack 3 (KB936929)
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2009, 06:34 PM   #20 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 25
OS: XP


Re: Virus Removal After-Effects
I just tried it again and watched more closely. It never gets to a point where it's actually installing. The progress bar moves roughly 1/3 of the way and the whole time above it says that it's still downloading.

Don't know if that helps at all.
neckstomp is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:47 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85