Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to access secure sites etc etc


  • Please log in to reply
2 replies to this topic

#1 pntslndkvst

pntslndkvst

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 17 December 2004 - 02:45 AM

Hello good people this is my first post to this forum!
I've been having some problems recently and frankly I don't know where to begin.
My main problems are I only occasionally manage to access secure sites such as my yahoo mail account, and when I do, I am not able to answer any of my e-mails. And sites that uses pop-ups and/or redirects won't work at all.

I have absolutely no idea how this has happened, but here are to obvious problems that may or may not be related:

-I have had some trouble uninstalling my Norton Antivirus completely and investigations into this subject has shown that it seems virtually impossible.
-Secobdly, a very persistent start page hijack, i.e. http://xysearch.biz?wmid=1010

I would be really really thankful for ny help offered.

Logfile of HijackThis v1.99.0
Scan saved at 08:33:22, on 2004-12-17
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Wintab32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program\AVPersonal\AVGUARD.EXE
C:\Program\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\ZoneLabs\isafe.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\smss\Home\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\smss\Home\system\smss.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Microsoft\groups\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\microsoft\groups\explorer.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\System32\microsoft\groups\winlogon.exe
C:\WINNT\explorer.exe
C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINNT\System32\ZPOINT32.exe
C:\Program\Winamp\winampa.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINNT\System32\internat.exe
C:\Program\Microsoft Office\Office\OSA.EXE
C:\Program\WinRAR\WinRAR.exe
C:\DOCUME~1\MARTIN~1\LOKALA~1\Temp\Rar$EX01.789\HijackThis.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.se
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.se
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\_s.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=Userinit.exe,
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://mail.yahoo.com"); (C:\Program\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Camera Detector] C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINNT\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINNT\System32\ZPOINT32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\DOCUME~1\MARTIN~1\LOKALA~1\Temp\Rar$EX00.461\ToolbarCop.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\DOCUME~1\MARTIN~1\LOKALA~1\Temp\Rar$EX00.461\ToolbarCop.exe (file missing) (HKCU)
O12 - Plugin for .AVI: C:\Program\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .swf: C:\Program\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .wmv: C:\Program\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: (HKLM)
O16 - DPF: {0B4EDA83-7EDB-5D63-343A-449A22FF3362} - http://69.50.188.54/1/gdnFR208.exe
O16 - DPF: {0F7A8DAC-3226-7735-B40B-5BEE34D3CC93} - http://69.50.188.54/1/gdnFR208.exe
O16 - DPF: {1E87228C-9351-0806-8F8D-596767E57CCC} - http://69.50.188.54/1/gdnFR208.exe
O16 - DPF: {2165E7DC-67C5-495B-BA41-2AA04A8BA35A} - http://69.50.188.54/1/gdnFR208.exe
O16 - DPF: {3E2E2766-4683-68E7-7C06-75A4340B7638} - http://69.50.188.54/1/gdnFR208.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O19 - User stylesheet: (file missing)
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINNT\System32\ZoneLabs\isafe.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NS - Unknown - C:\WINNT\System32\ns.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Nt System Kernel - Unknown - C:\WINNT\System32\ntsyskrnl.exe (file missing)
O23 - Service: Qossrv Packet Scheduler - Unknown - C:\WINNT\system32\smss\Home\svchost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: windbs - Unknown - C:\WINNT\System32\winxtc.exe (file missing)
O23 - Service: Windows Internet Explorer - Unknown - C:\WINNT\system32\Microsoft\groups\svchost.exe
O23 - Service: Wintab32 - Unknown - C:\WINNT\System32\Wintab32.exe

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:02 AM

Posted 17 December 2004 - 07:57 AM

Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum, here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 pntslndkvst

pntslndkvst
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 18 December 2004 - 01:33 AM

Thank you, I have done this now, please ignore this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users