Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection?


  • This topic is locked This topic is locked
2 replies to this topic

#1 sbblizz

sbblizz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 04 March 2009 - 02:12 AM

For the past couple of days my computer has been acting weird. When I boot up all I get is my background photo of course I can get my taskbar when I ALT+CTRL+DEL and choose new task and ask it to open something that I know isn't on this computer. I have also been having a mess of trouble with activx controls not wanting to download, keep getting the error message, your current security settings prohibit running activex controls on this page. as a result this page may not display correctly. Also on Monday I had to completly reinstall my OS because everytime I would startup it would just keep restarting, couldn't get into safe mode by pressing F8 the only way I could even get to that screen was to unplug my computer and take out the battery for a few seconds then it would sometimes let me boot up in safe mode. I guess that is all I can tell you about the problem with my computer. Any help would be much appreciated.

Here is the log file:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jonie at 0:27:08.43 on Wed 03/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.598 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\program files\idt\intelxpv_v83\wdm\STacSV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\AOL\1236021853\ee\AOLSoftware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Jonie\Desktop\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jonie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton

antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton

antivirus\NavShExt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [HostManager] c:\program files\common files\aol\1236021853\ee\AOLSoftware.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol

toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: pogo.com\www
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236024075171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {32F92984-51CA-4041-AADF-788E89B72C13} = 205.188.146.145
Notify: Antiwpa - wpa.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jonie\applic~1\mozilla\firefox\profiles\co6qeb58.default\
FF - prefs.js: browser.search.selectedEngine - Anagrammer
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-3-4 185960]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-3-4 239264]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-3-4 177768]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 116224]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE

[2005-3-23 128112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\NAVENG.Sys [2009-3-3 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\NavEx15.Sys [2009-3-3 876144]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2005-2-4 324232]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-3-4 83560]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2005-2-17 198368]

=============== Created Last 30 ================

2009-03-03 13:03 <DIR> --d----- C:\CloneDVDTemp
2009-03-03 06:38 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-03 06:38 53,248 a------- c:\windows\system32\CSVer.dll
2009-03-03 06:38 <DIR> --d----- C:\Intel
2009-03-03 06:00 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-03-03 06:00 427,864 a------- c:\windows\system32\XceedZip.dll
2009-03-03 06:00 <DIR> --d----- c:\program files\Driver-Soft
2009-03-03 04:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-03-03 03:17 <DIR> --d----- c:\program files\common files\EasyInfo
2009-03-03 01:46 <DIR> --d----- c:\program files\SymNetDrv
2009-03-02 18:25 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-02 18:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-02 18:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-02 15:48 <DIR> --d----- c:\program files\Norton Internet Security
2009-03-02 15:48 <DIR> --d----- c:\docume~1\jonie\applic~1\Symantec
2009-03-02 15:47 124,016 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-02 15:47 91,904 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-02 15:47 <DIR> --d----- c:\program files\Symantec
2009-03-02 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-03-02 15:47 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-02 15:27 <DIR> --d----- c:\program files\IDT
2009-03-02 15:01 24 a--sh--- c:\windows\S6223BD21.tmp
2009-03-02 15:01 <DIR> --d----- c:\program files\SlySoft
2009-03-02 14:56 <DIR> --d----- c:\docume~1\jonie\applic~1\IObit
2009-03-02 14:56 <DIR> --d----- c:\program files\IObit
2009-03-02 14:53 <DIR> --d----- c:\program files\Elaborate Bytes
2009-03-02 14:25 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-02 14:25 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-02 14:10 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-03-02 14:10 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-03-02 14:10 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-03-02 14:10 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-02 14:10 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-02 14:00 <DIR> --ds---- c:\documents and settings\jonie\UserData
2009-03-02 13:27 <DIR> --d----- c:\docume~1\jonie\applic~1\AOL
2009-03-02 13:26 715 a------- c:\windows\aolback.exe.lnk
2009-03-02 13:26 <DIR> --d----- c:\program files\common files\aolback
2009-03-02 13:25 <DIR> --d----- C:\Install iTunes
2009-03-02 13:25 <DIR> --d----- C:\Install ICQ
2009-03-02 13:25 <DIR> --d----- C:\AOL Instant Messenger
2009-03-02 13:25 <DIR> --d----- C:\MAV
2009-03-02 13:25 <DIR> --d----- C:\aolextras
2009-03-02 13:25 173,184 a------- c:\windows\system32\ygpss.scr
2009-03-02 13:25 <DIR> --d----- c:\docume~1\jonie\applic~1\You've Got Pictures Screensaver
2009-03-02 13:25 <DIR> --d----- c:\program files\common files\Nullsoft
2009-03-02 13:25 106,496 a------- c:\windows\unvise32qt.exe
2009-03-02 13:24 <DIR> --d----- c:\program files\common files\Real
2009-03-02 13:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-03-02 13:24 <DIR> --d----- c:\program files\Viewpoint
2009-03-02 13:24 <DIR> --d----- c:\program files\AOL Toolbar
2009-03-02 13:24 <DIR> --d----- c:\program files\common files\AolCoach
2009-03-02 13:24 <DIR> --d----- c:\program files\common files\aolshare
2009-03-02 13:24 <DIR> --d----- c:\program files\America Online 9.0
2009-03-02 13:20 <DIR> --d----- c:\program files\common files\AOL
2009-03-02 13:20 <DIR> --d-h--- C:\TEMP
2009-03-02 13:03 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-02 12:50 <DIR> --d----- c:\program files\Support Tools
2009-03-02 12:32 <DIR> --d----- c:\windows\pss
2009-03-02 12:31 <DIR> --d----- c:\documents and settings\Jonie
2009-03-02 12:30 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-02 12:30 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-02 12:27 35,328 ac------ c:\windows\system32\dllcache\iprip.dll
2009-03-02 12:26 20,540 ac------ c:\windows\system32\dllcache\admin.dll
2009-03-02 12:26 <DIR> --d----- c:\windows\system32\xircom
2009-03-02 12:26 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-03-02 12:26 20,576 a------- c:\windows\system32\drivers\pxhelp20.sys
2009-03-02 12:25 <DIR> --d----- c:\program files\Windows Plus
2009-03-02 12:25 11,452 a------- c:\windows\system32\mypixdx.chm
2009-03-02 12:25 3,360,768 a------- c:\windows\system32\nature.scr
2009-03-02 12:25 1,759,744 a------- c:\windows\system32\mypixdx.scr
2009-03-02 12:25 5,086,208 a------- c:\windows\system32\davinci.scr
2009-03-02 12:25 7,110,656 a------- c:\windows\system32\space.scr
2009-03-02 12:25 4,413,952 a------- c:\windows\system32\wpgldfsh.scr
2009-03-02 12:25 85,504 a------- c:\windows\system32\mhn.dll
2009-03-02 12:25 11,008 a------- c:\windows\system32\drivers\mhndrv.sys
2009-03-02 12:25 8,704 a------- c:\windows\system32\igdetect.dll
2009-03-02 12:22 <DIR> --d----- c:\windows\system32\URTTemp
2009-03-02 12:21 2,577 a------- c:\windows\system32\CONFIG.NT
2009-03-02 12:21 0 a------- c:\windows\control.ini
2009-03-02 12:21 23,392 a------- c:\windows\system32\nscompat.tlb
2009-03-02 12:21 16,832 a------- c:\windows\system32\amcompat.tlb
2009-03-02 12:21 316,640 a------- c:\windows\WMSysPr9.prx
2009-03-02 12:20 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-02 12:20 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-02 12:19 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-02 12:18 <DIR> --d----- c:\program files\Online Services
2009-03-02 12:18 <DIR> --d----- c:\program files\Messenger
2009-03-02 12:18 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-02 12:17 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-02 13:24 8,552 a------- c:\windows\system32\drivers\asctrm.sys
2009-03-02 12:58 1,536 a------- c:\windows\system32\TrueSoft.dat
2009-03-02 12:50 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-02 12:18 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 0:27:23.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sbblizz

sbblizz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 04 March 2009 - 09:18 PM

Well Nevermind on this I did finally find a virus.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:35 PM

Posted 04 March 2009 - 09:27 PM

OK.

If you found the problem - congrats.


Should your have other other problems, please start a new thread and give a bit more information as to the problem.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users