Be sure to look this fix over before you begin, since some of the steps will need to be done while in "Safe Mode", and you'll need to download and install programs used in that mode first.
Now double-check and make sure that only those item(s) above are highlighted, then click "
Kill process". Now, click "
Refresh", check again, and repeat this step if any remain.
Now, let's open a
command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u javapr32.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in
red that needs to be removed.
Locate and
delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
Just skip that step and move onto the next one. Hopefully we can get that scan in somewhere towards the end of the cleanup, to help remove things that HiJackThis can't see.
1. Double-click the
mwav.exe icon to run it (
it'll self extract).
2. Click "
Scan".
3. When it completes, post back the results from the 'Virus log information' pane.
Download, unzip to your desktop
About:Buster and run it, then:
Locate
About:Buster that you downloaded earlier and run it, then:
1. Click "
Update".
2. Click "
Check For Update"
(
If no new version is available, skip to step #4.)
3. Click "
Download Update", and wait for it to be installed.
4. Click "
Start".
(
Wait for the initial ADS scan to complete.)
5. Click "Yes", to shutdown any IE session currently open.
(
Wait for the about:blank scan to complete.)
6. Click "
Ok", to scan once more.
7. Click "
Yes", to shutdown any IE sessions currently open.
8. Click "
Yes", to begin the second pass.
9. Click "
Save log", and post this log back along with your new log.
10. Click "
Exit".
11. Click "
Exit".
Run
HiJackThis then:
1. Click "
Config..."
2. Click "
Misc Tools"
3. Click "
Open Process manager"
-
Next, while holding down the
CTRL key, locate (
if present) and click on (
highlight) each of the following:
Now double-check and make sure that only those item(s) above are highlighted, then click "
Kill process". Now, click "
Refresh", check again, and repeat this step if any remain.
Now, let's open a
command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u crvl32.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike.
Message Edited by Midnight Star on 03-06-2005 03:25 PM
Well, I got through all of the steps. The problem I was having when I rebooted - about " Checking file system on C. The file type is NTFS ..." seems to be fixed.
My Internet Explorer home page is still set to About:Blank.
Also, I have now noticed that I can not enable Norton Anti-virus Autoprotect and the Norton E-mail Scan says "error".
Here is my latest HJT Log:
Logfile of HijackThis v1.99.1 Scan saved at 3:52:51 PM, on 3/6/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
It looks like this finally got rid of the About:blank problem. Thanks!!!!
Now the only problem I have is that my Norton Internet Security and Antivirus will not update and are not enabled!! Yikes!! I have searched the symantec site and followed their suggestions - I can't seem to get this fixed. Do I have to repurchase these products?
Here is my last HJT log:
Logfile of HijackThis v1.99.1 Scan saved at 11:55:28 PM, on 3/6/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
I've seen Norton's go down at the drop of a hat when it comes to malware, and the only thing that brings it back is to uninstall, then reinstall it.
-
Let's fix these entries, and if everything is running ok, we should be ready for the final cleanup:
Reboot your computer, and try using different programs and make sure everything is running ok. If your still experiencing problems, post back any concerns or problems you may be having and wait for any advice before continuing with the cleanup.
Download, install and run
Cleanup! from
Steven Gould, then:
1. Click "
Cleanup!"
(
wait for the program to finish scanning your system, and selecting files to be removed.)
2. Exit the program and reboot the computer, if necessary.
-
For more information about using
Cleanup! see
here.
If everything is running ok, let's do the final cleanup...
1. Run "
Disk Cleanup" and allow it to remove everything it finds.
2. If you've downloaded
MicroWorld AV (
MWAV), run it again - but don't scan, just click "
Clear Log" and exit the program.
3. Go to
www.trendmicro.com and click "
Free Online Scan", then "
Scan now, it's free!". When it's downloaded, select all available drives, then check(tick) "
Auto clean", then click "
Scan".
4. Run
AdAware SE Personal and "
perform a full system scan", then
Spybot S&D, and "
Check for Problems". Let them both remove the residual 'problems' left that
HiJackThis couldn't fix.
mkmeier
16 Posts
0
March 5th, 2005 01:00
Midnight Star
4.8K Posts
0
March 5th, 2005 16:00
Hello! and welcome to the Dell forums.
-
Be sure to look this fix over before you begin, since some of the steps will need to be done while in "Safe Mode", and you'll need to download and install programs used in that mode first.
Go to www.trendmicro.com, and then:
1. Click " Free Online Scan".
2. Click " Scan now, it's free".
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) " Auto Clean".
3. Click " Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
Reboot your computer into " Safe Mode"
Next, locate CWShredder that you downloaded earlier and run it, then:
1. Click " Check For Update"
( If an update isn't available, skip to step #4.)
2. Click " Click here to Download the upate".
3. When the new version has been downloaded, click " Save".
4. Click " Fix ->"
Download, unzip to your desktop About:Buster and run it, then:
Locate About:Buster that you downloaded earlier and run it, then:
1. Click " Update".
2. Click " Check For Update"
( If no new version is available, skip to step #4.)
3. Click " Download Update", and wait for it to be installed.
4. Click " Start".
( Wait for the initial ADS scan to complete.)
5. Click "Yes", to shutdown any IE session currently open.
( Wait for the about:blank scan to complete.)
6. Click " Ok", to scan once more.
7. Click " Yes", to shutdown any IE sessions currently open.
8. Click " Yes", to begin the second pass.
9. Click " Save log", and post this log back along with your new log.
10. Click " Exit".
11. Click " Exit".
Reboot your computer normally.
Go to Add/Remove programs and remove(uninstall) the following, if present:
Viewpoint Manager
WildTangent
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.
Next, Open a command prompt by:
1. Clicking " Start", then " Run...".
2. Enter " cmd" ( without the quotes).
3. Enter " services.msc" ( without the quotes).
-
Now, locate and ' stop' the following services, if present:
Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) owner ... ( C:\WINDOWS\system32\netlw32.exe)
Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services.
Run HiJackThis then:
1. Click " Config..."
2. Click " Misc Tools"
3. Click " Open Process manager"
-
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
C:\WINDOWS\system32\winoh.exe
C:\WINDOWS\system32\netlw32.exe
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u javapr32.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vphqc.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vphqc.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vphqc.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vphqc.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vphqc.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vphqc.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vphqc.dll/sp.html#44768
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\family\Application Data\Mozilla\Profiles\default\99jimo0j.slt\prefs.js)
O2 - BHO: (no name) - {4007DA5E-2572-D68C-4339-1BBD30E033C6} - C:\WINDOWS\system32\javapr32.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [winoh.exe] C:\WINDOWS\system32\winoh.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\netlw32.exe
Now, with all windows closed except HiJackThis, click " Fix checked".
When your done, rescan your system and make sure the following isn't present:
N3 - Netscape ... 5CSBWeb_01.src ( or) 5CSBWeb_02.src
If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\Program Files\WildTangent
files...
C:\WINDOWS\system32\winoh.exe
C:\WINDOWS\system32\netlw32.exe
C:\WINDOWS\vphqc.dll
C:\WINDOWS\system32\javapr32.dll
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike.
mkmeier
16 Posts
0
March 5th, 2005 16:00
Midnight Star
4.8K Posts
0
March 6th, 2005 04:00
That seems to be happening alot lately.
-
Just skip that step and move onto the next one. Hopefully we can get that scan in somewhere towards the end of the cleanup, to help remove things that HiJackThis can't see.
-
Mike.
Midnight Star
4.8K Posts
0
March 6th, 2005 19:00
Be sure to look this solution over, since there are a few item(s), i'm not familar with. If you recognize them, omit them from the fix.
-
Let's try this...
Download mwav.exe from MicroWorld, then:
1. Double-click the mwav.exe icon to run it ( it'll self extract).
2. Click " Scan".
3. When it completes, post back the results from the 'Virus log information' pane.
Download, unzip to your desktop About:Buster and run it, then:
Locate About:Buster that you downloaded earlier and run it, then:
1. Click " Update".
2. Click " Check For Update"
( If no new version is available, skip to step #4.)
3. Click " Download Update", and wait for it to be installed.
4. Click " Start".
( Wait for the initial ADS scan to complete.)
5. Click "Yes", to shutdown any IE session currently open.
( Wait for the about:blank scan to complete.)
6. Click " Ok", to scan once more.
7. Click " Yes", to shutdown any IE sessions currently open.
8. Click " Yes", to begin the second pass.
9. Click " Save log", and post this log back along with your new log.
10. Click " Exit".
11. Click " Exit".
Run HiJackThis then:
1. Click " Config..."
2. Click " Misc Tools"
3. Click " Open Process manager"
-
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
C:\WINDOWS\system32\netaf.exe
C:\WINDOWS\system32\netpe32.exe
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u crvl32.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
O2 - BHO: (no name) - {84B31CA2-4ABA-BD58-F6B2-15F1D1739686} - C:\WINDOWS\system32\crvl32.dll
O4 - HKLM\..\Run: [netaf.exe] C:\WINDOWS\system32\netaf.exe
O4 - HKLM\..\RunOnce: [netpe32.exe] C:\WINDOWS\system32\netpe32.exe
O23 - Service: Network Security Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\netlw32.exe (file missing)
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\WINDOWS\system32\netaf.exe
C:\WINDOWS\system32\netpe32.exe
C:\WINDOWS\system32\lgqgn.dll
C:\WINDOWS\system32\crvl32.dll
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike.
Message Edited by Midnight Star on 03-06-2005 03:25 PM
mkmeier
16 Posts
0
March 6th, 2005 19:00
Well, I got through all of the steps. The problem I was having when I rebooted - about " Checking file system on C. The file type is NTFS ..." seems to be fixed.
My Internet Explorer home page is still set to About:Blank.
Also, I have now noticed that I can not enable Norton Anti-virus Autoprotect and the Norton E-mail Scan says "error".
Here is my latest HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 3:52:51 PM, on 3/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\netaf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netpe32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\family\My Documents\aboutbuster\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lgqgn.dll/sp.html#44768
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\family\Application Data\Mozilla\Profiles\default\99jimo0j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\family\Application Data\Mozilla\Profiles\default\99jimo0j.slt\prefs.js)
O2 - BHO: (no name) - {84B31CA2-4ABA-BD58-F6B2-15F1D1739686} - C:\WINDOWS\system32\crvl32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [netaf.exe] C:\WINDOWS\system32\netaf.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\RunOnce: [netpe32.exe] C:\WINDOWS\system32\netpe32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43A13F56-0636-41C9-B886-414029622333}: NameServer = 206.141.193.55 66.73.20.40
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\netlw32.exe (file missing)
Message Edited by mkmeier on 03-06-2005 03:04 PM
mkmeier
16 Posts
0
March 7th, 2005 03:00
It looks like this finally got rid of the About:blank problem. Thanks!!!!
Now the only problem I have is that my Norton Internet Security and Antivirus will not update and are not enabled!! Yikes!! I have searched the symantec site and followed their suggestions - I can't seem to get this fixed. Do I have to repurchase these products?
Here is my last HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:55:28 PM, on 3/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dlbtcoms.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\family\My Documents\aboutbuster\hjt\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\family\Application Data\Mozilla\Profiles\default\99jimo0j.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\family\Application Data\Mozilla\Profiles\default\99jimo0j.slt\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43A13F56-0636-41C9-B886-414029622333}: NameServer = 206.141.193.55 66.73.20.40
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Midnight Star
4.8K Posts
0
March 8th, 2005 22:00
I've seen Norton's go down at the drop of a hat when it comes to malware, and the only thing that brings it back is to uninstall, then reinstall it.
-
Let's fix these entries, and if everything is running ok, we should be ready for the final cleanup:
Reboot your computer, and try using different programs and make sure everything is running ok. If your still experiencing problems, post back any concerns or problems you may be having and wait for any advice before continuing with the cleanup.
Download, install and run Cleanup! from Steven Gould, then:
1. Click " Cleanup!"
( wait for the program to finish scanning your system, and selecting files to be removed.)
2. Exit the program and reboot the computer, if necessary.
-
For more information about using Cleanup! see here.
If everything is running ok, let's do the final cleanup...
1. Run " Disk Cleanup" and allow it to remove everything it finds.
2. If you've downloaded MicroWorld AV ( MWAV), run it again - but don't scan, just click " Clear Log" and exit the program.
3. Go to www.trendmicro.com and click " Free Online Scan", then " Scan now, it's free!". When it's downloaded, select all available drives, then check(tick) " Auto clean", then click " Scan".
4. Run AdAware SE Personal and " perform a full system scan", then Spybot S&D, and " Check for Problems". Let them both remove the residual 'problems' left that HiJackThis couldn't fix.
5. Disable, then re-enable system restore; with a reboot in-between. Then immediately create a new system point manually.
If your having any more problems, post back.
-
Happy surfing,
Mike.