PC TURNS OFF DURING VIRUS SCAN (again)

AUHDGAUHD · #1 (**permalink**) 22-02-2008, 01:45 AM

I'm having the same damn problem again. My computer turns off while doing a virus scan. It was gone for a while, but I think someone that used my computer was visiting some warez site and I don't know if that was the cause of getting this annoying virus again. Please help in removing this damn thing once and for all. The previous thread: Shutdown during Virus Scan(RESOLVED)

-Omar

AUHDGAUHD · #2 (**permalink**) 22-02-2008, 01:50 AM

I forgot to mention that I ran ComboFix since the symptoms were similar to the previous case and ComboFix did not delete any files. Here is the log:

ComboFix 08-02-22 - Administrator 2008-02-21 16:45:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1510 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-20 04:41 . 2008-02-20 04:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVSMedia
2008-02-20 04:40 . 2008-02-20 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-20 04:37 . 2008-02-20 05:01 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-02-20 04:36 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-20 04:36 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-02-20 04:36 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-02-20 04:36 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-20 04:36 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-20 04:36 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-02-20 04:36 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-02-20 04:36 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-20 04:36 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-02-20 04:36 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-20 04:36 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-02-19 18:04 . 2008-02-19 18:04 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-18 18:09 . 2008-02-19 03:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-18 18:09 . 2008-02-18 18:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 17:15 . 2008-02-18 17:15 <DIR> d-------- C:\Documents and Settings\Administrator\.DownloadManager
2008-02-18 04:31 . 2008-02-21 14:57 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-02-11 15:30 . 2008-02-11 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-11 15:26 . 2008-02-12 03:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-11 15:26 . 2008-02-11 15:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-10 02:11 . 2008-02-10 02:26 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 02:11 . 2008-02-10 02:27 6,456 --a------ C:\WINDOWS\unins000.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-22 00:49 66,490,400 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 00:48 3,064,864 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-22 00:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-02-22 00:45 --------- d-----w C:\Program Files\GetRight
2008-02-22 00:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-02-22 00:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-02-21 13:50 897,920 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 13:50 291,056 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-21 11:59 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\SolidDocuments
2008-02-20 20:00 61,596 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_20_02_34_51_small.dmp.zip
2008-02-20 11:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 10:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 10:58 --------- d-----w C:\Program Files\Ulead Systems
2008-02-20 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-20 10:54 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-20 10:22 6,078,976 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp
2008-02-20 10:22 3,945,984 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp
2008-02-20 00:14 512 ----a-w C:\ScanSectorLog.dat
2008-02-19 22:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SolidDocuments
2008-02-19 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-15 14:00 3,181,568 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-14 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 10:44 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-11 23:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 23:28 5,826,560 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-10 23:16 5,826,048 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-10 23:16 2,685,952 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-10 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 10:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 10:15 4,922,368 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-02-10 03:56 5,807,104 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-01-28 10:31 5,783,552 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-26 03:45 14,219,376 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-24 23:53 5,778,432 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-24 23:44 3,806,720 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-01-20 11:43 --------- d-----w C:\Program Files\Winamp
2008-01-12 12:13 3,844,096 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-06 01:46 4,835,840 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2007-12-31 02:52 --------- d-----w C:\Program Files\Bonjour
2007-12-31 02:29 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-14 09:06 3,815,936 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-11-22 10:56 62,344 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-11-22 00:14 3,887,104 ----a-w C:\WINDOWS\Internet Logs\xDBF7.tmp
2007-11-19 20:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-05 07:10 2,833,408 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2007-08-03 09:44 2,696,192 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-07-07 23:00 5,095,424 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-06-03 05:38 315,904 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp
2007-05-27 10:07 109,568 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-05-26 03:14 324,096 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-05-26 02:19 4,868,608 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-05-21 03:36 18,181,860 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_19_22_36_34_full.dmp. zip
2007-05-20 05:36 1,849,856 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2007-04-06 21:48 18,101,484 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_06_01_25_39_full.dmp. zip
2007-04-06 08:25 1,059,840 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2007-03-22 21:13 18,054,361 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_22_03_27_31_full.dmp. zip
2007-03-22 10:27 3,132,928 ----a-w C:\WINDOWS\Internet Logs\xDBE2.tmp
2007-03-22 10:25 4,648,960 ----a-w C:\WINDOWS\Internet Logs\xDBE3.tmp
2006-08-23 01:03 2,694,656 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-06-24 00:29 2,036,736 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Second Copy"="C:\Program Files\SecCopy\SecCopy.exe" [2006-01-09 12:45 915456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-04-29 09:22 1990703]
"ÆÇµµ¶óTV¹Ì´Ï"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 01:40 544768 C:\WINDOWS\sm56hlpr.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42 585728]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24 86016]
"NWEReboot"="" []
"Ptipbmf"="ptipbmf.dll" [2003-06-19 23:06 118784 C:\WINDOWS\system32\ptipbmf.dll]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 16:36 43008 C:\WINDOWS\system32\WFXSNT40.EXE]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 19:36 446464]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-18 11:55 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 12:45 36040]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-03-17 17:50:26 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-10-31 16:24:24 49254]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-07 16:43:05 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2006-12-19 02:29:07 118784]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-07-12 00:23:00 2301952]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 03:54 38400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 CloneCD;CloneCD I/O Driver;C:\WINDOWS\system32\drivers\CloneCD.sys [2000-08-25 14:52]
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 16:36]
S2 IcRecUsb;IC Recorder Driver;C:\WINDOWS\system32\Drivers\IcRecUsb.sys [2001-10-01 23:37]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 04:49]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sy s [2001-08-17 04:49]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sy s [2001-08-17 04:49]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 16:49:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-21 16:50:48
ComboFix2.txt 2008-02-13 09:18:40

Neal · #3 (**permalink**) 22-02-2008, 08:59 PM

Not again???

Got to stay away from those crack sites and file shareing programs.

You know the drill.

I need a hijackthis log

I need:

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

I need you to run super antispyware with same instructions as before, in case you don't have it any longer here you go:

Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html

* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the SUPERAntiSpyware log in your next reply.

AUHDGAUHD · #4 (**permalink**) 23-02-2008, 03:03 AM

I noticed the computer did not shut down while running SuperAntiSpyware. After SuperAntiSpyware deleted some files and restarted my computer, I ran Spybot and it shut off again.

SuperAntiSpyware LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/22/2008 at 05:37 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 02:17:17

Memory items scanned : 212
Memory threats detected : 0
Registry items scanned : 7244
Registry threats detected : 0
File items scanned : 68292
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@adbri te[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt .euroclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.a dbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anad. tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@divx. adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media 6degrees[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@value click[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.d omination-porn[2].txt

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:39 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll (file missing)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ÆÇµµ¶óTV¹Ì´Ï] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 10295 bytes

AUHDGAUHD · #5 (**permalink**) 23-02-2008, 03:07 AM

Here is the uninstall list from Hijackthis:

Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager 2.0 (Remove Only)
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Flash Player
ArcSoft PhotoImpression
ASUS Probe V2.23.03
ATI Display Driver
CloneCD
Core FTP LE 1.3c
Creative DVD Audio Plugin for Audigy Series
dBpowerAMP Music Converter
DiscWizard for Windows
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
DVDFab Decrypter 3.0.1.8 Beta
Ease Audio Converter 3.70
eIMAGE Recovery
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
EPSON User's Guide
Express Burn
Express Rip
FLV Player 1.3.3
Free Download Manager 2.0 - FreewareFiles.com Edition
GetRight
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
HyperCam 2
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterVideo Disc Master 2
InterVideo DVDCopy 2 for AsusTek
InterVideo WinDVD 5
InterVideo WinDVD Creator 2
IsoBuster 1.8
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LiveAdvisor (Symantec Corporation)
LiveUpdate
Macromedia Shockwave Player
Maia Mechanics Imaging
MailFrontier Desktop
MaxBlast 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Speakerphone Modem
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
Olympus Digital Wave Player
Palm Desktop
Panasonic Office Add-in
Paragon Partition Manager 7.0 Demo
Partition Commander
PC Inspector File Recovery
PDF Settings
Post-it® Software Notes Lite
PowerDVD
QuickTime
RealPlayer
RealSpeak_Solo_Common_for_Panasonic
RealSpeak_Solo_English_for_Panasonic
RecordPad Sound Recorder
Riva FLV Encoder 2.0
Riva FLV Player
Roxio Easy DVD Copy
SAMSUNG CDMA Modem Driver Set
Samsung Contacts Copier
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SAPI5_Common
SAPI5_English
ScanToWeb
Second Copy (7.0)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sencesa Flash Player
Skype™ 3.6
Slide
SolidConverterPDF
SolveigMM AVI Trimmer
Sony Sound Forge 8.0a
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware Professional
Switch
Symantec WinFax PRO 10.0
Ulead DVD MovieFactory 3 Disc Creator
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Voice Editing
WavePad Uninstall
Winamp (remove only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
ZoneAlarm Security Suite

Neal · #6 (**permalink**) 23-02-2008, 07:00 PM

Update Java: Security Issue

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:

Select it and click Remove.
* The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6u3 and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

Do an online scan (scan only tool) with Kaspersky WebScanner
[Internet Explorer required]

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
  - Extended (if available otherwise Standard)
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.

Post the results of the scan back here please and a new hijackthis log.

If you cannot do that one above try this one:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

AUHDGAUHD · #7 (**permalink**) 25-02-2008, 10:11 AM

I uninstalled every single installation of Java Runtime Environment. I tried to download "Jave SE Runtime Environment 6 Update 4" but it said my download transaction cannot be approved (look at attached image)

Do I need JRE installed right now? Or can I install it later when my browser asks me too?

I tried running Kaspersky and BOOM! Same damn thing, pc turns off. I noticed while it was scanning that it detected 2 viruses and 38 infected files/objects.

I tried DrWeb-Cureit and it won't run after I double click on it.

Here is the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:51 AM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll (file missing)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ÆÇµµ¶óTV¹Ì´Ï] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 9923 bytes

Neal · #8 (**permalink**) 25-02-2008, 08:03 PM

You can do Java later.

Disable Zonelabs firewall or uninstall it, enable windows firewall for now and try your scans.

If a router is present disconnect PC from router, then try the scans.

If that doesn't work then try running Dr. Web from safe mode.

Is Norton up to date? If not might try a good free anti-virus program like AVG or Avast.

You will need to uninstall Norton before the install of new program if you choose to do that.

AUHDGAUHD · #9 (**permalink**) 05-03-2008, 12:20 PM

I haven't been posting because my mobo is faulty. After I ran Dr. Web from safe mode, it blue screened on me. I didn't capture the stop code. After I hit the reset button, my pc did not display video anymore, none whatsoever. At first I thought it was either my monitor, video card, hard drive or power supply. Nope, those have been ruled out and it's definitely the mother board. Either some bios settings were changed or some mobo part blew out. This happened right after running that Dr. Web. I'm going to call Asus about the mobo, I have a P4C800-E Deluxe. Any ideas on troubleshooting this problem I have now? Hopefully after I take care of this new problem, you can offer some ideas with my original problem (virus) that has to do with external solutions other than re-formatting. Can I place the drive as a slave on another pc and scan it that way? Is there a piece of software that knows the symptoms of the virus I've got (shutting pc off) and knows the cure? Would running ComboFix again be another option? Should I contact a reputable pc security company to get some additional expert guidance?

Neal · #10 (**permalink**) 05-03-2008, 08:04 PM

With the problems you are having it would be best to take it to a local computer repair shop so they can diagnose what hardware problems you are having.

Good luck.