Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92290 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Need help again guys


  • This topic is locked This topic is locked
33 replies to this topic

#1 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 02 November 2005 - 04:11 PM

Something must have sneaked in. I can't autoupdate Norton anymore and a scan shows nothing.

As always your help is greatly appreciated.

Roligan

Here is the log

Logfile of HijackThis v1.99.0
Scan saved at 10:31:13 PM, on 11/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1110100502\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1110100502\EE\AOLSERVICEHOST.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110100502\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.d.../dpcsysinfo.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.dans...B/e-Safekey.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

    Advertisements

Register to Remove


#2 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 04:32 PM

I know you guys are very busy. Do you know when you can have a look at this log. I have scanned with Trend Micro and it does find a virus and ask me to reboot. Once rebooted it go thru all the virusses. When I scan again it is still there. I keep gettin messages that I have received new emails but when I look in my inbox there is nothing there. Roligan

#3 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,180 posts

Posted 04 November 2005 - 06:42 PM

Hello again Roligan,

I have scanned with Trend Micro and it does find a virus and ask me to reboot. Once rebooted it go thru all the virusses. When I scan again it is still there.

Does it tell you the filename and location?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#4 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 08:04 PM

No it just says something like 'Trojan found - you must reboot to finish the process'. Once rebooted this little black window comes up and a long list of virus names scrolls thru the window. It takes probably 45 minutes for this part. Nothing about name or location.

#5 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 08:09 PM

I forgot. When I reboot now I get a message sayig something like 'shlddrv.vxd missing'. I press enter and it reboots fully. This missing file doesn't seem to affect any program negatively. Roligan

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,180 posts

Posted 04 November 2005 - 08:13 PM

Lets try this.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 08:33 PM

Won't work. Only works for Windows 200 or above. I have Windows 98 on this machine.

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,180 posts

Posted 04 November 2005 - 08:47 PM

'shlddrv.vxd is part of Panda re-install Panda and that will also stop the error message.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 09:23 PM

So now that I can't install Ewido what do I do then?

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,180 posts

Posted 04 November 2005 - 09:30 PM

install Panda.
http://www.pandasoft...nload/Software/
That file error you're getting is a Panda Anti-Virus file. There are leftover items in the registry and system.ini. The file isn't a virus. I beleive it's a data file. Did you have Panda at one time and delete it?
After you install it, use Add/Remove Programs and see if the error goes away.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 09:37 PM

Tried to install it. Said I had to un-install McAfee program which I did. Then I tried to install Panda again and then it asked me to un-install Symantec Antivirus which I don't have installed. I have Norton Antivirus which I don't believe is the same. The error must have come when I tried to install Panda last night but decided to abort since I didn't wanted to un-install McAfee. I have a folder under under Program Files called Symantec with a subfolder called Live Update and 5 other files. Not sure how I un-install it. It's not under Add/Remove programs. Can I just delete the folder called Symantec?

#12 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 09:38 PM

Just tried to install Panda again. It says "if you want ot install Panda you need to un-install Symantec Anitvirus which I can't see that I have installed!!!!!!!

#13 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,180 posts

Posted 04 November 2005 - 09:40 PM

Norton Antivirus is by Symantec. Use Add/Remove Programs.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,180 posts

Posted 04 November 2005 - 09:42 PM

Norton Antivirus is by Symantec. Use Add/Remove Programs.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 Roligan

Roligan

    Authentic Member

  • Authentic Member
  • PipPip
  • 193 posts

Posted 04 November 2005 - 09:42 PM

Problem is that if I remove Norton Antivirus then I can't put it back on. It was originally a work version with LiveUpdate which I have just kept after I left the company.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users