Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

virus software shutting down

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

virus software shutting down

Unread postby Blu Fog » May 31st, 2008, 1:30 am

Here is my hijack log...can anybody please help. it has also affected my speed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:38 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\max\Desktop\New Folder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5E642A8-E181-4FC3-B5E3-B82D345FD92E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\max\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8745000546
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnnOgDV - nnnnOgDV.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8505 bytes
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am
Advertisement
Register to Remove

Re: virus software shutting down

Unread postby dan12 » May 31st, 2008, 2:59 am

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: virus software shutting down

Unread postby Blu Fog » May 31st, 2008, 9:11 am

Thank you so much for all your help. here is the report.

ComboFix 08-05-29.1 - max 2008-05-31 5:55:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.515 [GMT -7:00]
Running from: C:\Documents and Settings\max\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM0b3cd98f.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\GNXwaGgh.ini
C:\WINDOWS\system32\GNXwaGgh.ini2
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\qsjvpguj.ini2
C:\WINDOWS\system32\qsjvpguj.tmp
C:\WINDOWS\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-30 21:01 . 2008-05-30 21:46 <DIR> d-------- C:\Program Files\ACW
2008-05-28 16:41 . 2008-05-28 16:41 <DIR> d-------- C:\Documents and Settings\max\Application Data\Steinberg
2008-05-28 16:27 . 2005-06-04 09:08 487,936 --a------ C:\WINDOWS\system32\rmbe3260.dll
2008-05-28 16:27 . 2005-06-04 09:09 352,768 --a------ C:\WINDOWS\system32\pngu3263.dll
2008-05-28 16:27 . 2005-06-04 09:09 131,072 --a------ C:\WINDOWS\system32\pneng50.dll
2008-05-28 16:27 . 2005-06-04 09:09 130,560 --a------ C:\WINDOWS\system32\pnc3250.dll
2008-05-28 16:27 . 2005-06-04 09:08 87,040 --a------ C:\WINDOWS\system32\ra32sipr.dll
2008-05-28 16:27 . 2005-06-04 09:11 85,504 --a------ C:\WINDOWS\system32\encdnet.dll
2008-05-28 16:27 . 2005-06-04 09:09 81,920 --a------ C:\WINDOWS\system32\ra3214_4.dll
2008-05-28 16:27 . 2005-06-04 09:09 72,704 --a------ C:\WINDOWS\system32\ra3228_8.dll
2008-05-28 16:27 . 2005-06-04 09:09 61,952 --a------ C:\WINDOWS\system32\decdnet.dll
2008-05-28 16:27 . 2005-06-04 09:09 21,504 --a------ C:\WINDOWS\system32\ra32dnet.dll
2008-05-28 16:24 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-28 16:24 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-28 16:24 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-28 16:24 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-05-28 16:24 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-05-28 16:24 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-28 16:23 . 2008-05-28 16:24 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-28 16:23 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-28 16:23 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-05-21 19:16 . 2008-05-22 20:18 <DIR> d-------- C:\FaceShop
2008-05-18 13:19 . 2008-05-18 13:19 <DIR> d-------- C:\Program Files\PowerISO
2008-05-14 19:20 . 2008-05-14 19:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-12 17:11 . 2008-05-30 20:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 17:11 . 2008-05-12 17:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-12 17:10 . 2008-05-12 17:11 <DIR> d-------- C:\Program Files\iTunes
2008-05-12 17:10 . 2008-05-12 17:10 <DIR> d-------- C:\Program Files\iPod
2008-05-12 17:09 . 2008-05-12 17:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-10 09:24 . 2008-05-10 09:24 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-05-06 19:30 . 2004-02-25 23:17 38,868 --------- C:\WINDOWS\hpomdl03.dat
2008-05-06 19:30 . 2008-05-06 19:38 29,694 --a------ C:\WINDOWS\hpoins03.dat
2008-05-06 19:24 . 2008-05-06 19:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-06 19:01 . 2004-02-25 23:17 38,868 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-05-06 19:01 . 2004-02-25 23:21 29,128 --------- C:\WINDOWS\hpoins03.dat.temp
2008-05-06 18:31 . 2008-05-06 18:31 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-05 23:26 . 2008-05-05 23:26 <DIR> d-------- C:\Documents and Settings\max\Application Data\Template
2008-05-05 23:25 . 2008-05-05 23:25 <DIR> d-------- C:\Documents and Settings\max\Application Data\Thinstall
2008-05-05 23:25 . 2008-05-05 23:28 134 --a------ C:\Documents and Settings\max\Application Data\wklnhst.dat
2008-05-05 19:49 . 2004-08-04 05:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-05 19:47 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-05 19:46 . 2004-08-04 05:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-05 19:44 . 2004-08-04 05:00 99,840 --a--c--- C:\WINDOWS\system32\dllcache\helphost.exe
2008-05-05 19:44 . 2004-08-04 05:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\notiflag.exe
2008-05-05 19:44 . 2004-08-04 05:00 21,504 --a--c--- C:\WINDOWS\system32\dllcache\brpinfo.dll
2008-05-05 19:44 . 2004-08-04 05:00 6,656 --a--c--- C:\WINDOWS\system32\dllcache\hcappres.dll
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-05 19:44 . 2008-05-05 19:44 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-05 19:43 . 2004-08-04 05:00 768,512 --a--c--- C:\WINDOWS\system32\dllcache\helpctr.exe
2008-05-05 19:43 . 2004-08-04 05:00 743,936 --a--c--- C:\WINDOWS\system32\dllcache\helpsvc.exe
2008-05-05 19:43 . 2004-08-04 05:00 376,320 --a--c--- C:\WINDOWS\system32\dllcache\msinfo.dll
2008-05-05 19:43 . 2004-08-04 05:00 102,400 --a--c--- C:\WINDOWS\system32\dllcache\pchshell.dll
2008-05-05 19:43 . 2004-08-04 05:00 38,912 --a--c--- C:\WINDOWS\system32\dllcache\pchsvc.dll
2008-05-05 19:43 . 2004-08-04 05:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\hscupd.exe
2008-05-05 19:43 . 2004-08-04 05:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-05 19:29 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-05 19:29 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-05 19:29 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-05 19:29 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-05 19:08 . 2008-05-05 19:08 1,360 --a------ C:\WINDOWS\setupapi.old
2008-05-05 12:14 . 2008-05-05 12:14 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2008-05-05 12:14 . 2008-05-05 12:14 <DIR> d-------- C:\WINDOWS\Provisioning
2008-05-04 18:41 . 2008-05-04 18:41 <DIR> d-------- C:\Program Files\CCleaner
2008-05-04 16:52 . 2004-08-04 05:00 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-05-04 08:13 . 2008-05-04 08:13 <DIR> d-------- C:\EmergencyUtils
2008-05-04 07:16 . 2008-05-04 07:16 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-04 06:42 . 2008-05-04 06:42 0 --a------ C:\WINDOWS\vpc32.INI
2008-05-03 22:08 . 2008-05-31 06:00 40 --a------ C:\WINDOWS\system32\profile.dat
2008-05-03 22:06 . 2006-05-05 16:19 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-03 22:06 . 2006-05-05 16:19 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-03 22:03 . 2008-05-03 22:03 <DIR> d-------- C:\Program Files\Symantec Client Security
2008-05-03 20:48 . 2008-05-03 22:06 <DIR> d-------- C:\Program Files\Symantec
2008-05-03 14:50 . 2008-05-03 14:50 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 22:35 . 2008-04-30 22:35 1,024 --a------ C:\WINDOWS\system32\pdssmpn.tgz
2008-04-30 22:34 . 2008-04-30 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VertusTech
2008-04-27 11:25 . 2008-04-27 11:25 <DIR> d-------- C:\Documents and Settings\max\WINDOWS
2008-04-27 10:02 . 2008-04-27 10:57 44,544 --a------ C:\WINDOWS\AWuninstall.exe
2008-04-27 07:59 . 2008-04-27 07:59 <DIR> d--hs---- C:\found.003
2008-04-20 14:45 . 2008-04-20 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-20 14:44 . 2008-04-20 18:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-20 14:44 . 2008-04-20 14:44 <DIR> d-------- C:\Documents and Settings\max\Application Data\SUPERAntiSpyware.com
2008-04-20 13:00 . 2008-04-27 22:04 663 --a------ C:\WINDOWS\wininit.ini
2008-04-20 12:28 . 2008-04-20 12:28 294 --ahs---- C:\WINDOWS\system32\tphxjwah.ini
2008-04-19 23:45 . 2008-04-20 11:39 526 --ahs---- C:\WINDOWS\system32\qgnyknbs.ini
2008-04-13 17:30 . 2008-04-13 17:32 <DIR> d-------- C:\Documents and Settings\max\Application Data\Filter Forge Freepack 2 - Photo Effects
2008-04-08 08:40 . 2008-04-08 09:35 <DIR> d-------- C:\WINDOWS\system32\ccRSpool
2008-04-08 08:40 . 2008-04-08 08:50 3 --a------ C:\WINDOWS\rsclient.dll
2008-04-03 00:01 . 2008-04-03 00:01 78,848 --a------ C:\WINDOWS\system32\svers.dll
2008-04-03 00:01 . 2008-04-03 00:01 78,848 --a------ C:\WINDOWS\svers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 12:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 04:23 --------- d-----w C:\Documents and Settings\max\Application Data\U3
2008-05-31 00:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-31 00:19 --------- d-----w C:\Documents and Settings\max\Application Data\FileZilla
2008-05-30 23:41 --------- d-----w C:\Documents and Settings\max\Application Data\mjusbsp
2008-05-29 03:58 --------- d-----w C:\Documents and Settings\max\Application Data\uTorrent
2008-05-28 04:02 --------- d-----w C:\Program Files\FileZilla Client
2008-05-22 12:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-22 12:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-17 15:42 --------- d-----w C:\Program Files\MagicISO
2008-05-13 00:10 --------- d-----w C:\Program Files\Bonjour
2008-05-11 22:04 --------- d-----w C:\Documents and Settings\max\Application Data\AdobeUM
2008-05-04 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-04 02:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-04 02:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-28 04:52 --------- d-----w C:\Program Files\MSN Messenger
2008-04-20 21:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 22:03 --------- d-----w C:\Documents and Settings\max\Application Data\Alien Skin
2008-04-08 15:50 --------- d-----w C:\Program Files\Accessories
2008-04-07 03:54 --------- d-----w C:\Program Files\QuickTime
2008-04-07 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-23 17:12 691,545 ----a-w C:\WINDOWS\unins000.exe
2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5E642A8-E181-4FC3-B5E3-B82D345FD92E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"cdloader"="C:\Documents and Settings\max\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 07:39 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 01:40 124656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-09-18 13:25 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-18 13:25 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-18 13:25 7630848]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnOgDV]
nnnnOgDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\max\\Application Data\\mjusbsp\\magicJack.exe"=

R0 ALLOW-IO;ALLOW-IO;C:\WINDOWS\system32\Drivers\ALLOW-IO.sys [2005-06-21 07:47]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6efd3be1-68a8-11dc-b381-000000000000}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f5b6057-fde0-11dc-b428-00508dc3ce1f}]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\phone\command - F:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 17:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-31 13:04:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-24 03:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - max.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 06:02:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\PROGRA~1\Symantec\SYMANT~1\NscTop.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
.
**************************************************************************
.
Completion time: 2008-05-31 6:09:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 13:09:11

Pre-Run: 55,656,161,280 bytes free
Post-Run: 55,559,692,288 bytes free

245 --- E O F --- 2008-05-31 10:00:25
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am

Re: virus software shutting down

Unread postby dan12 » May 31st, 2008, 5:43 pm

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\tphxjwah.ini
C:\WINDOWS\system32\qgnyknbs.ini
C:\WINDOWS\vpc32.INI
Folder::
C:\WINDOWS\system32\ccRSpool
C:\found.003
FileLook::
C:\WINDOWS\system32\pdssmpn.tgz
DirLook::
C:\WINDOWS\system32\3com_dmi
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnOgDV]


    


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: virus software shutting down

Unread postby Blu Fog » May 31st, 2008, 5:58 pm

ok, here is the new log...


ComboFix 08-05-29.1 - max 2008-05-31 14:52:28.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.539 [GMT -7:00]
Running from: C:\Documents and Settings\max\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\max\Desktop\New Folder\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\qgnyknbs.ini
C:\WINDOWS\system32\tphxjwah.ini
C:\WINDOWS\vpc32.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.003
C:\found.003\dir0000.chk\ActivityFeedUserHome[1].ivn
C:\found.003\dir0000.chk\header002[1].css
C:\WINDOWS\system32\ccRSpool
C:\WINDOWS\system32\qgnyknbs.ini
C:\WINDOWS\system32\tphxjwah.ini
C:\WINDOWS\vpc32.INI

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-31 13:44 . 2008-05-31 13:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-31 06:39 . 2008-05-31 06:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-31 06:39 . 2008-05-31 06:40 <DIR> d-------- C:\Program Files\Panda Security
2008-05-30 21:01 . 2008-05-31 06:35 <DIR> d-------- C:\Program Files\ACW
2008-05-28 16:41 . 2008-05-28 16:41 <DIR> d-------- C:\Documents and Settings\max\Application Data\Steinberg
2008-05-28 16:27 . 2005-06-04 09:08 487,936 --a------ C:\WINDOWS\system32\rmbe3260.dll
2008-05-28 16:27 . 2005-06-04 09:09 352,768 --a------ C:\WINDOWS\system32\pngu3263.dll
2008-05-28 16:27 . 2005-06-04 09:09 131,072 --a------ C:\WINDOWS\system32\pneng50.dll
2008-05-28 16:27 . 2005-06-04 09:09 130,560 --a------ C:\WINDOWS\system32\pnc3250.dll
2008-05-28 16:27 . 2005-06-04 09:08 87,040 --a------ C:\WINDOWS\system32\ra32sipr.dll
2008-05-28 16:27 . 2005-06-04 09:11 85,504 --a------ C:\WINDOWS\system32\encdnet.dll
2008-05-28 16:27 . 2005-06-04 09:09 81,920 --a------ C:\WINDOWS\system32\ra3214_4.dll
2008-05-28 16:27 . 2005-06-04 09:09 72,704 --a------ C:\WINDOWS\system32\ra3228_8.dll
2008-05-28 16:27 . 2005-06-04 09:09 61,952 --a------ C:\WINDOWS\system32\decdnet.dll
2008-05-28 16:27 . 2005-06-04 09:09 21,504 --a------ C:\WINDOWS\system32\ra32dnet.dll
2008-05-28 16:24 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-28 16:24 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-28 16:24 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-28 16:24 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-05-28 16:24 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-05-28 16:24 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-28 16:23 . 2008-05-28 16:24 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-28 16:23 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-28 16:23 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-05-21 19:16 . 2008-05-22 20:18 <DIR> d-------- C:\FaceShop
2008-05-18 13:19 . 2008-05-18 13:19 <DIR> d-------- C:\Program Files\PowerISO
2008-05-14 19:20 . 2008-05-14 19:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-12 17:10 . 2008-05-12 17:11 <DIR> d-------- C:\Program Files\iTunes
2008-05-12 17:10 . 2008-05-12 17:10 <DIR> d-------- C:\Program Files\iPod
2008-05-12 17:09 . 2008-05-12 17:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-10 09:24 . 2008-05-10 09:24 <DIR> d-------- C:\Program Files\Free Audio Pack
2008-05-06 19:30 . 2004-02-25 23:17 38,868 --------- C:\WINDOWS\hpomdl03.dat
2008-05-06 19:30 . 2008-05-06 19:38 29,694 --a------ C:\WINDOWS\hpoins03.dat
2008-05-06 19:24 . 2008-05-06 19:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-06 19:01 . 2004-02-25 23:17 38,868 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-05-06 19:01 . 2004-02-25 23:21 29,128 --------- C:\WINDOWS\hpoins03.dat.temp
2008-05-06 18:31 . 2008-05-06 18:31 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-05 23:26 . 2008-05-05 23:26 <DIR> d-------- C:\Documents and Settings\max\Application Data\Template
2008-05-05 23:25 . 2008-05-05 23:25 <DIR> d-------- C:\Documents and Settings\max\Application Data\Thinstall
2008-05-05 23:25 . 2008-05-05 23:28 134 --a------ C:\Documents and Settings\max\Application Data\wklnhst.dat
2008-05-05 19:49 . 2004-08-04 05:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-05 19:47 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-05 19:46 . 2004-08-04 05:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-05 19:44 . 2004-08-04 05:00 99,840 --a--c--- C:\WINDOWS\system32\dllcache\helphost.exe
2008-05-05 19:44 . 2004-08-04 05:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\notiflag.exe
2008-05-05 19:44 . 2004-08-04 05:00 21,504 --a--c--- C:\WINDOWS\system32\dllcache\brpinfo.dll
2008-05-05 19:44 . 2004-08-04 05:00 6,656 --a--c--- C:\WINDOWS\system32\dllcache\hcappres.dll
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-05 19:44 . 2008-05-05 19:44 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-05 19:44 . 2008-05-05 19:44 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-05 19:43 . 2004-08-04 05:00 768,512 --a--c--- C:\WINDOWS\system32\dllcache\helpctr.exe
2008-05-05 19:43 . 2004-08-04 05:00 743,936 --a--c--- C:\WINDOWS\system32\dllcache\helpsvc.exe
2008-05-05 19:43 . 2004-08-04 05:00 376,320 --a--c--- C:\WINDOWS\system32\dllcache\msinfo.dll
2008-05-05 19:43 . 2004-08-04 05:00 102,400 --a--c--- C:\WINDOWS\system32\dllcache\pchshell.dll
2008-05-05 19:43 . 2004-08-04 05:00 38,912 --a--c--- C:\WINDOWS\system32\dllcache\pchsvc.dll
2008-05-05 19:43 . 2004-08-04 05:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\hscupd.exe
2008-05-05 19:43 . 2004-08-04 05:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-05 19:29 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-05 19:29 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-05 19:29 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-05 19:29 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-05 19:08 . 2008-05-05 19:08 1,360 --a------ C:\WINDOWS\setupapi.old
2008-05-05 12:14 . 2008-05-05 12:14 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2008-05-05 12:14 . 2008-05-05 12:14 <DIR> d-------- C:\WINDOWS\Provisioning
2008-05-04 18:41 . 2008-05-04 18:41 <DIR> d-------- C:\Program Files\CCleaner
2008-05-04 16:52 . 2004-08-04 05:00 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-05-04 08:13 . 2008-05-04 08:13 <DIR> d-------- C:\EmergencyUtils
2008-05-04 07:16 . 2008-05-04 07:16 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-03 22:08 . 2008-05-31 06:00 40 --a------ C:\WINDOWS\system32\profile.dat
2008-05-03 22:06 . 2006-05-05 16:19 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-03 22:06 . 2006-05-05 16:19 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-03 22:03 . 2008-05-03 22:03 <DIR> d-------- C:\Program Files\Symantec Client Security
2008-05-03 20:48 . 2008-05-03 22:06 <DIR> d-------- C:\Program Files\Symantec
2008-05-03 14:50 . 2008-05-03 14:50 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 22:35 . 2008-04-30 22:35 1,024 --a------ C:\WINDOWS\system32\pdssmpn.tgz
2008-04-30 22:34 . 2008-04-30 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VertusTech
2008-04-27 11:25 . 2008-04-27 11:25 <DIR> d-------- C:\Documents and Settings\max\WINDOWS
2008-04-27 10:02 . 2008-04-27 10:57 44,544 --a------ C:\WINDOWS\AWuninstall.exe
2008-04-20 14:45 . 2008-04-20 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-20 14:44 . 2008-04-20 18:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-20 14:44 . 2008-04-20 14:44 <DIR> d-------- C:\Documents and Settings\max\Application Data\SUPERAntiSpyware.com
2008-04-20 13:00 . 2008-04-27 22:04 663 --a------ C:\WINDOWS\wininit.ini
2008-04-13 17:30 . 2008-04-13 17:32 <DIR> d-------- C:\Documents and Settings\max\Application Data\Filter Forge Freepack 2 - Photo Effects
2008-04-03 00:01 . 2008-04-03 00:01 78,848 --a------ C:\WINDOWS\system32\svers.dll
2008-04-03 00:01 . 2008-04-03 00:01 78,848 --a------ C:\WINDOWS\svers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 20:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 19:14 --------- d-----w C:\Documents and Settings\max\Application Data\Ahead
2008-05-31 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-31 04:23 --------- d-----w C:\Documents and Settings\max\Application Data\U3
2008-05-31 00:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-31 00:19 --------- d-----w C:\Documents and Settings\max\Application Data\FileZilla
2008-05-30 23:41 --------- d-----w C:\Documents and Settings\max\Application Data\mjusbsp
2008-05-29 03:58 --------- d-----w C:\Documents and Settings\max\Application Data\uTorrent
2008-05-28 04:02 --------- d-----w C:\Program Files\FileZilla Client
2008-05-22 12:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-22 12:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-17 15:42 --------- d-----w C:\Program Files\MagicISO
2008-05-13 00:10 --------- d-----w C:\Program Files\Bonjour
2008-05-11 22:04 --------- d-----w C:\Documents and Settings\max\Application Data\AdobeUM
2008-05-04 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-04 02:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-04 02:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-28 04:52 --------- d-----w C:\Program Files\MSN Messenger
2008-04-20 21:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 22:03 --------- d-----w C:\Documents and Settings\max\Application Data\Alien Skin
2008-04-08 15:50 --------- d-----w C:\Program Files\Accessories
2008-04-07 03:54 --------- d-----w C:\Program Files\QuickTime
2008-04-07 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-30 04:31 45,056 ----a-w C:\WINDOWS\system32\UTSCSI.EXE
2008-03-23 17:12 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pdssmpn.tgz -- Not a PE file.
MD5: d5baac9e4f7017a15afc4d18c970dd4c

---- Directory of C:\WINDOWS\system32\3com_dmi ----



((((((((((((((((((((((((((((( snapshot@2008-05-31_ 6.08.56.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-15 00:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2008-05-31 04:48:22 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-31 13:05:55 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-31 04:48:22 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-31 13:05:55 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"cdloader"="C:\Documents and Settings\max\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 07:39 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 01:40 124656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-09-18 13:25 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-18 13:25 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-18 13:25 7630848]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\max\\Application Data\\mjusbsp\\magicJack.exe"=

R0 ALLOW-IO;ALLOW-IO;C:\WINDOWS\system32\Drivers\ALLOW-IO.sys [2005-06-21 07:47]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6efd3be1-68a8-11dc-b381-000000000000}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f5b6057-fde0-11dc-b428-00508dc3ce1f}]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\phone\command - F:\autorun.exe

*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 17:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-31 13:04:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-24 03:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - max.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 14:55:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-31 14:57:51
ComboFix-quarantined-files.txt 2008-05-31 21:57:25
ComboFix2.txt 2008-05-31 13:26:29
ComboFix3.txt 2008-05-31 13:19:29
ComboFix4.txt 2008-05-31 13:16:15
ComboFix5.txt 2008-05-31 13:09:17

Pre-Run: 54,935,314,432 bytes free
Post-Run: 54,988,378,112 bytes free

245 --- E O F --- 2008-05-31 10:00:25
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am

Re: virus software shutting down

Unread postby dan12 » May 31st, 2008, 6:29 pm

Will get back to you tomorrow as it's late here, have a little research to do.
One thing I'd like to ask your first run went fine but your second run you posted was in fact your fith run of the tool, did you have a problem?
I ask as sometimes people think, if I run it again, it may well clean up a bit more, don't be fooled, this is a powerful tool and if not guided properly, you can end up nuking your system.
Last edited by dan12 on June 1st, 2008, 2:55 am, edited 1 time in total.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: virus software shutting down

Unread postby Blu Fog » May 31st, 2008, 6:42 pm

you are right, I didnt notice until too late that I didnt install the recovery tool and had a little difficulty. I also noticed that when I ran it again, it removed other items that didnt get removed the last time. I will not run it again unless instructed to do so.
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am

Re: virus software shutting down

Unread postby dan12 » June 1st, 2008, 4:21 am

Can I see a fresh HJT log also.
Thanks
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: virus software shutting down

Unread postby Blu Fog » June 1st, 2008, 10:09 am

No problem, here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:51 AM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\max\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8745000546
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8744 bytes
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am

Re: virus software shutting down

Unread postby dan12 » June 1st, 2008, 11:58 am

Click start,run copy and paste text in code box,click ok
Code: Select all
dir /a /s "C:\WINDOWS\system32\3com_dmi" >> log.txt
notepad log.txt
del log.txt

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virustotal

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\system32\pdssmpn.tgz
Click Submit/Send File
Please post back, to let me know the results.



: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt



Please do an online scan with Kaspersky WebScanner. (You will need to use Internet Explorer to run this scan)

On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.

  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)

  • Scan Options:

    Scan Archives
    Scan Mail Bases

  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.

  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop.

Please include in your next post:
  • log.txt
  • virus total report
  • Malwarebytes log
  • kaspersky scan report
  • New highjackthis log

Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: virus software shutting down

Unread postby Blu Fog » June 1st, 2008, 5:37 pm

wow, You guys are waaaaayyy better at this than I thought I was. Here it is:

Hi Dan,

My computer said no such directory exists when i tried start run and pasted n the code. when i checked the "c:\windows\system32\3com_dmi" file directly, it was empty.

virus total report:

Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.05.30 -
AntiVir 7.8.0.26 2008.06.01 -
Authentium 5.1.0.4 2008.06.01 -
Avast 4.8.1195.0 2008.05.31 -
AVG 7.5.0.516 2008.05.31 -
BitDefender 7.2 2008.06.01 -
CAT-QuickHeal 9.50 2008.05.31 -
ClamAV 0.92.1 2008.06.01 -
DrWeb 4.44.0.09170 2008.06.01 -
eSafe 7.0.15.0 2008.06.01 -
eTrust-Vet 31.4.5837 2008.05.30 -
Ewido 4.0 2008.06.01 -
F-Prot 4.4.4.56 2008.06.01 -
F-Secure 6.70.13260.0 2008.06.01 -
Fortinet 3.14.0.0 2008.06.01 -
GData 2.0.7306.1023 2008.06.01 -
Ikarus T3.1.1.26.0 2008.06.01 -
Kaspersky 7.0.0.125 2008.06.01 -
McAfee 5307 2008.05.30 -
Microsoft 1.3520 2008.06.01 -
NOD32v2 3150 2008.06.01 -
Norman 5.80.02 2008.05.30 -
Panda 9.0.0.4 2008.06.01 -
Prevx1 V2 2008.06.01 -
Rising 20.46.62.00 2008.06.01 -
Sophos 4.29.0 2008.06.01 -
Sunbelt 3.0.1139.1 2008.05.29 -
Symantec 10 2008.06.01 -
VBA32 3.12.6.6 2008.06.01 -
VirusBuster 4.3.26:9 2008.05.31 -
Webwasher-Gateway 6.6.2 2008.06.01 -
Additional information
File size: 1024 bytes
MD5...: d5baac9e4f7017a15afc4d18c970dd4c
SHA1..: 32049c3a9e8d6005eccc06f82a068db625fb07fc
SHA256: a8d60b06bb16415539cf63c3dd43ecf3d98c374a77c89a6291b2008ebd8c5316
SHA512: 9beb609c6ee307396f95ab3f1e65c3976ccbfaf53fb41e4f57447c285fc6dd67
4331a4a1232d6ab996dff353c14fffd513399cf006978fccb0dda268790001ea
PEiD..: -
PEInfo: -


Malware bytes log:

Malwarebytes' Anti-Malware 1.14
Database version: 812

11:25:29 AM 6/1/2008
mbam-log-6-1-2008 (11-25-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 256117
Time elapsed: 51 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


kaspersky scan report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 01, 2008 2:32:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/06/2008
Kaspersky Anti-Virus database records: 820756
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 209703
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:25:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-343818398-682003330-839522115-500\b2f5d294-5d53-4d2c-ab78-2d287ddc7c10 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-343818398-682003330-839522115-500\Preferred Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\pluginreg.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\bookmarkbackups\bookmarks-2008-05-03.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\bookmarks.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\bookmarks.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\chrome\userChrome-example.css Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\chrome\userContent-example.css Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\compatibility.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\compreg.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\extensions.cache Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\extensions.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\extensions.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\localstore.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\mimeTypes.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\prefs.js Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\search.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\secmod.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\xpti.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-3-2008( 15-1-9 ).LOG Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 05-03-2008 - 16-39-02.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 05-03-2008 - 17-22-06.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.DB Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-03-2008 - 16-39-12.DSC Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-03-2008 - 16-39-12.SBU Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\XPC.mfl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bv66ko6s.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\dat3B.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\%23116[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\body[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\ErrorPageTemplate[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\guest_disabled[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\info_48[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\nusrmgr[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\passwordpage2[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\selectable[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0765UNQH\tools[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\%23161[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\background_gradient[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\favcenter[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\mainpage[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\nusrmgr[2] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\popup[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\pw_common[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\SUPERANTISPYWARE_EXE[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\232L63K1\users32[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\%23159[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\chg_common[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\dnserror[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\down[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\httpErrorPagesScripts[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\mainpage[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\nusrmgr[2] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\pwcreate[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\SUPERANTISPYWARE_EXE[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AZGTAFWX\users[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\bullet[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\classic[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\errorPageStrings[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\helpdoc[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\localtext[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\mainpage2[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\popup[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E54F6X0V\SUPERANTISPYWARE_EXE[1] Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\010cb3f9a19cd538cc36bae88243e969_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04fe7564e64541412d863f0fa200707a_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0873b151249649e0121e275f37445216_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0aec930e6fa1a1823da8d2bebfd4e254_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bb154fe246642285a913cab44de380e_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1109839697c247bb9a4adab175650a48_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c38a6fde7ebcaa2f9dbc612c6f10ce3_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e7a5739c0552e51aa59b86a97eec553_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ebdc2014c524d225ab8aed5c740fcd7_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2163d99ca5c67b74e335719d18a1b385_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26c0ad1935e39fef4d35b4f081852df5_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28d544855e5f8ea03b7172e005367e9d_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b538f96ca2653dd1e2d1303815df593_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32bb9f2b1b0ec498c31a9c9b19ac560e_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\377e0ea9f9187808377f1f5b61a63972_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d25cfbced7d4fbc9fd0d3ef3f114c92_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f7fb4246f99847a174b20877b0f056d_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40b4bd4da0e99c1cc48a98fae6b8b6ad_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43f5f281feee1b95103cd21d3ee10f77_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\446f2037ee40f94f32874d09d0a82fff_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46881eeb79eea513949311ee74fe7d97_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\551ed32c2f327a3070bc56eee64940e4_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5541a9bcfa4851a606036e2c030ccab0_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58b1b17c5967000ac33e2bc8105786eb_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\688d1ad78f682d3916b2f36bb74bd84c_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71fc8e9819c108430b2607220165658e_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\753c2bb063650a5326b2028a430d79e9_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\776a6a5253bf242638007cd9a92f9779_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a9c04c040b06793de29d1e14379d29c_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f8d0eaf3a79274b6c411e0c59ea0e1f_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\803f883260bda0dc72ddf0f89ec9196e_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80f686063a9d6d72051193b603820694_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8566f9085edf3fb8bc2ba10adb77580e_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8826b57745940e76fd1ad8239e130598_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88df3220b73bccc97785e16ec18a21f8_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b06ea1a301530915fb8252ac44ed32c_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e1cafe45a2165efe435e663cf0b28bc_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ec734b2d0fd10442fb85c3fdb0faf17_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\969d3f4ac79ccecfb48f97a63c7b8c7f_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ada4601a3c88a319214b26e700f9716_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4e6f4adf338c13c7a609022edd0afcf_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a60ac3c9c99fe7a2a33efdbf5fb139c8_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a793811c838e881ba7cebad13140070d_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa10566dc70a07f4baa94d6c8ebbeabd_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab1b179096dcab28abb6bf8c6bde26c0_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b37fb085ebc58e1ee396fde2ca29257d_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6570e5b556a65f3189694f179151a27_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba0318a07a648264e7cf7046b6c5c7fc_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c71c2f8a0a8c27c02bae2a785ea568a8_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc7f14ebb7a92d7a1bc35cb41e652e66_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d02b02b79dfc51675b80bc67bd55f969_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d630abfa5ac76bb20f4a9f4ff4dce669_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d85c6018987c9ee0ffa686ca45811af5_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9126c82ce83a403fb7f7c215619a901_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db8a12f21d5983aa3869adea1da734bb_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e179e82661019793ee4f9e0ee5429abf_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9d0fccbdd5b34d1980286efea9a27dd_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f28152fd7de67eb4d85271c5e065d7f4_7d27359c-3772-4cb7-9d2a-daf2c86d100f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05042008-071711.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\max\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\cert8.db Object is locked skipped
C:\Documents and Settings\max\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\history.dat Object is locked skipped
C:\Documents and Settings\max\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\key3.db Object is locked skipped
C:\Documents and Settings\max\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\parent.lock Object is locked skipped
C:\Documents and Settings\max\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\search.sqlite Object is locked skipped
C:\Documents and Settings\max\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\max\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Mozilla\Firefox\Profiles\qajhhuh5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\max\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\max\Local Settings\Temp\fla1A1.tmp Object is locked skipped
C:\Documents and Settings\max\Local Settings\Temp\~DFA81B.tmp Object is locked skipped
C:\Documents and Settings\max\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\max\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\max\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0382NAV~.TMP Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0692NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7650000C-BE50-438F-B612-6C5ABEC75B97}\RP11\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\svers.dll Infected: Trojan-Spy.Win32.Small.jw skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\profile.dat Object is locked skipped
C:\WINDOWS\system32\svers.dll Infected: Trojan-Spy.Win32.Small.jw skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

New highjackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:59 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\max\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8745000546
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8599 bytes
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am

Re: virus software shutting down

Unread postby dan12 » June 1st, 2008, 5:54 pm

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\WINDOWS\svers.dll
C:\WINDOWS\system32\svers.dll
C:\WINDOWS\system32\3com_dmi
C:\WINDOWS\system32\pdssmpn.tgz

    

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2

post the uninstall list and otmoveit2 report
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: virus software shutting down

Unread postby Blu Fog » June 1st, 2008, 6:03 pm

move it report:

DllUnregisterServer procedure not found in C:\WINDOWS\svers.dll
C:\WINDOWS\svers.dll NOT unregistered.
C:\WINDOWS\svers.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\svers.dll
C:\WINDOWS\system32\svers.dll NOT unregistered.
C:\WINDOWS\system32\svers.dll moved successfully.
C:\WINDOWS\system32\3com_dmi moved successfully.
C:\WINDOWS\system32\pdssmpn.tgz moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06012008_150214


uninstall list:

AC3Filter (remove only)
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
Bonjour
Business Plan Pro 2007
CCleaner (remove only)
DiscAPI (Studio 10)
DivX Codec
DivX Content Uploader
DivX Web Player
DV Network Software
Free Mp3 Wma Converter V 1.7.2
GreenBox 1.0
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
ImageMixer3
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Kaspersky Online Scanner
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Media
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
Panda ActiveScan 2.0
PDF Settings
PowerISO
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Symantec Client Security
Symantec System Center
Symantec System Center
Symantec Technical Support Web Controls
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
TurboTax Premier 2007
Windows Defender
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am

Re: virus software shutting down

Unread postby dan12 » June 2nd, 2008, 3:49 am

Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 6.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate Java(TM) 6 Update 5 and click on Change/Remove to uninstall it.
  2. Repeat for these old versions of JRE:
      J2SE Runtime Environment 5.0
      Java(TM) 6 Update 2
      Java(TM) 6 Update 3
  3. Click here to visit Java's website.
  4. Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
  5. Select Windows from the drop-down list for Platform.
  6. Select Multi-language from the drop-down list for Language.
  7. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  8. Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
  9. Run this installation to update your Java.

please post a further HJT log when done and let me know how things are!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: virus software shutting down

Unread postby Blu Fog » June 2nd, 2008, 7:45 am

Hi Here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:02 AM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\max\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8745000546
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8581 bytes


Everything is faster but I keep getting this pop up message from my symantec:

"Symantec Client Firewall has Detected one or more services are disabled and should be restarted. Please restart the system to restore the failed services listed below"

"Symantec Secure Port"

Even when I restart, I still get this message every time.
Blu Fog
Active Member
 
Posts: 9
Joined: May 31st, 2008, 1:25 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware