Jump to content

Malwarebytes/HJT won't run.


drewtltl
 Share

Recommended Posts

Hey all, I was sent from the computer help forum because they thought this may be a malware issue. I removed Norton Internet Security in favor of Avast! and I used the Norton Removal Tool. It ran through and Norton was gone however I had no connectivity to the internet and when I looked at my device manager I had errors for all the Network Adapters. My computer in effect doesn't see my network adapters. I thought it was a registry issue so I used a backup that I had on my hard-drive but that didn't solve the problem.

On restart now I had gotten various errors but now mainly 2 errors saying "svchost.exe Application Error: the instruction at "0x00000000 referenced memory at "0x00000000". The memory could not be "written" click OK to terminate the program."

Then after clicking OK another window pops up saying "Windows must restart because the DCOM Server Process Launcher terminated unexpectedly" then counts down from 1:00 and restarts the computer. However it doesn't fully shut off only takes my desktop icons away and stays at only my wallpaper and nothing else. the "DCOM Server Process Launcher terminated unexpectedly"

I used run>"shutdown -a" to stop this loop however no program will open up. I can navigate the explorer windows and go into folders however no program will open up, it only stays at pointer/hourglass. I booted into safe-mode and was able to run things, and did run a malwarebytes scan which came back with some results. I don't have the results with me, as I must use another computer to post this but will try and get the log onto a jumpdrive and upload it. Any help would be greatly appreciated.

Link to post
Share on other sites

Three day bump + I got malwarebytes and HJT to run so here are the logs. Thanks so much guys.

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

9/25/2009 7:35:33 PM

mbam-log-2009-09-25 (19-35-33).txt

Scan type: Full Scan (C:\|)

Objects scanned: 263225

Time elapsed: 1 hour(s), 19 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:36:46 PM, on 9/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\xampp\apache\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\xampp\mysql\bin\mysqld.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\xampp\apache\bin\httpd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\imapi.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-21-797254157-2600967024-19941151-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-797254157-2600967024-19941151-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - S-1-5-21-797254157-2600967024-19941151-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab

O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 9804 bytes

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi,

Not sure what happened here and I'm not that sure either it's malware causing this. If it is, then it's probably a file infector... and in succh cases a format and reinstall is the best/fastest/safest solution.

However, in your case I have the feeling that your Comodo is causing this. That's why, please uninstall Comodo, reboot and let me know if there's any improvement.

Link to post
Share on other sites

Hey thanks for the reply! So I couldn't find COMODO in the add/remove so I re ran the installer, and it showed up so I removed it and rebooted. On reboot the computer did the same thing: 1) Warning saying "svchost.exe Application Error: the instruction at "0x00000000 referenced memory at "0x00000000". The memory could not be "written" click OK to terminate the program."

Then 2) after clicking OK another window pops up saying "Windows must restart because the DCOM Server Process Launcher terminated unexpectedly" then counts down from 1:00 to restart the computer.

I do the run>"shutdown -a" to stop the countdown. The programs are working fine, and I can do things on the computer once I stop the loop, its just that the computer doesn't see any drivers for my ethernet adapter or my wireless adapter, nor will it let me install them from .exe files from the manufacturer. So that's about where we are now.

Link to post
Share on other sites

  • Staff

Hi,

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Copy and paste the contents of DDS.txt in your next reply. Do not copy and paste the contents of Attach.txt, but attach it to your reply instead.

Link to post
Share on other sites

Here's the logs!

DDS (Ver_09-09-29.01) - NTFSx86

Run by Drew Rolle at 17:07:45.07 on Wed 10/07/2009

Internet Explorer: 7.0.5730.11

AV: avast! antivirus 4.8.1351 [VPS 090918-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\drewro~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: &AOL Toolbar search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://www.mathxl.com/applets/PearsonInstallAsst.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - hxxp://www.mathxl.com/applets/DeltaCVX.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\drewro~1\applic~1\mozilla\firefox\profiles\kpks9sn1.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-07 13:31 120 a------- c:\windows\CIS_Setup_3.11.108364.552_XP_Vista_x32.INI

2009-09-28 21:45 53,248 a------- c:\windows\iwlandrvxpver.dll

2009-09-23 15:55 2,732,032 a------- c:\windows\system32\Netw2r32.dll

2009-09-23 15:55 557,056 a------- c:\windows\system32\Netw2c32.dll

2009-09-20 20:11 130,432 a------- c:\windows\system32\drivers\Rtnicxp.sys

2009-09-20 20:11 73,728 a------- c:\windows\system32\RtNicProp32.dll

2009-09-19 22:06 70,833 a------- c:\windows\system32\drivers\sfi.dat

2009-09-19 22:03 <DIR> --d----- c:\program files\COMODO

2009-09-16 16:12 <DIR> --d----- C:\CCALI

2009-09-13 19:48 1,897,408 a------- c:\windows\system32\drivers\nv4_mini.sys

2009-09-13 19:48 1,897,408 a------- c:\windows\system32\dllcache\nv4_mini.sys

2009-09-13 19:48 4,274,816 a------- c:\windows\system32\nv4_disp.dll

2009-09-13 19:48 4,274,816 a------- c:\windows\system32\dllcache\nv4_disp.dll

2009-09-12 20:09 28,544 a------- c:\windows\system32\drivers\pavboot.sys

2009-09-12 20:07 <DIR> --d----- c:\program files\Panda Security

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-08-19 07:41 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-08-19 07:41 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll

2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll

2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

2006-11-24 21:42 1,504 ac------ c:\docume~1\drewro~1\applic~1\wklnhst.dat

2006-08-14 10:25 604 ac--h--- c:\program files\STLL Notifier

2009-06-10 13:25 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-07-18 19:42 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071820080719\index.dat

============= FINISH: 17:08:26.62 ===============

Attach.txt

Link to post
Share on other sites

  • Staff

Hi,

There's nothing malicious showing in your logs though. That's why I'm still thinking it's a legit program causing this. Also the fact that there are no problems in safe mode...

Can you also temporary uninstall your Avast please as it may be a potential cause as well.

Also uninstall Viewpoint Manager (Remove Only) and Viewpoint Media Player since they are not really recommended.

From your log, I can also see that some drivers were installed related with realtek. It wouldn't suprise me that the problem also started after that.

Do you remember installing something recently related with your nvidia, realtek or networkcard? Was this before or after the problems started?

Can you tell me when these problems started? Date?

Also, it looks like this is a common problem with Norton as well. More people have reported this problem. See here:

http://community.norton.com/norton/board/m...thread.id=35539

After you have uninstalled Avast and rebooted, I would try to reinstall Norton again and see if that solves the issue. Then uninstall it again without the use of the Norton removal tool, but with the main uninstaller.

Link to post
Share on other sites

In response to two of your questions:

I ran the norton removal tool and as a result I had no connectivity and my computer was not seeing my network devices. It was showing new entries under network devices with "Symantec Network Security miniport" at the end. I ran the tool again and these entries in device manager with the "Symantec Network Security Miniport" disappeared leaving only the Realtek RTL8139/810x Family Fast Ethernet NIC device and the Intel

Link to post
Share on other sites

  • Staff

Hi,

I guess it's better to contact Symantec support for that since this issue has been reported multiple times already after uninstalling Norton and reinstalling it.

They may perfectly know what exactly is causing this and can give you the correct instructions for it since they are trained in this all.

This is their forum where you can register and give an explanation of your problem:

http://community.norton.com/norton/board?b...id=nis_feedback

I'm sure they will be able to help you :lol:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.