NIS 2009 suddenly stopped working

CPitcher74 · June 11, 2009, 1:14am

Hello all,

Great community here. This is my first post. My NIS 2009 suddenly stopped working the other day. I could not log into identity safe and the tray icon was gone. When I try to launch the program from the start menu or it's directory, nothing happens. After much searching and reading I uninstalled Spybot S and D, then I did the following:

-downloaded removal tool and uninstalled

-downloaded and ran a malware bytes full scan (nothing found)

-downloaded NIS installer from website here and reinstalled

This still did not work. I cannot launch the program, there is no tray icon, and identity safe is not functional. I'm ready to do whatever it takes to remedy the situation, but I'm at a loss for where to start.

Thanks in advance for any advice/tips

Colin

Message Edited by CPitcher74 on 06-10-2009 06:16 PM

[edit: Changed subject to reflect user issue.]

Message Edited by shannons on 06-10-2009 07:31 PM

CPitcher74 · June 11, 2009, 1:14am

Hello all,

Great community here. This is my first post. My NIS 2009 suddenly stopped working the other day. I could not log into identity safe and the tray icon was gone. When I try to launch the program from the start menu or it's directory, nothing happens. After much searching and reading I uninstalled Spybot S and D, then I did the following:

-downloaded removal tool and uninstalled

-downloaded and ran a malware bytes full scan (nothing found)

-downloaded NIS installer from website here and reinstalled

This still did not work. I cannot launch the program, there is no tray icon, and identity safe is not functional. I'm ready to do whatever it takes to remedy the situation, but I'm at a loss for where to start.

Thanks in advance for any advice/tips

Colin

Message Edited by CPitcher74 on 06-10-2009 06:16 PM

[edit: Changed subject to reflect user issue.]

Message Edited by shannons on 06-10-2009 07:31 PM

Quads · June 11, 2009, 1:26am

Hi

1. How long have you had NIS installed for??

2. Download Hijackthis http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis .exe version Run it creating a log and post here.

3. Follw this post http://community.norton.com/norton/board/message?board.id=Norton_360&message.id=13889#M13889 to get a Rootrepeal log, to see if something is hidden

Quads

Quads · June 11, 2009, 1:28am

here is something for you Delphie

A hijackthis log will show the OS version

Quads

delphinium · June 11, 2009, 2:07am

Thanks Quads. Just making idle conversation while you were already posting, I presume. :smileymad:

CPitcher74 · June 11, 2009, 2:58am

Hey guys. Win XP SP2 Here is the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57, on 2009-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\n52te\n52teHid.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 83.143.81.174 eq2i.com
O1 - Hosts: 83.143.81.174 www.eq2i.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: (no name) - {757EFAE3-B160-4A69-95D7-46761353800B} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (file missing)
O20 - AppInit_DLLs: iSecurity.cpl
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8404 bytes

CPitcher74 · June 11, 2009, 3:01am

I've had NIS 09 installed since around early January. Here is the Root Repeal report part 1 of 2

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time:            2009/06/10 19:59
Program Version:        Version 1.2.3.0
Windows Version:        Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000065
Image Path: \Driver\00000065
Address: 0x00000000    Size: 0    File Visible: No
Status: -

Name: a6k8zb9x.SYS
Image Path: C:\WINDOWS\System32\Drivers\a6k8zb9x.SYS
Address: 0xB7B2C000    Size: 303104    File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4F94000    Size: 98304    File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79DD000    Size: 8192    File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3452000    Size: 45056    File Visible: No
Status: -

Name: zvftmqv.sys
Image Path: zvftmqv.sys
Address: 0xF75F7000    Size: 61440    File Visible: No
Status: -

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System    Address: 0x8a3c61d8    Size: -

Object: Hidden Code [Driver: Si3132r5, IRP_MJ_CREATE]
Process: System    Address: 0x8a3c71d8    Size: -

Object: Hidden Code [Driver: Si3132r5, IRP_MJ_CLOSE]
Process: System    Address: 0x8a3c71d8    Size: -

Object: Hidden Code [Driver: Si3132r5, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a3c71d8    Size: -

Object: Hidden Code [Driver: Si3132r5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8a3c71d8    Size: -

Object: Hidden Code [Driver: Si3132r5, IRP_MJ_POWER]
Process: System    Address: 0x8a3c71d8    Size: -

Object: Hidden Code [Driver: Si3132r5, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8a3c71d8    Size: -

Object: Hidden Code [Driver: Si3132r5, IRP_MJ_PNP]
Process: System    Address: 0x8a3c71d8    Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System    Address: 0x8a3571d8    Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System    Address: 0x8a3571d8    Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a3571d8    Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System    Address: 0x8a3571d8    Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8a3571d8    Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System    Address: 0x8a3571d8    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System    Address: 0x89e88778    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8a3c81d8    Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System    Address: 0x8a3c81d8    Size: -

CPitcher74 · June 11, 2009, 3:02am

Root Repeal part 2 of 2

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System    Address: 0x89db01d8    Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System    Address: 0x89db01d8    Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x89db01d8    Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x89db01d8    Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System    Address: 0x89db01d8    Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x89db01d8    Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System    Address: 0x89db01d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System    Address: 0x8a3581d8    Size: -

Object: Hidden Code [Driver: Part, IRP_MJ_CREATE]
Process: System    Address: 0x89d851d8    Size: -

Object: Hidden Code [Driver: Part, IRP_MJ_CLOSE]
Process: System    Address: 0x89d851d8    Size: -

Object: Hidden Code [Driver: Part, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x89d851d8    Size: -

Object: Hidden Code [Driver: Part, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x89d851d8    Size: -

Object: Hidden Code [Driver: Part, IRP_MJ_POWER]
Process: System    Address: 0x89d851d8    Size: -

Object: Hidden Code [Driver: Part, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x89d851d8    Size: -

Object: Hidden Code [Driver: Part, IRP_MJ_PNP]
Process: System    Address: 0x89d851d8    Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System    Address: 0x892cd1d8    Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System    Address: 0x892cd1d8    Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x892cd1d8    Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x892cd1d8    Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System    Address: 0x892cd1d8    Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System    Address: 0x892cd1d8    Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System    Address: 0x89e6d1d8    Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System    Address: 0x89e6d1d8    Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x89e6d1d8    Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x89e6d1d8    Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System    Address: 0x89e6d1d8    Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x89e6d1d8    Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System    Address: 0x89e6d1d8    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System    Address: 0x892c7980    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_CREATE]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_CLOSE]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_READ]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_CLEANUP]
Process: System    Address: 0x89256668    Size: -

Object: Hidden Code [Driver: Cdfsࠅఅ瑎獆艠甀ሠ, IRP_MJ_PNP]
Process: System    Address: 0x89256668    Size: -

Quads · June 11, 2009, 4:55am

Hi there

I have my hands full at the moment, but you do have or part of of the Malware " iSecurity Trojan"

Hijackthis entries

O3 - Toolbar: (no name) - {757EFAE3-B160-4A69-95D7-46761353800B} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O20 - AppInit_DLLs: iSecurity.cpl

Tick (check) those entries only and click "fix checked"

See http://www.bleepingcomputer.com/virus-removal/isecurity and try Malwarebytes updated and a Full Scan

As for Norton, it is not loading as a service (O23) and a file is missing after cleaning your PC I would suggest reinstalling NIS

Quads

CPitcher74 · June 11, 2009, 5:30am

Everything seems back to normal now. Thanks Quads. Calling this solved and hopefully I won’t be back :smileyhappy:

Quads · June 11, 2009, 6:15am

No problem,

Keep Malwarebytes, it is free and has continual updates, It doesn't interfer with Norton

Quads

NIS 2009 suddenly stopped working

Announcements