Results 1 to 5 of 5

Thread: Computer Infections. Norton Can't even complete scan.

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    2

    Default Computer Infections. Norton Can't even complete scan.

    So Norton can't even complete a scan on my computer. In my Local Setting, Temp, Temporary Internet... It shuts down and nothing. Same Happens if i manually go to delete the files. It just wont let me. My desktop is being retarded with some Sunspy advertisement. Surfing the Net is a pain in the ass cause it links me stupid places... And computer runs at slower speed then usual. not sure what else is up, but thats the basics. oh and i get a dll error when computer boots up.

    This is my log. THANKS !!!!

    can saved at 2:20:11 PM, on 7/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
    R3 - URLSearchHook: (no name) - {C6107E85-3D98-0F23-4EC2-6BF1BD943019} - sysmon12.dll (file missing)
    R3 - URLSearchHook: (no name) - {AFFD8567-7032-69E4-1080-A529A74DD7D9} - WhatsNewBot.dll (file missing)
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [34763] AppMasterCenter.exe
    O4 - HKLM\..\Run: [StartCpl] prcmon.exe
    O4 - HKLM\..\Run: [CToolBar] startman.exe
    O4 - HKLM\..\Run: [install2] ATLIEHELPER.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [dmlst.exe] C:\WINDOWS\system32\dmlst.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
    O4 - HKCU\..\Run: [SYSTRAV] new32.exe
    O4 - HKCU\..\Run: [ftbar] srbho.exe
    O4 - HKCU\..\Run: [_ctcp] backd.exe
    O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
    O4 - HKCU\..\Run: [dialer423] xsetup.exe
    O4 - HKCU\..\Run: [barint] MONITER.exe
    O4 - HKCU\..\Run: [newbreed] install2.exe
    O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZZ
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...9x/AvSniff.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E4E1252-D78C-4910-9CDD-56CFFD89C20E}: NameServer = 85.255.113.206,85.255.112.76
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5EF1CB0F-E646-428E-A3B3-ACA44B7B8D89}: NameServer = 85.255.113.206,85.255.112.76
    O17 - HKLM\System\CCS\Services\Tcpip\..\{77B5D694-D0A2-4795-A074-87EB2524795D}: NameServer = 85.255.113.206 85.255.112.76
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB19B04-02C6-4519-A5F1-3E4E959F6A43}: NameServer = 85.255.113.206,85.255.112.76
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  2. #2
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello CapriceGod,

    Welcome to Safer Networking Forums

    You have several different infections present here. Before we go any further, I hate to the bearer of bad news, but your log shows a very dangerous Trojan is residing on your PC.

    Described here http://www.liutilities.com/products/...rary/ibm00001/ as Trojan.W32.Torpig
    The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP. The Trojan downloads and executes additional files from a remote site. Configuration files may also be downloaded which define further behaviors.

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, Your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do.

    Thanks,
    tea

  3. #3
    Junior Member
    Join Date
    Jul 2006
    Posts
    2

    Default

    Well, i like everything to perfect so re-install... but all these driver downloads and all... GRrrrr its confusing to start.

  4. #4
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello,

    I know it's a pain, but you'll know your computer is clean.

    Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

    AVG, Avira OR Avast are good FREE antivirus.
    Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

    You should definitely maintain a firewall. Some good free firewalls are ZoneAlarm, or Outpost
    A tutorial on understanding and using firewalls may be found here.

    Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

    In order to protect yourself against spyware, you should consider installing and running the following free programs:

    SpywareBlaster
    A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

    SpywareGuard
    A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

    Ad-Aware SE
    A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

    Spybot-Search & Destroy
    A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

    IE/Spyad:
    It places over 5000 malicious websites and domains in your IE's restricted zone.
    IE/Spyad

    Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

    * Avoid illegal sites, because that's where most malware is present.
    * Don't click on links inside popups.
    * Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
    * Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

    Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
    http://www.mozilla.org/products/firefox/

    Please make sure to run your antivirus software regularly, and to keep it up-to-date.

    Take care!
    tea

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    This topic has been closed to prevent others with similar issues posting in it.
    If you need it re-opened please send me or your helper a pm and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •