 Norton shuts down when starting manual scan, microsoft money shuts down after splash screen, Please analyze my hijack this, dds.txt, and attach.txt files |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 8 2009, 07:43 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 8-June 09 Member No.: 340,181  |
DDS (Ver_09-05-14.01) - NTFSx86 Run by Bryan at 20:14:30.25 on Mon 06/08/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.465 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Mixer.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9SA.EXE C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Garmin\gStart.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\4ER8XC1I\dds[1].scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://www.yahoo.com uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit uRun: [gStart] c:\garmin\gStart.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe uRun: [cdloader] "c:\documents and settings\bryan\application data\mjusbsp\cdloader2.exe" MAGICJACK mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [C-Media Mixer] Mixer.exe /startup mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe" mRun: [EPSON Stylus Photo R2400] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9SA.EXE /P24 "EPSON Stylus Photo R2400" /O12 "EP1394D3_001" /M "Stylus Photo R2400" mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet k series\bin\hpoorn07.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} Trusted Zone: turbotax.com Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-4 325896] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-4 108552] R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-4 298776] R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-8-7 9344] S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [2005-10-29 18644] S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [2005-10-29 51166] S3 epppdt;EPSON 1394.3 Class;c:\windows\system32\drivers\epppdt.sys [2007-5-1 31269] S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows\system32\drivers\epppdtpr.sys [2007-5-1 14457] S3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112] S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20080204.003\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20080204.003\NAVENG.sys [?] S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20080204.003\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20080204.003\NAVEX15.sys [?] S3 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-4 44928] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-9-22 11520] =============== Created Last 30 ================ 2009-06-08 18:42 209 a--sh--- C:\Copy of Original boot.ini 2009-06-08 18:29 <DIR> --d----- c:\windows\pss 2009-06-04 19:07 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-06-04 19:02 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-06-04 19:02 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-06-04 19:01 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-04 19:01 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-06-04 19:01 <DIR> --d----- c:\docume~1\bryan\applic~1\AVGTOOLBAR 2009-06-04 19:01 <DIR> --d----- c:\program files\AVG 2009-06-04 19:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-05-28 20:54 <DIR> --dsh--- c:\documents and settings\bryan\IECompatCache 2009-05-28 20:51 <DIR> --dsh--- c:\documents and settings\bryan\PrivacIE 2009-05-28 20:49 <DIR> --dsh--- c:\documents and settings\bryan\IETldCache 2009-05-28 20:29 <DIR> --d----- c:\windows\ie8updates 2009-05-28 20:26 78,336 a------- c:\windows\system32\ieencode.dll 2009-05-28 20:26 78,336 a------- c:\windows\system32\dllcache\ieencode.dll 2009-05-28 20:26 <DIR> --d-h--- c:\windows\msdownld.tmp 2009-05-28 20:24 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-05-14 00:55 <DIR> --d----- c:\program files\UltimateBet ==================== Find3M ==================== 2008-01-31 23:40 27,680 a------- c:\docume~1\bryan\applic~1\GDIPFONTCACHEV1.DAT 2001-11-23 00:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL 2003-03-31 08:00 94,784 ---sh--- c:\windows\twain.dll 2008-04-13 20:12 50,688 ---sh--- c:\windows\twain_32.dll 2008-04-13 20:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll 2008-04-13 20:12 57,344 ---sh--- c:\windows\system32\msvcirt.dll 2008-04-13 20:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll 2008-04-13 20:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll 2008-04-13 20:12 551,936 ---sh--- c:\windows\system32\oleaut32.dll 2008-04-13 20:12 84,992 ---sh--- c:\windows\system32\olepro32.dll 2008-04-13 20:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe 2009-01-22 09:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012220090123\index.dat ============= FINISH: 20:15:09.43 ===============
Attached File(s)
|
 |
 
|
|
Jun 9 2009, 06:39 AM
Post
#2
|
|
|
New Member Group: Members Posts: 3 Joined: 8-June 09 Member No.: 340,181 |
I followed the directions to post my log files correctly, I'm hoping someone can analyze this soon? Thank you so much in advanced for your help! Bryan
=========== Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members. Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it. We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible. Thank you for understanding. Orange Blossom ~ forum moderator This post has been edited by Orange Blossom: Jun 9 2009, 11:46 PM |
|
|
|
|
Jun 18 2009, 06:40 PM
Post
#3
|
|
 Forum Addict Group: HJT Team Posts: 3,895 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are always
very busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed. My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would be grateful if you would note the following:
First I would like to see a new log since alot could have changed since your origional post.
Thanks --------------------  Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
Jun 23 2009, 06:08 PM
Post
#4
|
|
|
Forum Addict Group: HJT Team Posts: 3,895 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 02:06 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.