WiredWX Hobby Weather ToolsLog in

 


things aren't right!

2 posters

descriptionthings aren't right! Emptythings aren't right!

more_horiz
ever since I had that win.zafi32 bug, and completed everything you told me to do, I've been having weird pop-ups of things closing. I haven't even turned my computer on since Friday. So, today, my printers are gone! and my Norton 360 won't run updates or scan..and those are automatically set to run. I ran Malaware and it showed no problems, I ran adaware had some cookies that I removed. please help, I don't want to lose anymore things. losing my printers is bad enough, I have a local printer and two network printers that I run through my computer and they are gone!

here is my latest hijack this file I ran this morning:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:01 AM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071027
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071027
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspmuq.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39D824B6-9778-4B70-B6BD-1802F778C7BB}: NameServer = 65.79.197.97,65.79.193.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{39D824B6-9778-4B70-B6BD-1802F778C7BB}: NameServer = 65.79.197.97,65.79.193.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{39D824B6-9778-4B70-B6BD-1802F778C7BB}: NameServer = 65.79.197.97,65.79.193.8
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9777 bytes


please help me, thanks

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
Log looks okay, lets have a look around.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
    Link 3
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
when I try to add a printer I get an 'Operation could not be completed. The print spooler service is not running.' pop-up.

the first link gave me a 'page not found' message.

here is the dds.txt file:
.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mandy at 9:24:10.17 on Wed 02/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1334 [GMT -6:00]

AV: Norton 360 *On-access scanning enabled* (Outdated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\WINDOWS\system32\Defrag.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mandy\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071027
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: []
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\mandy\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
IE: &Search
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {39D824B6-9778-4B70-B6BD-1802F778C7BB} = 65.79.197.97,65.79.193.8
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mandy\applic~1\mozilla\firefox\profiles\fx5elbjl.default\
FF - prefs.js: browser.search.selectedEngine - SearchSave
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.searchsave.com/index.php?req=search&sm=addbarsearch&source=1&term=
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-27 3456]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-9 64160]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-15 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090217.002\NAVENG.SYS [2009-2-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090217.002\NAVEX15.SYS [2009-2-17 876112]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-15 1245064]

=============== Created Last 30 ================

2009-02-25 09:20 --d-h--- c:\windows\PIF
2009-02-25 08:17 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-18 10:17 --d----- C:\spoolerlogs
2009-02-17 16:19 5,396 a------- c:\windows\system32\10086b4abb.ax
2009-02-17 15:42 27,136 a------- c:\windows\system32\lspmuq.dll
2009-02-12 15:04 --d----- c:\program files\Trend Micro
2009-02-10 08:21 --d----- c:\program files\Norton Security Scan
2009-02-09 15:25 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-09 14:57 --d----- c:\windows\system32\Adobe
2009-02-09 14:36 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-09 14:24 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 15:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-06 15:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 15:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 15:08 --d----- c:\docume~1\mandy\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-06 14:58 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-06 12:04 --d----- c:\windows\system32\XPSViewer
2009-02-06 12:03 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-06 12:03 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-06 12:03 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-06 12:03 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-06 12:03 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-06 12:03 --d----- C:\5e9092f53fe58790bea05b2ee6b26e
2009-02-06 12:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-06 12:03 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-06 12:03 --d----- c:\windows\SxsCaPendDel
2009-02-06 11:58 --d----- C:\7ec3d501749fd65f01b42334d62812
2009-02-06 11:58 --d----- C:\012b37e6cbdae0e83c27
2009-02-06 11:08 --d----- c:\documents and settings\mandy\.SunDownloadManager
2009-02-06 09:34 --d----- c:\docume~1\mandy\applic~1\Malwarebytes
2009-02-06 09:34 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 10:08 --d----- c:\program files\Lavasoft
2009-02-04 09:29 --d----- c:\program files\common files\Download Manager

==================== Find3M ====================

2009-02-06 11:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 15:18 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 15:18 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-15 15:18 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 15:18 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-08-19 07:56 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 9:24:53.62 ===============

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
Hello.
Three things to do here.

Have you noticed a Firefox hijack called Searchsave?

Please upload these two files in bold below:
c:\windows\system32\10086b4abb.ax
c:\windows\system32\lspmuq.dll
To this site for a scan.
http://virscan.org/
Copy and paste the results back here.

Please download this file:
http://go.microsoft.com/?linkid=9645476
It should restart the print spooler service when you run it.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
I haven't noticed any firefox hijacks I'll keep an eye out for it though.

here are the results of those scans:

File Name : 10086b4abb.ax
File Size : 5396 byte
File Type : data
MD5 : 88d2cac82bc4783eaa67c3f9c8322063
SHA1 : 742d843498f26593bd5bf0b5cac1b79cb10f7e5b

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/02/25 09:54:29 (CST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090225180323 2009-02-25
-
2.305
AhnLab V3 2009.02.25.02 2009.02.25 2009-02-25
-
1.212
AntiVir 7.9.0.88 7.1.2.80 2009-02-25
-
1.834
Antiy 2.0.18 20090225.2204370 2009-02-25
-
0.120
Authentium 5.1.1 200902251420 2009-02-25
-
1.073
AVAST! 3.0.1 090225-1 2009-02-25
-
0.002
AVG 7.5.52.442 270.11.3/1971 2009-02-25
-
1.908
BitDefender 7.81008.2684368 7.23853 2009-02-25
-
2.495
CA (VET) 9.0.0.143 31.6.6374 2009-02-25
-
3.817
ClamAV 0.94.2 9047 2009-02-25
-
0.002
Comodo 3.8 986 2009-02-25
-
0.453
CP Secure 1.1.0.715 2009.02.25 2009-02-25
-
7.074
Dr.Web 4.44.0.9170 2009.02.25 2009-02-25
-
4.111
F-Prot 4.4.4.56 20090225 2009-02-25
-
1.066
F-Secure 5.51.6100 2009.02.25.07 2009-02-25
-
1.450
Fortinet 2.81-3.117 10.81 2009-02-25
-
0.152
GData 19.3415/19.236 20090225 2009-02-25
-
3.269
Ikarus T3.1.01.45 2009.02.25.72352 2009-02-25
-
3.804
JiangMin 11.0.706 2009.02.25 2009-02-25
-
1.494
Kaspersky 5.5.10 2009.02.25 2009-02-25
-
0.018
KingSoft 2009.2.5.15 2009.2.25.20 2009-02-25
-
0.598
McAfee 5.3.00 5535 2009-02-24
-
3.041
Microsoft 1.4306 2009.02.25 2009-02-25
-
5.078
mks_vir 2.01 2009.02.24 2009-02-24
-
2.671
Norman 6.00.06 6.00.00 2009-02-25
-
8.008
nProtect 20090225.02 3183347 2009-02-25
-
3.989
Panda 9.05.01 2009.02.24 2009-02-24
-
1.564
Quick Heal 10.00 2009.02.25 2009-02-25
-
0.899
Rising 20.0 21.18.22.00 2009-02-25
-
0.272
Sophos 2.84.1 4.39 2009-02-25
-
1.924
Sunbelt 5006 5006 2009-02-23
-
0.580
Symantec 1.3.0.24 20090224.017 2009-02-24
-
0.044
The Hacker 6.3.2.4 v00265 2009-02-24
-
0.490
Trend Micro 8.700-1004 5.867.00 2009-02-25
-
0.023
VBA32 3.12.10.0 20090225.0932 2009-02-25
-
1.581
ViRobot 20090225 2009.02.25 2009-02-25
-
0.398
VirusBuster 4.5.11.10 10.101.24/961995 2009-02-25
-
1.185
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database

File Name : lspmuq.dll
File Size : 27136 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 7f44f50cdd1dc17000643689b745c302
SHA1 : 25e9467f027f2d07b81874782cbf9548709770be

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/02/25 10:00:24 (CST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090225180323 2009-02-25
-
2.222
AhnLab V3 2009.02.25.02 2009.02.25 2009-02-25
-
1.054
AntiVir 7.9.0.88 7.1.2.80 2009-02-25
-
1.863
Antiy 2.0.18 20090225.2204370 2009-02-25
-
0.119
Authentium 5.1.1 200902251420 2009-02-25
-
1.110
AVAST! 3.0.1 090225-1 2009-02-25
-
0.011
AVG 7.5.52.442 270.11.3/1971 2009-02-25
-
1.929
BitDefender 7.81008.2684368 7.23853 2009-02-25
-
2.503
CA (VET) 9.0.0.143 31.6.6374 2009-02-25
-
5.229
ClamAV 0.94.2 9047 2009-02-25
-
0.031
Comodo 3.8 986 2009-02-25
-
0.486
CP Secure 1.1.0.715 2009.02.25 2009-02-25
-
7.268
Dr.Web 4.44.0.9170 2009.02.25 2009-02-25
-
4.091
F-Prot 4.4.4.56 20090225 2009-02-25
-
1.127
F-Secure 5.51.6100 2009.02.25.07 2009-02-25
-
4.793
Fortinet 2.81-3.117 10.81 2009-02-25
-
0.372
GData 19.3415/19.236 20090225 2009-02-25
-
4.266
Ikarus T3.1.01.45 2009.02.25.72352 2009-02-25
-
3.802
JiangMin 11.0.706 2009.02.25 2009-02-25
-
1.535
Kaspersky 5.5.10 2009.02.25 2009-02-25
-
0.096
KingSoft 2009.2.5.15 2009.2.25.20 2009-02-25
-
0.613
McAfee 5.3.00 5535 2009-02-24
-
3.166
Microsoft 1.4306 2009.02.25 2009-02-25
-
4.624
mks_vir 2.01 2009.02.24 2009-02-24
-
2.701
Norman 6.00.06 6.00.00 2009-02-25
-
8.009
nProtect 20090225.02 3183347 2009-02-25
-
6.252
Panda 9.05.01 2009.02.24 2009-02-24
-
1.642
Quick Heal 10.00 2009.02.25 2009-02-25
-
1.476
Rising 20.0 21.18.22.00 2009-02-25
-
0.838
Sophos 2.84.1 4.39 2009-02-25
-
2.017
Sunbelt 5006 5006 2009-02-23
-
0.653
Symantec 1.3.0.24 20090224.017 2009-02-24
-
0.373
The Hacker 6.3.2.4 v00265 2009-02-24
-
0.532
Trend Micro 8.700-1004 5.867.00 2009-02-25
-
0.059
VBA32 3.12.10.0 20090225.0932 2009-02-25
-
1.708
ViRobot 20090225 2009.02.25 2009-02-25
-
0.418
VirusBuster 4.5.11.10 10.101.24/961995 2009-02-25
-
1.213
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
Okay, them two files appear to be fine.
Did the printspoolerrestart.msi work?

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
nope the spooler still isn't working. neither is my norton 360...it won't update

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
Okay, lets run a rootkit scan.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
looks good from what I can tell:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
I got this window when my computer rebooted just now:

Data Execution Prevention-Micr. Win.

To help protect your computer, Win. has closed this program.

Name: Spooler SubSystem App
Publisher: Micr. Corp.

with a 'Close Message' button

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
I got this window when my computer rebooted just now:

Data Execution Prevention-Micr. Win.

To help protect your computer, Win. has closed this program.

Name: Spooler SubSystem App
Publisher: Micr. Corp.

with a 'Close Message' button

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
The spooler system again.
It shouldn't cause any damage.

I think the Norton not updating might be confliction.
Please disable adwatch, read here for instructions:
http://www.lavasoftsupport.com/index.php?showtopic=19804

Then see if Norton will update.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
I tried w/adaware disabled. Still no update. I get this error:

LiveUpdate Engine COM Module has encountered a problem and needs to close.

The data in the error report looks like this:

szAppName: LuComServer_3_4.exe
szAppVer: 3.4.1.238
szModName: Unknown
szModVer: 0.0.0.0
offset: 87bbd714

If this helps anything.

And I'm still not sure how to reset the spooler thing..that fix-it download didn't work at all.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
Norton is probably corrupt.
Uninstall and re-install it should work.

Or better yet, get rid of it all together and install something like Avira.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
Yeah, I know Norton sucks, but it's what the company bought...I'll have the office manager deal with Norton. thanks again for your help..at least I know it's not a virus attacking and eating away at my programs.

descriptionthings aren't right! EmptyRe: things aren't right!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum