Jump to content


Photo
- - - - -

Computer messed up!


  • This topic is locked This topic is locked
119 replies to this topic

#1 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 23 March 2008 - 07:45 AM

I have major problems with my computer and I am thinking it is a virus. But I have used AVG-Antispyware to do a complete system scan TWICE in a row. All the detected viruses were either ignored, deleted or quartined. There were some downloaders (High Risk), tracking cookies (Medium Risk) and Not-a-virus (Low Risk) I did the recommended actions.

Here are some of the problems going on my computer:

-Can't copy or paste
-Can't press links and some buttons
-It takes longer for the desktop to show up

When you type something in a box, my computer stores it. You type the letter and it will show you all the words you typed in that box

-It doesn't show I typed in before

When you go into device manager, you see a list of all the devices.

-When I try to go to the properties of a device, (by right-clicking) the properties window just doesn't open.

There are probably more problems but here are the ones at the top of my mind. NOTE: The problem is in both Internet Explorer and Windows.

Thanks!

Waterburn

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 23 March 2008 - 11:41 AM

Are you able to post a hijackthis log?
To copy, use the Ctrl + C keys
to paste, use the Ctrl + V keys

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 23 March 2008 - 02:10 PM

<br />Are you able to post a hijackthis log?<br />To copy, use the Ctrl + C keys<br />to paste, use the Ctrl + V keys<br />

<br /><br /><br />

It seems I can copy and paste for this situation.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:37, on 2008-3-23
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NetMeeting\mstinit.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\conime.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINNT\system32\lexpps.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [internat.exe] internat.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-57989841-920026266-1202660629-500\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-...sapplet-epf.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinn...man/hangman.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinn...es/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Remote ABC - C:\Program Files\NetMeeting\mstinit.exe
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1.GU-/LOCALS~1/Temp/msoclip1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\My Documents\My Pictures\let it snow.bmp

--
End of file - 7637 bytes

Thanks Again!

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 23 March 2008 - 09:20 PM

Do you use Firewall software on this computer?
Or at least a hardware firewall?

Can you do the following
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Post the Kaspersky Online Scanner Report in your reply.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 24 March 2008 - 07:30 AM

Two problems:

1)I had to type the link since it didnt work when I clicked it
2)I can't do the scan since the "accept" button doesn't work

I thought of more problems from what seems to be a virus:

1)The yahoo e-mails are empty
2)Can't delete the yahoo e-mails since "delete" is a button
3)In windows I can't drag and drop
4)Another problem which may or may not be associated with all this:
When I try to install Kaspersky Antivirus with Windows Installer, A message pops up:

The Windows Installer Service could not be accessed. This can occur if you are runnining Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel for assistance.

This message pops up if you try to open any .msi file. But that's another story. I already looked up a lot for this so don't bother looking into it. If you provide a link, I probably would have already gone there.

*Keep in mind I can't type in long links*

I check for replies like every hours because I want to get this fixed A.S.A.P!

Thanks!

Waterburn

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 24 March 2008 - 11:24 AM

I'm a bit surprised you don't already have AV or Firewall protection installed on Win 2000
Looks as if you may have had Symantecs installed at one time, but no longer?

Did you try the following?
1. Click Start, click Run, then type Regedt32.
2. For each of the registry hives, follow these steps:
a. Select the hive.
b. For Windows XP, on the Edit menu, click Permissions.
For Windows 2000 and Windows NT 4, on the Security menu, click Permissions.
3. Verify that the SYSTEM account has been added and that it has Full control. If it does not, add the SYSTEM account with Full control.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#7 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 24 March 2008 - 11:33 AM

I used to have Symantec about a year ago. I guess it didn't get completely removed. But I usually don't spend money on av or firewall. I ususally download trials or free av. Right now I am scanning with AVG Anti-spyware and Superantispyware.

I checked permissions and found that for SYSTEM both boxes were checked for full permission.

P.S When I was checking the post, I saw you were posting, what a coincidence!

Thanks!

Waterburn

#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 24 March 2008 - 11:47 AM

If possible, can you post the logs from both AVG and Super when done

Try the keyboard keys to copy>paste

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#9 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 24 March 2008 - 12:16 PM

If you can't copy>paste
Can you use the UPLOAD button in a reply box and upload the results?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#10 waterburn

waterburn

    Enthusiast

  • Members
  • PipPipPipPip
  • 104 posts

Posted 24 March 2008 - 05:01 PM

Sorry for the late reply but now I am having problems with the printer.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:21:19 2008-3-24

+ Scan result:



C:\WINNT\AutoUpdateWin32.exe -> Not-A-Virus.Adware.Agent : Ignored.


::Report end

--------------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/24/2008 at 04:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Custom Scan
Total Scan Time : 03:09:35

Memory items scanned : 0
Memory threats detected : 0
Registry items scanned : 22
Registry threats detected : 0
File items scanned : 28728
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Default User.WINNT\Cookies\[email protected][1].txt

Adware.webHancer
C:\WINNT\WH.EXE

Adware.eXactAdvertising-Installer
C:\WINNT\DLGB.EXE

Adware.IEPlugin
C:\WINNT\RGRT.EXE


If these massive problems are fixed, you are the first one I am going to thank.

Thanks!

Waterburn

#11 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 24 March 2008 - 09:25 PM

Download