Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Hijack This Log Posted......neads Cleaning


  • Please log in to reply
17 replies to this topic

#1 mrcohs

mrcohs

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 09 November 2007 - 02:43 PM

i was instructed to post this log here and beg for HELP!!!!!!!!





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:58 PM, on 11/9/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...rKQzNsEdZOC1Guq
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: This file contains the mappings of IP addresses to host names. Each
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\9.tmp
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINNT\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Systemey] systemey.exe
O4 - HKCU\..\Run: [Configuration Loader] dezi.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [Systemey] systemey.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Configuration Loader] dezi.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...ica/ext360.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191219759171
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191219942125
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{89CBE5DE-2B6F-40D9-A082-DDD89868863F}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sympatico.ca
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Maria/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Maria/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
O24 - Desktop Component 2: (no name) - http://gfx2.hotmail.com/crs_918.gif

--
End of file - 11513 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 November 2007 - 06:33 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum mrcohs :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This changed in 2006,read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 mrcohs

mrcohs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 10 November 2007 - 10:33 AM

here is the combofix result:


ComboFix 07-11-08.3 - Maria 11/10/2007 9:07:49.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.727 [GMT -5:00]
Running from: C:\Documents and Settings\Maria\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\serj.ANTONIV.000\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\serj.ANTONIV\Favorites\.url
C:\Documents and Settings\serj.ANTONIV\Start Menu\Programs\purityscan
C:\Documents and Settings\serj.ANTONIV\Start Menu\Programs\purityscan\PurityScan.lnk

.
((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-10 09:07 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-09 14:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-09 14:12 <DIR> d-------- C:\WINNT\PCHEALTH
2007-11-09 12:07 <DIR> d-------- C:\WINNT\BDOSCAN8
2007-11-09 11:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-09 11:40 <DIR> d-------- C:\Documents and Settings\Maria\Application Data\SUPERAntiSpyware.com
2007-11-09 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-08 21:38 <DIR> d-------- C:\Documents and Settings\Maria\Application Data\AdobeUM
2007-11-08 21:26 <DIR> d-------- C:\WINNT\Cache
2007-10-25 10:26 53,248 --a------ C:\WINNT\bdoscandel.exe
2007-10-13 22:35 <DIR> d-------- C:\Documents and Settings\Maria\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 14:03 --------- d-----w C:\Program Files\Viewpoint
2007-11-10 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-09 18:24 --------- d-----w C:\Program Files\Kazaa
2007-11-09 16:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 01:07 --------- d-----w C:\Program Files\Java
2007-10-17 23:23 --------- d-----w C:\Program Files\DivX
2007-10-01 20:14 --------- d-----w C:\Program Files\Enigma Software Group
2007-10-01 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-29 14:10 --------- d-----w C:\Program Files\MSN Messenger
2007-09-28 16:07 9,464 ------w C:\WINNT\system32\drivers\cdralw2k.sys
2007-09-28 16:07 9,336 ------w C:\WINNT\system32\drivers\cdr4_2K.sys
2007-09-28 16:07 43,528 ------w C:\WINNT\system32\drivers\pxhelp20.sys
2007-09-24 15:09 --------- d-----w C:\Program Files\Southwest Airlines
2007-09-24 15:09 --------- d-----w C:\Documents and Settings\Maria\Application Data\Southwest Airlines
2007-06-24 17:42 1,059 ----a-w C:\Program Files\INSTALL.LOG
2005-05-31 21:52 25 ----a-w C:\Documents and Settings\serj\RomInfo.dat
2004-06-13 16:30 12 ----a-w C:\Documents and Settings\serj.ANTONIV\UpdateReg.reg
2004-06-10 02:29 40 ----a-w C:\Documents and Settings\Maria\Application Data\tvmcwrd.dll
2004-06-10 02:29 34 ----a-w C:\Documents and Settings\Maria\Application Data\tvmuknwrd.dll
2004-06-09 23:03 172,497 ----a-w C:\Documents and Settings\Maria\Application Data\tvmknwrd.dll
2004-06-09 13:35 172,515 ----a-w C:\Documents and Settings\serj.ANTONIV\Application Data\tvmknwrd.dll
2004-06-06 19:27 38 ----a-w C:\Documents and Settings\Administrator\Application Data\tvmuknwrd.dll
2004-06-06 19:27 168,753 ----a-w C:\Documents and Settings\Administrator\Application Data\tvmknwrd.dll
2003-04-07 08:44 271 ---h--w C:\Program Files\desktop.ini
2003-04-07 08:44 21,952 ---h--w C:\Program Files\folder.htt
2002-07-31 12:00:00 94,784 --sh--w C:\WINNT\twain.dll
2004-11-24 12:32:32 1,238,097 --sha-w C:\WINNT\addins\cvsrc.bak1
2004-11-24 12:33:42 1,238,164 --sh--w C:\WINNT\addins\cvsrc.bak2
2004-11-22 12:49:29 16,392,298 --sha-w C:\WINNT\Help\pagol.bak1
2004-11-22 12:50:25 16,392,298 --sh--w C:\WINNT\Help\pagol.bak2
2003-06-19 19:05:04 1,015,859 --sha-w C:\WINNT\system32\mfc42.dll
1997-07-21 23:30:54 1,045,776 --sha-w C:\WINNT\system32\Msjet35.dll
1997-06-23 07:00:00 123,664 --sha-w C:\WINNT\system32\Msjint35.dll
1997-06-23 16:06:50 24,848 --sha-w C:\WINNT\system32\Msjter35.dll
1997-06-23 16:06:50 252,176 --sha-w C:\WINNT\system32\Msrd2x35.dll
2002-07-31 12:00:00 77,878 --sh--w C:\WINNT\system32\msvcirt.dll
1997-06-23 16:06:50 287,504 --sha-w C:\WINNT\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03-05-05 07:47 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-11-10 12:30 ]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"NvCplScan"="nvsc32.exe" []
"ezShieldProtector for Px"="C:\WINNT\system32\ezSP_Px.exe" [02-08-20 10:29 ]
"POINTER"="point32.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Configuration Loader"="dezi.exe" []
"internat.exe"="internat.exe" [02-07-31 07:00 C:\WINNT\system32\internat.exe]
"NvCplScan"="nvsc32.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 14:06 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Systemey"=systemey.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Systemey"=systemey.exe
"Configuration Loader"=dezi.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R0 SonyMSDK;Sony Network Walkman(SonyMSDK);C:\WINNT\system32\DRIVERS\SonyMSDK.sys
R1 ANVIOCTL;ANVIOCTL;C:\WINNT\system32\DRIVERS\anvioctl.sys
R1 ANVOSDNT;ASUS Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\anvosdnt.sys
R1 ATMhelpr;ATMhelpr;C:\WINNT\system32\drivers\ATMhelpr.sys
R2 PPPoEService;PPPoE Service;C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
R3 bcm4sbe5;ASUSTeK/Broadcom 440x 10/100 Integrated Controller Driver;C:\WINNT\system32\DRIVERS\bcm4sbe5.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINNT\system32\Drivers\NPDRIVER.SYS
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINNT\system32\DRIVERS\ntspppoe.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);C:\WINNT\system32\DRIVERS\alcan5ln.sys
S3 NTSTAP1;NTSTAP1;\??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\NTSTAP1.SYS
S3 RAWESR;RAWESR;\??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\RAWESR.SYS
S3 TAPBIND;TAPBIND;\??\C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\TAPBIND1.SYS

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 15:29:26 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 09:40:17
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Systemey = systemey.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 10:30:07 - machine was rebooted
.
--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 10 November 2007 - 12:58 PM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\WINNT\addins\cvsrc.bak1
C:\WINNT\addins\cvsrc.bak2
C:\WINNT\Help\pagol.bak1
C:\WINNT\Help\pagol.bak2

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Systemey"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Systemey"=-
"Configuration Loader"=""


Also post a new Hijackthis log please
Posted Image
Posted Image

#5 mrcohs

mrcohs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 November 2007 - 05:25 PM

here are the OTmoveit results........in attempting to follow your instruction on save-save file as-all files........i could not complete this because there was no all files available to use.....the file type only gave me the choice of three different web pages and a txt. file........what should i do now?




C:\Program Files\Viewpoint moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
C:\WINNT\addins\cvsrc.bak1 moved successfully.
C:\WINNT\addins\cvsrc.bak2 moved successfully.
C:\WINNT\Help\pagol.bak1 moved successfully.
C:\WINNT\Help\pagol.bak2 moved successfully.

Created on 11/13/2007 17:18:18

#6 mrcohs

mrcohs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 November 2007 - 05:36 PM

here is the new hijack this log after merging the registry and restarting............

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:34 PM, on 11/13/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Configuration Loader] dezi.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [Configuration Loader] (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...ica/ext360.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191219759171
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191219942125
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{89CBE5DE-2B6F-40D9-A082-DDD89868863F}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sympatico.ca
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Maria/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Maria/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
O24 - Desktop Component 2: (no name) - http://gfx2.hotmail.com/crs_918.gif

--
End of file - 10149 bytes

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 13 November 2007 - 07:18 PM

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.

Posted Image

Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.


Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Configuration Loader] dezi.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...ica/ext360.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#8 mrcohs

mrcohs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 November 2007 - 10:49 PM

superantispyware scan here..........bitdefender to follow as soon as it finishes running......

thanks


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2007 at 10:21 PM

Application Version : 3.9.1008

Core Rules Database Version : 3344
Trace Rules Database Version: 1345

Scan type : Quick Scan
Total Scan Time : 00:18:02

Memory items scanned : 388
Memory threats detected : 0
Registry items scanned : 765
Registry threats detected : 6
File items scanned : 18322
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Maria\Cookies\maria@anad.tacoda[2].txt
C:\Documents and Settings\Maria\Cookies\maria@publishers.clickbooth[2].txt
C:\Documents and Settings\Maria\Cookies\maria@eas.apm.emediate[2].txt
C:\Documents and Settings\Maria\Cookies\maria@list[1].txt
C:\Documents and Settings\Maria\Cookies\maria@yadro[1].txt
C:\Documents and Settings\Maria\Cookies\maria@atwola[1].txt
C:\Documents and Settings\Maria\Cookies\maria@richmedia.yahoo[1].txt
C:\Documents and Settings\Maria\Cookies\maria@1069991820[1].txt
C:\Documents and Settings\Maria\Cookies\maria@uemedia[1].txt
C:\Documents and Settings\Maria\Cookies\maria@m1.webstats.motigo[2].txt

Adware.IEPlugin
HKCR\Remove

Adware.F1 Organizer
HKCR\F1.Organizer
HKCR\F1.Organizer\CLSID
HKCR\F1.Organizer\CurVer
HKCR\F1.Organizer.1
HKCR\F1.Organizer.1\CLSID

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 14 November 2007 - 09:35 AM

Are you still with me,are you having problems with BitDefender?
Posted Image
Posted Image

#10 mrcohs

mrcohs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 November 2007 - 10:20 AM

BitDefender Online Scanner



Scan report generated at: Wed, Nov 14, 2007 - 00:22:28





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:33:15

Files
285992

Folders
7675

Boot Sectors
2

Archives
2187

Packed Files
18839




Results

Identified Viruses
11

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
11




Engines Info

Virus Definitions
871571

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.NaviSrch.A

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0001
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0001
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0002
Detected with: Application.Adware.BkdSpace

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0005=>(NSIS o)=>lzma_solid_nsis0005
Detected with: Adware.Bargan.A

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0005=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0005=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\01346555=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0005=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)=>(CAB Sfx r)=>DnldStub.exe
Infected with: Trojan.Downloader.Small.KL

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)=>(CAB Sfx r)=>DnldStub.exe
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)=>(CAB Sfx r)=>DnldStub.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)=>(CAB Sfx r)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)=>(CAB Sfx 2r)
Infected with: Trojan.Whenu.A

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)=>(CAB Sfx 2r)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)=>(CAB Sfx 2r)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2BAB3BA4=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>GetAccess.class
Infected with: Trojan.Exploit.Byteverify.O

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>GetAccess.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>GetAccess.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>InsecureClassLoader.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>InsecureClassLoader.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>Installer.class
Infected with: Java.Trojan.OpenConnection.F

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>Installer.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)=>Installer.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\2CFE4117.zip
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\3DB65854=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.Clicker.Vb.EX

C:\Program Files\Norton AntiVirus\Quarantine\3DB65854=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3DB65854=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3DB65854=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\54CA5692=>(Quarantine-2)=>(Embedded EXE g)
Infected with: Trojan.Sandbox.A

C:\Program Files\Norton AntiVirus\Quarantine\54CA5692=>(Quarantine-2)=>(Embedded EXE g)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\54CA5692=>(Quarantine-2)=>(Embedded EXE g)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\54CA5692=>(Quarantine-2)
Update failed

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 14 November 2007 - 10:37 AM

Great,hows your pc running now,post a new Hijackthis log please.
Posted Image
Posted Image

#12 mrcohs

mrcohs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 November 2007 - 10:42 AM

so far it is running great.........the only problem now seems to be having to refresh pages constantly in order to make the web pages line up as meant to be.......otherwise it is garbage from top of page to bottom.......some of it not legible


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:07 AM, on 11/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [Configuration Loader] (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191219759171
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191219942125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{89CBE5DE-2B6F-40D9-A082-DDD89868863F}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sympatico.ca
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Maria/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Maria/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
O24 - Desktop Component 2: (no name) - http://gfx2.hotmail.com/crs_918.gif

--
End of file - 9356 bytes

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 14 November 2007 - 04:20 PM

Are you using IE6 or Mozilla Firefox when experiencing these issues.
Posted Image
Posted Image

#14 mrcohs

mrcohs
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 November 2007 - 10:03 PM

internet explorer..............not sure which version however

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 15 November 2007 - 07:58 AM

If you have the MS Windows 2000 install disk.
Click Start>Run,type sfc /scannow then press Ok.
Leave a space in between sfc and /scannow
Reboot when you've done.

What happens using Mozilla Firefox:
http://www.mozilla.com/en-US/firefox/

If you're still having issues try a Repair Install:-

Windows 2000 Professional Repair install:
http://www.windows2000.windowsreinstall.com/Repair/

Manual vs Fast Repair in Windows 2000:
http://www.windowsnetworking.com/kbase/Win...indows2000.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users