Then i started getting MS-Dos windoms popping up giving me an error, the files executing the dos windows were d2.exe and msras.exe, the error is saying that:
"D:\Windows\system32\autoexexec.nt The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'close' to terminate the application."
And since this has started happening my notepad application no longer works and cant be found .
Iam also getting hit with spy shrief. I have norton internet security thats a bit behind but i regularly run Spybot S&D. My IE setting keep getting changed so its attempting to go through a proxy which disables my cable internet and i have to uncheck the option each time i want to get IE to work and my homepage keeps being reset to about blank. I downloaded HiJack This and this is my most recent log File.
Logfile of HijackThis v1.99.1
Scan saved at 11:59:51 AM, on 11/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Norton Internet Security\NISUM.EXE
C:\Norton Internet Security\ccPxySvc.exe
D:\WINDOWS\runservice.exe
C:\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\iau.exe
D:\WINDOWS\stisvsq.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\svshost.exe
D:\WINDOWS\msqdevl.exe
D:\WINDOWS\lssas.exe
D:\WINDOWS\mservice.exe
D:\WINDOWS\ntte.exe
D:\WINDOWS\system32\iprv32.exe
D:\DOCUME~1\Darryl\LOCALS~1\Temp\42.tmp
D:\DOCUME~1\Darryl\LOCALS~1\Temp\47.tmp
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Darryl\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\spvox.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\spvox.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\spvox.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\spvox.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\spvox.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\spvox.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\spvox.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {10DCC715-144C-791B-2D49-E90623087893} - D:\WINDOWS\system32\atlje.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65EDB2D8-B7F1-4684-A6D1-7B0912956E4A} - D:\WINDOWS\System32\okh.dll (file missing)
O2 - BHO: Class - {66D4D570-CA0D-A697-05AF-9C46ECFF8539} - D:\WINDOWS\netvc32.dll
O2 - BHO: (no name) - {70FF3EFE-DA55-9454-06B3-A85C8215A251} - D:\WINDOWS\System32\1aOMRMtp.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [iprv32.exe] D:\WINDOWS\system32\iprv32.exe
O4 - HKLM\..\Run: [42.tmp] D:\DOCUME~1\Darryl\LOCALS~1\Temp\42.tmp.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\d2.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AOL Instant Messaenger\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O21 - SSODL: System - {DC0FE0C4-4658-44AD-8D52-9B0B469C68B5} - D:\WINDOWS\system32\system32.dll
O21 - SSODL: GjKUYmLpTG - {70FF3EF8-DA55-9452-4D2F-97708215A24E} - D:\WINDOWS\System32\erv.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\ntte.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Norton Internet Security\ccPxySvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - D:\WINDOWS\runservice.exe
O23 - Service: MD Simple Burner DB Access Service (mdrcdb) - Unknown owner - C:\Sony\MD Simple Burner\mdrcdb.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - D:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Security Agent (scagent) - Unknown owner - D:\WINDOWS\system32\scagent.exe" start (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
My windows seems to be running a tad slower then usual and i notice alot of processes running although i may only have like AIM, WoW and WinAmp running although Norton Internet Security does have like 6 process or something. Any help would be appriciated guys, thx in advance.
Edited by Rhodar, 01 November 2005 - 02:21 PM.