This whole thing started with something called 123456.exe. Apparently, it disabled my Norton Antivirus and ran itself. I came home to find one open browser window (IE) that was locked up and another that said WebsiteViewer (or something like that).
There was a folder of the same name in my Program Files folder with files called 123456.exe, 123456.ico and a few others. There was a SEX icon on my desktop.
My NAV wasn't able to restart. Symantec "Help" said to Disable System Restore, then Uninstall and Reinstall NAV. Couldn't reinstall it. Just as I rebooted, I noticed the red X on my NAV System Tray icon, but the system restarted and I've been screwed ever since.
I've run AdAware SE, CWShredder, CleanUP, Spybot S&D and cleaned all that stuff up several times. I've run scans from Trendsoft.
Viruses found: Java Bytever.A, Jave Bytever.B, TROJ AGENT.ABS, TROJ NAIL.A, TROJ BUDDY.F. I've deleted them. No returns of the same virus, best I can tell.
I have not upgraded my XP to any Service Pack. I tried when SP1 came out and I couldn't reboot my computer due to an ICQ conflict so I unistalled. I tried again when SP2 came out. Same result. So, I gave up on the whole SP thing. Hence, my low security, I guess.
When I use Intenet Explorer, I get a lot of AURORA Pop-ups. I'm now using Netscape Browser, with NO Aurora Pop-ups since.
I've already remedied some problems such as: missing search companion, error on starting Windows Media Player, inability to find Windows Updates, inability to FIND or Print from a web page in IE.
BUT, these problems still remain.
My CD-ROM, a Lite-On LTR-24102M won't be recognized til I open Device Manger, click thru the tabs, then close it. Device Manager says it is Working and that I have the best driver.
When trying to Install Norton SystemWorks 2003, the process stops responding at "Generating script operations for action: SetupAutoLiveUpdate". I got the support doc from Symantec.com and did a manual uninstall to get all files, but it didn't help.
AND heres the Real Kicker... for various files related to Virus removal and pc scanning, the .exe file won't execute. From anywhere. If I double-click or go to START-RUN... nothing. No warning message. Simply nothing happens. AVG installer, SpyBot & AdAware installers, some other Antivirus and scan type software. Their installer and/or executable Application files simply won't work. Some I can rename and they'll work.
Files that won't do anything when clicked:
Setup.exe (for Norton Systemworks, I copied the Install Disk to my C drive, but no luck with installing.)
spybotsd13.exe (but 'Copy of spybotsd13.exe' will run)
avg70t_308a466.exe (no renamed file will run)
Ad-Aware.exe (but 'Copy of Ad-Aware.exe' will run)
SpybotSD.exe (but 'Copy of SpybotSD.exe' will run)
That's all the info I can think of. Can someone help? Thanks in advance for any efforts.
Chris
Here's my HiJackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:51:55 PM, on 5/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
c:\windows\system32\mqciwg.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\M-Audio MobilePre\MPTask.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.iwon.com/i...=home&SEC=bnav"); (C:\Documents and Settings\Christopher Rose\Application Data\Mozilla\Profiles\default\1t9ugiwe.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Christopher Rose\Application Data\Mozilla\Profiles\default\1t9ugiwe.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: M-Audio MobilePre Control Panel Launcher.lnk = C:\Program Files\M-Audio MobilePre\MPTask.exe
O4 - Global Startup: ScanWizard 5 (2).lnk = C:\Program Files\Microtek\ScanWizard 5\ScanWizard5.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: InfoDaily - file://C:\Program Files\topMoxie\TEMP\infod_script.htm
O8 - Extra context menu item: SchoolCash - file://C:\Program Files\topMoxie\TEMP\scash_script.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: SchoolCash - {011E1110-AF57-11d4-AC1C-E843E6000000} - file://C:\Program Files\topMoxie\TEMP\scash_script.htm (file missing) (HKCU)
O9 - Extra button: InfoDaily - {E81E083C-979E-49cb-A472-C8F29D7CE8D7} - file://C:\Program Files\topMoxie\TEMP\infod_script.htm (file missing) (HKCU)
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforc...XClientUtil.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestat...ab?ver=1,1,0,32
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {EF3C5077-2040-400D-91F7-86603AF00F80} (Cbs32Ctl Object) - http://www.fhm.com/s...MDownloader.ocx
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify214.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe