AV Software automatically switched off, some internet based programmes wont open

Joeeey · 06-12-2008, 01:46 PM

Hey,

im new to this so sorry if i do anything wrong, ill try and correct it.

i got a new comp in jan, had many issues with crashing but resolved due to some parts not being fully connected, and since resolved little has gone wrong until about a week ago. I cant remember exactly what happened, but my computer crashed during a windows download, and had problems actually installing the update afterwards. Ive been pretty busy so havent had time to properly look at the problem, thinking it just a crash error, but ive noticed 2 and a half minutes every start up Norton (360) PC security will turn itself off and no matter what i do will not turn back on.

As well as this, i found 4oD wouldnt open, i put this down to a small passing fault that could be resolved, as another computer i know wouldnt work with it at all, so wasnt too worried. But also today msn stopped working, it would load at start up, but after that wouldnt open again, whether i be signed in or not. Ive done a back up to an external disk, and had advice to just wipe my disk because i have run checks and not found anything wrong, however i did do a free online one a few weeks ago which said i had a problem, but changed the name of the "cloaked Malware" everytime i scanned, so i thought it might just be trying to get me to buy it and went back to Norton. I did try another online scanner, but there was a problem when installing it, so i just forgot about it. Obviously now i realise i have a problem, but it must have fooled Norton to get onto my computer. The problem with just wiping my disk is that i think that if the virus or whatever it is has found its way into my files, it could easily get into files that are backed up so im back where i started.

So trying to follow the 5 steps, here is the copy of main txt:

Deckard's System Scanner v20071014.68
Run by James on 2008-06-12 20:17:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
35: 2008-06-12 19:05:41 UTC - RP118 - Windows Update
34: 2008-06-11 12:50:11 UTC - RP117 - Device Driver Package Install: NVIDIA Display adapters
33: 2008-06-11 12:42:36 UTC - RP116 - Device Driver Package Install: Intel Storage controllers
32: 2008-06-11 12:03:06 UTC - RP115 - Windows Update
31: 2008-06-10 19:33:08 UTC - RP114 - Restore Operation

-- First Restore Point --
1: 2008-05-02 14:47:26 UTC - RP79 - Windows Update

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-12 20:21:33
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\wuauclt.exe
C:\Users\James\Documents\My Received Files\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=1080102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\RunServices: [DLPWD95] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWD95.EXE"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Unknown owner - C:\Program Files\Dell
O23 - Service: Dell Printer Status Database (DLSDB) - Unknown owner - C:\Program Files\Dell
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\System32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14944 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DLPWD (Dell Printer Status Watcher) - c:\program files\dell printers\additional color laser software\status monitor\dlpwdnt.exe
R2 DLSDB (Dell Printer Status Database) - c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-12 17:50:19 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{1F000BB8-1D62-420F-B28A-ACB3F8662349}.job
2008-01-05 15:55:45 254 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 20:00:11 0 d-------- C:\ie-spyad_zo
2008-06-12 18:39:34 0 d-------- C:\Program Files\Panda Security
2008-06-11 13:54:44 74703 --a------ C:\Windows\system32\mfc45.dll
2008-06-11 13:54:39 0 d-------- C:\Users\All Users\iolo
2008-06-06 21:25:17 0 d-------- C:\Windows\system32\Adobe
2008-05-20 18:33:07 0 d-------- C:\Users\All Users\PrevxCSI

-- Find3M Report ---------------------------------------------------------------

2008-06-12 18:40:55 0 d-------- C:\Program Files\City of Heroes
2008-06-12 18:40:28 0 d-------- C:\Users\James\AppData\Roaming\LimeWire
2008-06-11 22:40:15 12 --a------ C:\Windows\bthservsdp.dat
2008-06-11 13:54:39 0 d-------- C:\Users\James\AppData\Roaming\iolo
2008-06-11 13:42:51 0 d-------- C:\Program Files\Intel
2008-06-10 20:35:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-10 20:35:54 0 d-------- C:\Program Files\Windows Mail
2008-06-10 20:35:54 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-10 20:35:54 0 d-------- C:\Program Files\Google
2008-06-09 11

41 0 d-------- C:\Program Files\Norton 360
2008-05-31 00:26:02 0 d-------- C:\Program Files\Symantec
2008-05-06 17:26:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 17:11:22 0 d-------- C:\Program Files\Activision
2008-04-28 18:44:14 0 d-------- C:\Program Files\Yahoo!
2008-04-27 17:57:58 0 d-------- C:\Program Files\LimeWire
2008-04-24 20:54:25 0 d-------- C:\Users\James\AppData\Roaming\Yahoo!
2008-04-24 12:54:07 0 d-------- C:\Program Files\Common Files\logishrd
2008-04-24 12:53:58 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-24 12:53:36 0 d-------- C:\Users\James\AppData\Roaming\InstallShield
2008-04-24 12:18:14 0 d-------- C:\Users\James\AppData\Roaming\Roxio
2008-04-24 12:13:06 0 d-------- C:\Program Files\Citrix
2008-04-21 19:01:25 0 d-------- C:\Program Files\Messenger Plus! Live

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/01/2008 00:35]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [25/05/2007 07:03]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [12/09/2007 09:40]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [02/01/2008 16:59]
"PMX Daemon"="ICO.EXE" [08/11/2006 16:01 C:\Windows\System32\ico.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [27/06/2007 11:14]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [27/06/2007 11:18]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/01/2008 17:15]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/07/2007 17:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/07/2007 17:06]
"DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [23/02/2006 01:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/07/2007 02:54]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/02/2008 15:18]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 18:38]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 02:17 C:\Windows\KHALMNPR.Exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [03/10/2007 15:44]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [24/03/2008 19:52]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [24/03/2008 19:52]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DLPWD95"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWD95.EXE"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [24/04/2008 12:53:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a64adf3a-b949-11dc-beed-806e6f6e6963}]
AutoRun\command- E:\setup\rsrc\Autorun.exe
dinstall\command- E:\Directx\dxsetup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-12 20:23:30 ------------

Hope this is all good, and thanks for doing this

Joey

Joeeey · 06-16-2008, 01:30 PM

bumped

Ried · 06-16-2008, 10:44 PM

Hello Joeeey,

Were you able to run an online scan and do you have those results to post?

Joeeey · 06-17-2008, 10:30 AM

o yea sorry, the panda scan, log attached, only spyware i think

Ried · 06-18-2008, 06:46 PM

Hi Joeeey,

I'm not finding anything horrible here.

Please download ATF Cleaner by Atribune.

-------------------------------------------------------------

Right click HijackThis.exe and run as administrator.

Click on 'Do a System Scan Only', and 'check' the following entries:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Press the Windows Logo key and the letter E on the keyboard to open 'Computer'. Navigate to and delete the following Files (Right click and select 'Delete'):

C:\OldFiles.1\Documents and Settings\Jamie\Desktop\stressreducer.exe
C:\OldFiles.2\Documents and Settings\Jamie\Desktop\stressreducer.exe
C:\OldFiles.3\Documents and Settings\Jamie\Desktop\stressreducer.exe
C:\OldFiles\Documents and Settings\Jamie\Desktop\stressreducer.exe

--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

-------------------------------------------------------

Quote:

however i did do a free online one a few weeks ago which said i had a problem, but changed the name of the "cloaked Malware" everytime i scanned, so i thought it might just be trying to get me to buy it and went back to Norton.

Where did you do a free online scan, and what was the 'cloaked Malware' name?

Joeeey · 06-19-2008, 11:27 AM

I used Prevx, usually i use Trend micro as a occasional idependant checker but for some reason the name slipped my mind so used the first one i found. It crashed when trying to download which sounded a bit dodgey, but it sorted itself out and found it in something like Appdata/lcbgjsslcl or some other string of letters at the end. It was cloaked malware at first, then cloaked spyware before i deleted it, and said this was the only issue and needed to buy full version before it could be deleted.

done all the things you said, sorry if there is nothing wrong, maybe there is something wrong with the norton software as it still wont turn on auto-protect and today it closed completely ...

thanks

Joey

Ried · 06-19-2008, 08:03 PM

Hi Joey,

Let's try a different online scanner and see if it picks up on anything. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

Joeeey · 06-20-2008, 03:04 PM

ok there doesnt seem to be anything ... sorry if this has been a waste but Norton crashing hasnt happened before, and wont turn on its AV part, do you have any ideas why? or is it just a case of unistalling and reinstalling?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 20, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 20, 2008 18:25:58
Records in database: 879810
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 157618
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:37:21

No malware has been detected. The scan area is clean.

The selected area was scanned.

Thanks

Joey

Ried · 06-20-2008, 06:43 PM

Hi Joey,

It's not a waste of time, it never hurts to check for malware issues as they are known to disable onboard AV's.

Go ahead and uninstall Norton 360, reboot, and reinstall again. Please let me know how that works out for you.

Joeeey · 06-28-2008, 11:04 AM

ok sorry for the very slow reply, ive been away last week, the reinstalling seems to have worked and nortons on fine, 4oD still wont open but i think may be a problem with the programme, so alls good thanks for the help

Joey

Ried · 06-28-2008, 08:07 PM

You're welcome, Joey. I'd suggest contacting the software support for the program and see if they have any suggestions.

Take care.

06-16-2008, 01:30 PM	#2 (permalink)
Joeeey Registered User Join Date: Jun 2008 Posts: 6 OS: Vista	Re: AV Software automatically switched off, some internet based programmes wont open bumped

06-16-2008, 10:44 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,798 OS: WinXP and Vista	Re: AV Software automatically switched off, some internet based programmes wont open Hello Joeeey, Were you able to run an online scan and do you have those results to post? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-19-2008, 11:27 AM	#6 (permalink)
Joeeey Registered User Join Date: Jun 2008 Posts: 6 OS: Vista	Re: AV Software automatically switched off, some internet based programmes wont open I used Prevx, usually i use Trend micro as a occasional idependant checker but for some reason the name slipped my mind so used the first one i found. It crashed when trying to download which sounded a bit dodgey, but it sorted itself out and found it in something like Appdata/lcbgjsslcl or some other string of letters at the end. It was cloaked malware at first, then cloaked spyware before i deleted it, and said this was the only issue and needed to buy full version before it could be deleted. done all the things you said, sorry if there is nothing wrong, maybe there is something wrong with the norton software as it still wont turn on auto-protect and today it closed completely ... thanks Joey

06-19-2008, 08:03 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,798 OS: WinXP and Vista	Re: AV Software automatically switched off, some internet based programmes wont open Hi Joey, Let's try a different online scanner and see if it picks up on anything. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply Note To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-20-2008, 03:04 PM	#8 (permalink)
Joeeey Registered User Join Date: Jun 2008 Posts: 6 OS: Vista	Re: AV Software automatically switched off, some internet based programmes wont open ok there doesnt seem to be anything ... sorry if this has been a waste but Norton crashing hasnt happened before, and wont turn on its AV part, do you have any ideas why? or is it just a case of unistalling and reinstalling? -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, June 20, 2008 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, June 20, 2008 18:25:58 Records in database: 879810 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 157618 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:37:21 No malware has been detected. The scan area is clean. The selected area was scanned. Thanks Joey

06-20-2008, 06:43 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,798 OS: WinXP and Vista	Re: AV Software automatically switched off, some internet based programmes wont open Hi Joey, It's not a waste of time, it never hurts to check for malware issues as they are known to disable onboard AV's. Go ahead and uninstall Norton 360, reboot, and reinstall again. Please let me know how that works out for you. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-28-2008, 11:04 AM	#10 (permalink)
Joeeey Registered User Join Date: Jun 2008 Posts: 6 OS: Vista	Re: AV Software automatically switched off, some internet based programmes wont open ok sorry for the very slow reply, ive been away last week, the reinstalling seems to have worked and nortons on fine, 4oD still wont open but i think may be a problem with the programme, so alls good thanks for the help Joey

06-28-2008, 08:07 PM	#11 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,798 OS: WinXP and Vista	Re: AV Software automatically switched off, some internet based programmes wont open You're welcome, Joey. I'd suggest contacting the software support for the program and see if they have any suggestions. Take care. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."