New Posts  All Forums:Forum Nav:

Is this a virus?

post #1 of 4
Thread Starter 
I turned on my laptop today, and norton 2009 displayed a message saying that liveupdate failed to initialise and that I should send an error report. However, when I tried to do this, it said that it 'couldn't connect', even though the internet was fine. I tried restarting a few times, but I still can't even launch norton. It's been fine up until now, and I was very pleased with it. Here's the hijackthis report.:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:22, on 20/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\system32\askeng.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Windows\\System32\
undll32.exe
C:\\Windows\\System32\
undll32.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPHelper.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe
C:\\Windows\\system32\\SearchFilterHost.exe
C:\\Users\\Matthew Burke\\Downloads\\HiJackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyOverride = *.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\\Program Files\\Norton Internet Security\\Engine\\16.2.0.7\\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\\Program Files\\Norton Internet Security\\Engine\\16.2.0.7\\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\\Program Files\\Norton Internet Security\\Engine\\16.2.0.7\\coIEPlg.dll
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [NVHotkey] rundll32.exe C:\\Windows\\system32\
vHotkey.dll,Start
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\PROGRA~1\\Java\\JRE16~2.0_0\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\PROGRA~1\\Java\\JRE16~2.0_0\\bin\\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\\Program Files\\Norton Internet Security\\Engine\\16.2.0.7\\coIEPlg.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\\Windows\\System32\\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\\Program Files\\Norton Internet Security\\Engine\\16.2.0.7\\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\Windows\\system32\
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\\Windows\\system32\\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe

--
End of file - 6096 bytes


Thanks in advance
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 D0 @ 4.0Ghz Gigabyte GA-EX58-UD3R‏ HIS Radeon 5850 6GB OCZ Platinum 1600Mhz 
Hard DriveOptical DriveOSMonitor
500GB Samsung Spinpoint Pioneer DVD+/-R/RW Windows 7 Ultimate x64 24"Samsung SM2494HS+Sony Bravia 20" 
KeyboardPowerCaseMouse
Saitek Eclipse II OCZ ModXstreme Pro 700W Modded Antec 900 Logitech MX518 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 D0 @ 4.0Ghz Gigabyte GA-EX58-UD3R‏ HIS Radeon 5850 6GB OCZ Platinum 1600Mhz 
Hard DriveOptical DriveOSMonitor
500GB Samsung Spinpoint Pioneer DVD+/-R/RW Windows 7 Ultimate x64 24"Samsung SM2494HS+Sony Bravia 20" 
KeyboardPowerCaseMouse
Saitek Eclipse II OCZ ModXstreme Pro 700W Modded Antec 900 Logitech MX518 
  hide details  
Reply
post #2 of 4
After a quick glance, I don't see anything potentially harmful. Maybe the update servers were offline for maintenance.
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Penom II X6 1090T @ 4.00 Ghz M4A89TD 890FX R9 380 16 GB 
Hard DriveOptical DriveOSPower
Samsun 840 Pro LITE-ON 20x DVD RW Windows 7 x64 Corsair HX 750 
Case
Fractal Design Define XL 
  hide details  
Reply
Main Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Penom II X6 1090T @ 4.00 Ghz M4A89TD 890FX R9 380 16 GB 
Hard DriveOptical DriveOSPower
Samsun 840 Pro LITE-ON 20x DVD RW Windows 7 x64 Corsair HX 750 
Case
Fractal Design Define XL 
  hide details  
Reply
post #3 of 4
Did you try the Trend Micro HouseCall?

I had a virus once that wouldn't let my antivirus update or sometimes even run, so I just used an online one and it got rid of it.

If you have that Windows Antivirus 2009 Virus, then you won't be able to go to any websites that have anything to do with antivirus....took me a week to get rid of that thing...
11 Seconds
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 @ 3 GHz DFI LP DK P35-T2RS Gigabyte WF3 HD7950 Mushkin XP Ascent 2x2GB 
Hard DriveOptical DriveOSMonitor
Samsung 830 128GB + WD VR 300GB + WD Caviar Bla... Samsung 22x Windows 7 Ultimate x64 47" 120Hz Vizio LCD 
PowerCaseMouseMouse Pad
PC P&C 750W Antec 900 Razer DeathAdder X-Trac Ripper 
  hide details  
Reply
11 Seconds
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 @ 3 GHz DFI LP DK P35-T2RS Gigabyte WF3 HD7950 Mushkin XP Ascent 2x2GB 
Hard DriveOptical DriveOSMonitor
Samsung 830 128GB + WD VR 300GB + WD Caviar Bla... Samsung 22x Windows 7 Ultimate x64 47" 120Hz Vizio LCD 
PowerCaseMouseMouse Pad
PC P&C 750W Antec 900 Razer DeathAdder X-Trac Ripper 
  hide details  
Reply
post #4 of 4
Thread Starter 
everything else on the PC is fine - no annoying popups or slowdowns - I was just wondering if it was anything nasty.
Thanks for your help so far.
Edited by woodpigeon4 - 12/20/08 at 6:34am
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 D0 @ 4.0Ghz Gigabyte GA-EX58-UD3R‏ HIS Radeon 5850 6GB OCZ Platinum 1600Mhz 
Hard DriveOptical DriveOSMonitor
500GB Samsung Spinpoint Pioneer DVD+/-R/RW Windows 7 Ultimate x64 24"Samsung SM2494HS+Sony Bravia 20" 
KeyboardPowerCaseMouse
Saitek Eclipse II OCZ ModXstreme Pro 700W Modded Antec 900 Logitech MX518 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 D0 @ 4.0Ghz Gigabyte GA-EX58-UD3R‏ HIS Radeon 5850 6GB OCZ Platinum 1600Mhz 
Hard DriveOptical DriveOSMonitor
500GB Samsung Spinpoint Pioneer DVD+/-R/RW Windows 7 Ultimate x64 24"Samsung SM2494HS+Sony Bravia 20" 
KeyboardPowerCaseMouse
Saitek Eclipse II OCZ ModXstreme Pro 700W Modded Antec 900 Logitech MX518 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security