things aren't right!

View previous topic View next topic Go down

things aren't right!

Post by MERISMOS on 25th February 2009, 2:45 pm

ever since I had that win.zafi32 bug, and completed everything you told me to do, I've been having weird pop-ups of things closing. I haven't even turned my computer on since Friday. So, today, my printers are gone! and my Norton 360 won't run updates or scan..and those are automatically set to run. I ran Malaware and it showed no problems, I ran adaware had some cookies that I removed. please help, I don't want to lose anymore things. losing my printers is bad enough, I have a local printer and two network printers that I run through my computer and they are gone!

here is my latest hijack this file I ran this morning:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:01 AM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspmuq.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{39D824B6-9778-4B70-B6BD-1802F778C7BB}: NameServer = 65.79.197.97,65.79.193.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{39D824B6-9778-4B70-B6BD-1802F778C7BB}: NameServer = 65.79.197.97,65.79.193.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{39D824B6-9778-4B70-B6BD-1802F778C7BB}: NameServer = 65.79.197.97,65.79.193.8
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9777 bytes


please help me, thanks

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 3:18 pm

Log looks okay, lets have a look around.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 3:29 pm

when I try to add a printer I get an 'Operation could not be completed. The print spooler service is not running.' pop-up.

the first link gave me a 'page not found' message.

here is the dds.txt file:
.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mandy at 9:24:10.17 on Wed 02/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1334 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Outdated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\WINDOWS\system32\Defrag.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mandy\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: []
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\mandy\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
IE: &Search
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: {39D824B6-9778-4B70-B6BD-1802F778C7BB} = 65.79.197.97,65.79.193.8
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mandy\applic~1\mozilla\firefox\profiles\fx5elbjl.default\
FF - prefs.js: browser.search.selectedEngine - SearchSave
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-27 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-9 64160]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-15 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090217.002\NAVENG.SYS [2009-2-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090217.002\NAVEX15.SYS [2009-2-17 876112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-15 1245064]

=============== Created Last 30 ================

2009-02-25 09:20 --d-h--- c:\windows\PIF
2009-02-25 08:17 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-18 10:17 --d----- C:\spoolerlogs
2009-02-17 16:19 5,396 a------- c:\windows\system32\10086b4abb.ax
2009-02-17 15:42 27,136 a------- c:\windows\system32\lspmuq.dll
2009-02-12 15:04 --d----- c:\program files\Trend Micro
2009-02-10 08:21 --d----- c:\program files\Norton Security Scan
2009-02-09 15:25 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-09 14:57 --d----- c:\windows\system32\Adobe
2009-02-09 14:36 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-09 14:24 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 15:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-06 15:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 15:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 15:08 --d----- c:\docume~1\mandy\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-06 14:58 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-06 12:04 --d----- c:\windows\system32\XPSViewer
2009-02-06 12:03 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-06 12:03 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-06 12:03 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-06 12:03 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-06 12:03 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-06 12:03 --d----- C:\5e9092f53fe58790bea05b2ee6b26e
2009-02-06 12:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-06 12:03 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-06 12:03 --d----- c:\windows\SxsCaPendDel
2009-02-06 11:58 --d----- C:\7ec3d501749fd65f01b42334d62812
2009-02-06 11:58 --d----- C:\012b37e6cbdae0e83c27
2009-02-06 11:08 --d----- c:\documents and settings\mandy\.SunDownloadManager
2009-02-06 09:34 --d----- c:\docume~1\mandy\applic~1\Malwarebytes
2009-02-06 09:34 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 10:08 --d----- c:\program files\Lavasoft
2009-02-04 09:29 --d----- c:\program files\common files\Download Manager

==================== Find3M ====================

2009-02-06 11:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 15:18 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 15:18 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-15 15:18 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 15:18 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-08-19 07:56 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 9:24:53.62 ===============

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 3:51 pm

Hello.
Three things to do here.

Have you noticed a Firefox hijack called Searchsave?

Please upload these two files in bold below:
c:\windows\system32\10086b4abb.ax
c:\windows\system32\lspmuq.dll
To this site for a scan.
[You must be registered and logged in to see this link.]
Copy and paste the results back here.

Please download this file:
[You must be registered and logged in to see this link.]
It should restart the print spooler service when you run it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 4:03 pm

I haven't noticed any firefox hijacks I'll keep an eye out for it though.

here are the results of those scans:

File Name : 10086b4abb.ax
File Size : 5396 byte
File Type : data
MD5 : 88d2cac82bc4783eaa67c3f9c8322063
SHA1 : 742d843498f26593bd5bf0b5cac1b79cb10f7e5b

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/02/25 09:54:29 (CST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090225180323 2009-02-25
-
2.305
AhnLab V3 2009.02.25.02 2009.02.25 2009-02-25
-
1.212
AntiVir 7.9.0.88 7.1.2.80 2009-02-25
-
1.834
Antiy 2.0.18 20090225.2204370 2009-02-25
-
0.120
Authentium 5.1.1 200902251420 2009-02-25
-
1.073
AVAST! 3.0.1 090225-1 2009-02-25
-
0.002
AVG 7.5.52.442 270.11.3/1971 2009-02-25
-
1.908
BitDefender 7.81008.2684368 7.23853 2009-02-25
-
2.495
CA (VET) 9.0.0.143 31.6.6374 2009-02-25
-
3.817
ClamAV 0.94.2 9047 2009-02-25
-
0.002
Comodo 3.8 986 2009-02-25
-
0.453
CP Secure 1.1.0.715 2009.02.25 2009-02-25
-
7.074
Dr.Web 4.44.0.9170 2009.02.25 2009-02-25
-
4.111
F-Prot 4.4.4.56 20090225 2009-02-25
-
1.066
F-Secure 5.51.6100 2009.02.25.07 2009-02-25
-
1.450
Fortinet 2.81-3.117 10.81 2009-02-25
-
0.152
GData 19.3415/19.236 20090225 2009-02-25
-
3.269
Ikarus T3.1.01.45 2009.02.25.72352 2009-02-25
-
3.804
JiangMin 11.0.706 2009.02.25 2009-02-25
-
1.494
Kaspersky 5.5.10 2009.02.25 2009-02-25
-
0.018
KingSoft 2009.2.5.15 2009.2.25.20 2009-02-25
-
0.598
McAfee 5.3.00 5535 2009-02-24
-
3.041
Microsoft 1.4306 2009.02.25 2009-02-25
-
5.078
mks_vir 2.01 2009.02.24 2009-02-24
-
2.671
Norman 6.00.06 6.00.00 2009-02-25
-
8.008
nProtect 20090225.02 3183347 2009-02-25
-
3.989
Panda 9.05.01 2009.02.24 2009-02-24
-
1.564
Quick Heal 10.00 2009.02.25 2009-02-25
-
0.899
Rising 20.0 21.18.22.00 2009-02-25
-
0.272
Sophos 2.84.1 4.39 2009-02-25
-
1.924
Sunbelt 5006 5006 2009-02-23
-
0.580
Symantec 1.3.0.24 20090224.017 2009-02-24
-
0.044
The Hacker 6.3.2.4 v00265 2009-02-24
-
0.490
Trend Micro 8.700-1004 5.867.00 2009-02-25
-
0.023
VBA32 3.12.10.0 20090225.0932 2009-02-25
-
1.581
ViRobot 20090225 2009.02.25 2009-02-25
-
0.398
VirusBuster 4.5.11.10 10.101.24/961995 2009-02-25
-
1.185
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database

File Name : lspmuq.dll
File Size : 27136 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 7f44f50cdd1dc17000643689b745c302
SHA1 : 25e9467f027f2d07b81874782cbf9548709770be

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/02/25 10:00:24 (CST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090225180323 2009-02-25
-
2.222
AhnLab V3 2009.02.25.02 2009.02.25 2009-02-25
-
1.054
AntiVir 7.9.0.88 7.1.2.80 2009-02-25
-
1.863
Antiy 2.0.18 20090225.2204370 2009-02-25
-
0.119
Authentium 5.1.1 200902251420 2009-02-25
-
1.110
AVAST! 3.0.1 090225-1 2009-02-25
-
0.011
AVG 7.5.52.442 270.11.3/1971 2009-02-25
-
1.929
BitDefender 7.81008.2684368 7.23853 2009-02-25
-
2.503
CA (VET) 9.0.0.143 31.6.6374 2009-02-25
-
5.229
ClamAV 0.94.2 9047 2009-02-25
-
0.031
Comodo 3.8 986 2009-02-25
-
0.486
CP Secure 1.1.0.715 2009.02.25 2009-02-25
-
7.268
Dr.Web 4.44.0.9170 2009.02.25 2009-02-25
-
4.091
F-Prot 4.4.4.56 20090225 2009-02-25
-
1.127
F-Secure 5.51.6100 2009.02.25.07 2009-02-25
-
4.793
Fortinet 2.81-3.117 10.81 2009-02-25
-
0.372
GData 19.3415/19.236 20090225 2009-02-25
-
4.266
Ikarus T3.1.01.45 2009.02.25.72352 2009-02-25
-
3.802
JiangMin 11.0.706 2009.02.25 2009-02-25
-
1.535
Kaspersky 5.5.10 2009.02.25 2009-02-25
-
0.096
KingSoft 2009.2.5.15 2009.2.25.20 2009-02-25
-
0.613
McAfee 5.3.00 5535 2009-02-24
-
3.166
Microsoft 1.4306 2009.02.25 2009-02-25
-
4.624
mks_vir 2.01 2009.02.24 2009-02-24
-
2.701
Norman 6.00.06 6.00.00 2009-02-25
-
8.009
nProtect 20090225.02 3183347 2009-02-25
-
6.252
Panda 9.05.01 2009.02.24 2009-02-24
-
1.642
Quick Heal 10.00 2009.02.25 2009-02-25
-
1.476
Rising 20.0 21.18.22.00 2009-02-25
-
0.838
Sophos 2.84.1 4.39 2009-02-25
-
2.017
Sunbelt 5006 5006 2009-02-23
-
0.653
Symantec 1.3.0.24 20090224.017 2009-02-24
-
0.373
The Hacker 6.3.2.4 v00265 2009-02-24
-
0.532
Trend Micro 8.700-1004 5.867.00 2009-02-25
-
0.059
VBA32 3.12.10.0 20090225.0932 2009-02-25
-
1.708
ViRobot 20090225 2009.02.25 2009-02-25
-
0.418
VirusBuster 4.5.11.10 10.101.24/961995 2009-02-25
-
1.213
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 4:04 pm

Okay, them two files appear to be fine.
Did the printspoolerrestart.msi work?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 4:11 pm

nope the spooler still isn't working. neither is my norton 360...it won't update

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 4:13 pm

Okay, lets run a rootkit scan.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 4:25 pm

looks good from what I can tell:

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 4:27 pm

I got this window when my computer rebooted just now:

Data Execution Prevention-Micr. Win.

To help protect your computer, Win. has closed this program.

Name: Spooler SubSystem App
Publisher: Micr. Corp.

with a 'Close Message' button

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 4:28 pm

I got this window when my computer rebooted just now:

Data Execution Prevention-Micr. Win.

To help protect your computer, Win. has closed this program.

Name: Spooler SubSystem App
Publisher: Micr. Corp.

with a 'Close Message' button

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 4:47 pm

The spooler system again.
It shouldn't cause any damage.

I think the Norton not updating might be confliction.
Please disable adwatch, read here for instructions:
[You must be registered and logged in to see this link.]

Then see if Norton will update.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 5:07 pm

I tried w/adaware disabled. Still no update. I get this error:

LiveUpdate Engine COM Module has encountered a problem and needs to close.

The data in the error report looks like this:

szAppName: LuComServer_3_4.exe
szAppVer: 3.4.1.238
szModName: Unknown
szModVer: 0.0.0.0
offset: 87bbd714

If this helps anything.

And I'm still not sure how to reset the spooler thing..that fix-it download didn't work at all.

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 5:15 pm

Norton is probably corrupt.
Uninstall and re-install it should work.

Or better yet, get rid of it all together and install something like Avira.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 5:17 pm

Yeah, I know Norton sucks, but it's what the company bought...I'll have the office manager deal with Norton. thanks again for your help..at least I know it's not a virus attacking and eating away at my programs.

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 5:42 pm

any advice on the spooler subsystem app problem?

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 5:46 pm

Try this.

Go to Start > Run and type in:
net start spooler
Press enter.

See if that works.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 5:51 pm

nope...still can't add a printer...ugh! it's bad enough that both my local printer and my network printers were wiped out, but now I can't even put them back! sometimes I hate computers!

sorry, just venting

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 25th February 2009, 5:56 pm

Hmm.

Okay, try it this way.

Go to Start > Control panel > administrative Tools > Services.
When the services list window opens, scroll down to "print spooler" > right click it > Selec "properties" > make sure you are on the general tab > go down to startup type and make sure its on automatic > then hit apply > then click the start button under the service status > apply again > hit OK. now exit all of the services and administrative tools.

Go to where your printer and faxes are located and now try to install a printer or try to print.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 25th February 2009, 6:08 pm

nope still didn't work...well, I've gotta go, I'll give the office manager the information to get on here if she wants to, but she'll be working on it the rest of the week as I'll be out of the office. thank you for all your help...I really do appreciate it. Thank You!

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 1:20 pm

okay, so there is definately something wrong with my computer...my norton 360 has been uninstalled and reinstalled and still doesn't work correctly, explorer keeps encountering a problem and shutting down unexpectedly, I get a DATA Execution Prevention message for the spooler subsytem app, and now I get a Dr. Watson Postmordem Debugger message....What the heck is Dr. Watson Postmortem Debugger?...occasionally my cd drive will open and close on its own repeatedly..my next foreseeable option is to format my hard drive, but I am trying to avoid that if possible.

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 9th March 2009, 3:08 pm

Dr Watson is from Microsoft.
Lets have a look around with this.

* Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 8:37 pm

is it possible that the win.zafi32.b virus I had caused an infection or something that is eating away at my computer? a self-destruct kinda thing? I also get a ccSvcHst error when shutting down my computer....

so far the Dr. Web hasn't found anything to cure...I'm doing a complete scan now

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 9th March 2009, 9:04 pm

The ccSvcHst is related to Symantec.
Zafi.b wouldn't cause this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 9:07 pm

is there a way to fix that, or do I need to contact Symantec about it?

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 9th March 2009, 9:10 pm

Nah, it's probably easier to uninstall Symantec and Norton and switch to a different AV than trying to find the right cause.

  • Open HijackThis
  • Click "Open the Misc Tools section"
  • Click "Open Uninstall Manager"
  • Click "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 9:19 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3-D TopoQuads
Acrobat.com
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
AppCore
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
AutoCAD 2008 - English
AutoCAD 2008 - English SP1
AutoCAD R13
Autodesk DWF Viewer 7
Backup
Broadcom Management Programs
Canon Digital Photo Front-Access
ccCommon
CDDRV_Installer
Convert
Dell Laser Printer 1110 Software Uninstall
Eagle Point
Eagle Point License Manager
ForeSight DXM
GearDrvs
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
imagePROGRAF Status Monitor
iPF610 Printer Driver Extra Kit
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
KhalInstallWrapper
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic 2007
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.6)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Norton Security Scan
Norton Security Scan (Symantec Corporation)
QuickTime
Samsung Master
Samsung USB Driver
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sentinel Protection Installer 7.4.0
Sonic CinePlayer DVD Pack
SPBBC 32bit
Survey Link
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
TPC Desktop V9.5
TPC Desktop V9.5 Prerequisites
Traverse PC PDF
Uninstall Perfect Defender 2009
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WeatherBug
Webshots Desktop
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 9th March 2009, 9:26 pm

Hello.
Please see here for the Norton 360 removal tool and follow the instructions.

[You must be registered and logged in to see this link.]

There is one old version of Java that isn't needed.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Java(TM) 6 Update 7


Let me know once Norton is uninstalled.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 9th March 2009, 9:26 pm

Hello.
Please see here for the Norton 360 removal tool and follow the instructions.

[You must be registered and logged in to see this link.]

There is one old version of Java that isn't needed.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Java(TM) 6 Update 7


Let me know once Norton is uninstalled.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 10:06 pm

sorry, I'm waiting for the Dr. Web to finish it's scan about 2/3 there I think

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 10:17 pm

okay, so my two main concerns are the lack of a viable anti virus software and the fact that my printers have disappeared and I am unable to re-add them because of the spooler problem we discussed before...we get those two things fixed I think I can survive........thank you again for all your help! Thank You!

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 9th March 2009, 10:21 pm

If you uninstall Norton, we'll need to install another AV first.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 10:27 pm

k...got a good AV in mind? it is really hard for me to not use Norton because my company has paid $120 for that software, and they run it on all the networked computers, but if it isn't working I don't want it on here flashing red warning signs at me all day...if symantec was worth working with I might try getting them to fix the problem...

almost through with the complete scan with dr. web...man that takes forever...still nothing to 'cure'...

I think I found some good stuff on Microsoft help/support to fix the spooler problem...just gotta get this other out of the way first...one step at a time

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 9th March 2009, 10:34 pm

Ah.
Stop the scan, I don't think it will find anything.

Whatever the problem is, it's not malware.
If it's a company computer, it would be better to ask them to fix it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 9th March 2009, 10:38 pm

that's the problem, we are a small company and have no IT personel...kinda on our own...just the secretary, and she just searches until she finds an answer....I'll just leave the Norton up to them to fix, and I'll try the Microsoft fix for the printer problems....

Thanks again for being so patient with me and trying to help solve my problems here.

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 10th March 2009, 8:11 pm

well, I got Norton working right, finally

now I just need to figure out the 'spooler subsystem application has encountered a problem and needs to close' error

any ideas? I tried the Microsoft steps, but it didn't fix anything.

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 10th March 2009, 8:28 pm

Oh? What fixed the Norton problem?

I would open a thread in our software section, the other techs of this forum know more in that area than I do.
Lets try this.

Press Start > Run.
In the run box, type in: sfc /scannow
Note the space between the c and /
If it asks for your XP CD, put it in and let it do the scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 10th March 2009, 8:31 pm

I used your removal tool to uninstall and then reinstalled it and it installed an updated version that seems to be working fine now.

I'll give the scan a shot..thanks.

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 10th March 2009, 9:19 pm

did the scan, did a restart, same thing happened:
DATA Execution Prevention message that spooler subsystem app had to close

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

Re: things aren't right!

Post by Belahzur on 10th March 2009, 9:23 pm

Best advice I can give right now is to wait for Doc to get online, this is above my head.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: things aren't right!

Post by MERISMOS on 10th March 2009, 9:43 pm

k, thanks

you've been a life saver!

MERISMOS
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-02-06
OS OS : Windows XP
Points Points : 28637
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum