idkwhatsgoingon
2009-12-04, 12:01
ok here is the deal, everyone thinks of me as an advanced used, i build computer all the time, but this i cannot figure out, it is driving me crazy!
started a cpl days ago, my fiancee downloaded something and it said it needed a codec, she downloaded the codec and from what she said it went into downloading a license which she clicked on and it disappeared. i personally cant find any out of the ordinary files anywhere. i ran spybot s&d and the only thing it found was a windows security problem, which it then fixed. but its still doing it. i ran avast anti virus and it didnt work the first cpl of times, wouldnt even do a full scan no matter what i tried. i also noticed that scince then ALL of my files on my hard drive which i have partitioned into 2 parts are marked read only, which i can no do anything with them, i went to properties and did the fix, didnt work, i used command prompt to fix attribute, didnt work, i went into safe made to fix it, didnt work. i have admin privileges, only user on the comp, but nothing seems to work. the only thing i can think of is that it is a tricky rootkit. i just finished running hijack this and i will post the log file after this. i truly am at a loss, i have never had a problem i cannot fix, and this makes me feel stupid. everytime i do a search on google or anywhere in firefox click on a site that i know is a good site like cnet, and it redirects me 20 times to some off the wall ad or websearch. it took me 20 mins just to get here. well i dont know any help would be appreciated. here is the hijack this log. but i dont see anything out of the ordinary, does anyone else? please help me asap. i just built this computer for my nephew for xmas and need it running good asap, and really dont want to do a fresh install of xp and lose all the data. sorry forgot this im using windows xp media center edition sp2. 2.66 ghz intel pentium processor 760 mb ram 40gb hd 2 partitions.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:18 AM, on 12/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\program files\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
D:\program files\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
D:\PROGRA~1\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\program files\ashMaiSv.exe
D:\program files\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
D:\program files\firefox.exe
D:\program files\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\program files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\program files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\program files\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\program files\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\program files\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\program files\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\program files\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3347 bytes
==============================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
started a cpl days ago, my fiancee downloaded something and it said it needed a codec, she downloaded the codec and from what she said it went into downloading a license which she clicked on and it disappeared. i personally cant find any out of the ordinary files anywhere. i ran spybot s&d and the only thing it found was a windows security problem, which it then fixed. but its still doing it. i ran avast anti virus and it didnt work the first cpl of times, wouldnt even do a full scan no matter what i tried. i also noticed that scince then ALL of my files on my hard drive which i have partitioned into 2 parts are marked read only, which i can no do anything with them, i went to properties and did the fix, didnt work, i used command prompt to fix attribute, didnt work, i went into safe made to fix it, didnt work. i have admin privileges, only user on the comp, but nothing seems to work. the only thing i can think of is that it is a tricky rootkit. i just finished running hijack this and i will post the log file after this. i truly am at a loss, i have never had a problem i cannot fix, and this makes me feel stupid. everytime i do a search on google or anywhere in firefox click on a site that i know is a good site like cnet, and it redirects me 20 times to some off the wall ad or websearch. it took me 20 mins just to get here. well i dont know any help would be appreciated. here is the hijack this log. but i dont see anything out of the ordinary, does anyone else? please help me asap. i just built this computer for my nephew for xmas and need it running good asap, and really dont want to do a fresh install of xp and lose all the data. sorry forgot this im using windows xp media center edition sp2. 2.66 ghz intel pentium processor 760 mb ram 40gb hd 2 partitions.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:18 AM, on 12/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\program files\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
D:\program files\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
D:\PROGRA~1\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\program files\ashMaiSv.exe
D:\program files\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
D:\program files\firefox.exe
D:\program files\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\program files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\program files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\program files\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\program files\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\program files\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\program files\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\program files\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3347 bytes
==============================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)