1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please take a look-Security or sftwr prob?

Discussion in 'Windows XP' started by Sean Olivers, Feb 15, 2007.

Thread Status:
Not open for further replies.
  1. Sean Olivers

    Sean Olivers Thread Starter

    Joined:
    Aug 23, 2003
    Messages:
    53
    My machine is displaying odd behavior; jumping cursor, lines of text suddenly getting selected in Word, programs shutting down as I try to open them, and a few other things.

    Explorer (not IE 7) just got an error message and had to close while typing this. I looked at the Dr Wtsn log, and one recurring sentence among all the lines of tech stuff was: 'ERROR: Symbols could not be found" or something to that effect.
    I DLed "Windows Debugging tools" but I don't have the knowledge to use them.

    I have run a few scans (AVG & Panda) etc and did the 'recommended' instructions, but that's all; I have not tried Killbox or any other steps to remove what appears to be some malware.
    OTOH, it seems Dr Wtsn might be up to something, so I dunno...

    All Microsoft updates installed.

    I've also run Diskeeper to defrag everything incl MFT and page file.
    I've run something called "Advanced System Optimizer" to clean the Registry.

    Also, reboot takes quite a long time, about 3-5 mins. Is that because of all these Adobe and Roxio services that run at start? I disabled some via SpybotSD, but there seems to be alot more, according to HijackThis.

    Here is a HijackThis log from a few minutes ago, and an AVG report from this AM, and a Panda Scan from last night:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:32:12 PM, on 2/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvraidservice.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\em3kfiles\install.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Kittie Kat\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
    O3 - Toolbar: Systran40premi.IEPlugIn - {D3919E1A-D6A5-11D6-AC3E-00B0D094B576} - C:\Program Files\Systran 4\4_0\Premium\IEPlugIn.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk.disabled
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk.disabled
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NaturalColorLoad.lnk.disabled
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://militera.lib.ru
    O15 - Trusted Zone: http://mechcorps.rkka.ru
    O15 - Trusted Zone: http://*.rkka.ru
    O15 - Trusted Zone: http://www.soldat.ru
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159351489856
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159353064045
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0883E977-686E-4AE1-9A0B-8D4CF67801E1}: NameServer = 151.164.8.201 66.73.20.40
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0883E977-686E-4AE1-9A0B-8D4CF67801E1}: NameServer = 151.164.8.201 66.73.20.40
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    AVG REPORT FROM THIS A.M.


    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:25:23 PM 2/15/2007

    + Scan result:



    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP223\A0051814.exe -> Adware.BugDoctor : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP223\A0051815.exe -> Adware.BugDoctor : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP223\A0051812.exe -> Downloader.Agent.aey : No action taken.
    :mozilla.45:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.46:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.47:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.12:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.61:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.62:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.95:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.13:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.15:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.96:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.99:C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP223\A0051813.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP223\A0051931.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP223\A0051952.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP226\A0051976.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP227\A0052971.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP227\A0054053.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP227\A0054067.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP228\A0054238.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP230\A0054534.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP230\A0054589.sys -> Trojan.Small.bs : No action taken.
    C:\System Volume Information\_restore{6301E054-E324-44F4-A6AE-F3ED1D34DAFC}\RP230\A0054607.sys -> Trojan.Small.bs : No action taken.
    C:\WINDOWS\new_drv.sys -> Trojan.Small.bs : No action taken.


    ::Report end

    PANDA SCAN FROM LAST NIGHT/A.M.

    Incident Status Location

    Adware:adware/cws Not disinfected C:\Documents and Settings\Kittie Kat\Favorites\Fun & Games
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt[.go.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kittie Kat\Application Data\Mozilla\Firefox\Profiles\ysp0c8nw.default\cookies.txt[.tribalfusion.com/]
    Virus:Trj/Spyforms.H Disinfected C:\Program Files\Winternals\Winternals Defrag Manager v3.0.exe
    Spyware:Cookie/Belnk Not disinfected C:\Transferred from 120GB\SMO\Cookies\[email protected][1].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Transferred from 120GB\SMO\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Transferred from 120GB\SMO\Cookies\[email protected][2].txt
     
  2. Sean Olivers

    Sean Olivers Thread Starter

    Joined:
    Aug 23, 2003
    Messages:
    53
    UPDATE: I just ran SpyBot, and it detected the "Nurech" virus/worm/critter, but couldn't get rid of it entirely.

    Perhaps this post should get moved to Security?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544393

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice