|
DAL Computer Help
» Internet Security Help
» Spyware, Adware, Viruses and HijackThis Logs
»
Unable to connect to the internet out of safe mode
Unable to connect to the internet out of safe mode
Spyware, Adware, Viruses and HijackThis Logs
13-03-2009, 05:18 AM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Mar 2009
Posts: 17
|
|
|
Unable to connect to the internet out of safe mode
problem is here: INternet only ocnnects in safe mode
Safe Mode:
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12 08 AM, on 3/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hp.windowsmedia.com/MEDIAGUID.../win_media.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher" /Minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8541] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll "
O4 - HKCU\..\RunOnce: [SpybotDeletingD6065] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll "
O4 - HKCU\..\RunOnce: [SpybotDeletingB9797] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7405] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w t3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3437] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD68] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6647] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dl l"
O4 - HKCU\..\RunOnce: [SpybotDeletingD886] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dl l"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8387] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4981] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7025] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5037] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1927] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3721] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6465] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3623] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4206] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7153] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9301] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4612] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB921] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2180] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM030 2Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4364] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM03 02.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9028] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM03 02.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3747] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM03 02.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4255] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM03 02.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4867] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\contro lPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD634] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\contro lPanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4085] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7152] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7151] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9605] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0 302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8248] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobj ect.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1617] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobj ect.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8642] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.d ll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD234] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.d ll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4110] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.d ll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6711] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.d ll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6234] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver. dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4638] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver. dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1722] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost .dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4644] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost .dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7202] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHos tPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9272] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHos tPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5733] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBu ndle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7612] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBu ndle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB755] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver. dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7357] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver. dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7460] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dl l"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3509] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dl l"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9288] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.d ed"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6393] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.d ed"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8380] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine .dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7807] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine .dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1192] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331. cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3220] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331. cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8888] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9183] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB141] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8095] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_ Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7681] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdrive r.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5838] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdrive r.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4255] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtang ent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9355] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtang ent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2245] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini "
O4 - HKCU\..\RunOnce: [SpybotDeletingD2348] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini "
O4 - HKCU\..\RunOnce: [SpybotDeletingB6093] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCt l.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD898] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCt l.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4456] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5871] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1947] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9287] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti. jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1101] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll "
O4 - HKCU\..\RunOnce: [SpybotDeletingD3956] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll "
O4 - HKCU\..\RunOnce: [SpybotDeletingB2680] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5676] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4966] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1334] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug .ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB485] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlP anel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9292] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlP anel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3564] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\d ata.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1804] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\d ata.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9622] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w ebdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2298] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w ebdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4624] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\w t3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4169] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_i nfo\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5471] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_i nfo\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5742] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5833] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB924] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2647] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_ 1_1_Uninstall.cdas"
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193265707609
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemoreeducation.com/bin/tol9inst.cab
O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - http://www.teenkorean.com/Penta/KoreanSecurity.cab
O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} (mr.UserControl1) - http://www.interedu.go.kr/contents/101e/KWK.CAB
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 21749 bytes
|
Normal Mode
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:03 AM, on 3/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hp.windowsmedia.com/MEDIAGUID.../win_media.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher" /Minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193265707609
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemoreeducation.com/bin/tol9inst.cab
O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - http://www.teenkorean.com/Penta/KoreanSecurity.cab
O16 - DPF: {A67C0313-A410-4F39-86E4-25BFCA558B3C} (mr.UserControl1) - http://www.interedu.go.kr/contents/101e/KWK.CAB
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 12413 bytes
|
Last edited by mojay; 13-03-2009 at 05:44 AM.
|
13-03-2009, 11:26 PM
|
 |
Senior Member
|
|
Join Date: Sep 2005
Posts: 5,524
|
|
|
Re: Unable to connect to the internet out of safe mode
Welcome,
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following: - Run Spybot-S&D
- Go to the Mode menu, and make sure "Advanced Mode" is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.
You have two anti-virus programs running, you need to uninstall one of them as much problems can and will happen with two running.
You also need only one firewall if you have two running.
If you did not install this yourself please uninstall Viewpoint Manager, viewpoint etc.
Run hijackthis and click on "scan system only" button and put checks next to these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Please close ALL browser windows (including this one).
Everything closed out but hijackthis and click on "fix checked"
Reboot your PC and post a new hijackthis log from normal mode and tell me what is going on now please.
__________________
Stalking and killing Spyware
Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|
ASAP: promoting a high standard and quality of security support no matter where you seek help.
|
14-03-2009, 05:00 AM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Mar 2009
Posts: 17
|
|
|
Re: Unable to connect to the internet out of safe mode
can you explain which firewalls or antivirus I have running because I uninstalled all of them I should only have windows firewall and avira
|
17-03-2009, 12:46 AM
|
|
Senior Member
|
|
Join Date: Sep 2005
Posts: 5,524
|
|
|
Re: Unable to connect to the internet out of safe mode
From your hijackthis log:
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
OO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
023 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
What is going on now?
Norton uninstaller:
http://service1.symantec.com/Support...05033108162039
__________________
Stalking and killing Spyware
Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|
ASAP: promoting a high standard and quality of security support no matter where you seek help.
|
18-03-2009, 06:46 PM
|
|
Senior Member
|
|
Join Date: Sep 2005
Posts: 5,524
|
|
|
Re: Unable to connect to the internet out of safe mode
Did you try any way to run the removal tool without the key?
Is Norton showing in your add/remove program? If so uninstall from there if removal tool will not work.
You can always disable Norton for now also.
Enabling or disabling Norton Internet Security or Norton Personal Firewall
I need a new hijackthis log after performing the fixes I suggested.
__________________
Stalking and killing Spyware
Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|
ASAP: promoting a high standard and quality of security support no matter where you seek help.
|
19-03-2009, 12:09 AM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Mar 2009
Posts: 17
|
|
|
Re: Unable to connect to the internet out of safe mode
ok I removed all the Norton products
Last edited by mojay; 19-03-2009 at 12:34 AM.
|
20-03-2009, 08:51 PM
|
|
Senior Member
|
|
Join Date: Sep 2005
Posts: 5,524
|
|
|
Re: Unable to connect to the internet out of safe mode
I need two things:
1. What is going on now?
2. Hijackthis log if further problems exist.
Thanks.
__________________
Stalking and killing Spyware
Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|
ASAP: promoting a high standard and quality of security support no matter where you seek help.
|
26-03-2009, 01:24 AM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Mar 2009
Posts: 17
|
|
|
Re: Unable to connect to the internet out of safe mode
ok I will post one here in a bit
|
27-03-2009, 10:58 AM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Mar 2009
Posts: 17
|
|
|
Re: Unable to connect to the internet out of safe mode
Ok it is actually working in normal mode now if I were try to get my firewall back could it affect the connection again or would you say norton was the problem
thank you very much by the way I really appreciate the help
|
 |
|
All times are GMT +1. The time now is 11:40 PM.
|
|
