secure sites, pop-ups and redirects won't work

Discussion in 'Software' started by pntslndkvst, Dec 17, 2004.

  1. pntslndkvst

    pntslndkvst Private E-2

    Hello good people this is my first post to this forum!
    I've been having some problems recently and frankly I don't know where to begin.
    My main problems are I only occasionally manage to access secure sites such as my yahoo mail account, and when I do, I am not able to answer any of my e-mails. And sites that uses pop-ups and/or redirects won't work at all.

    I have absolutely no idea how this has happened, but here are to obvious problems that may or may not be related:

    -I have had some trouble uninstalling my Norton Antivirus completely and investigations into this subject has shown that it seems virtually impossible.
    -Secondly, a very persistent start page hijack, i.e. http://xysearch.biz?wmid=1010

    I would be really really thankful for ny help offered.

    Logfile of HijackThis v1.99.0
    Scan saved at 11:23:53, on 2004-12-17
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Wintab32.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program\AVPersonal\AVGUARD.EXE
    C:\Program\AVPersonal\AVWUPSRV.EXE
    C:\WINNT\System32\ZoneLabs\isafe.exe
    C:\WINNT\system32\crypserv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\smss\Home\svchost.exe
    C:\WINNT\System32\smss\Home\system\smss.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\Microsoft\groups\svchost.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\microsoft\groups\explorer.exe
    C:\WINNT\System32\microsoft\groups\winlogon.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
    C:\WINNT\Acecad\Wtxpload.exe
    C:\WINNT\System32\ZPOINT32.exe
    C:\Program\Winamp\winampa.exe
    C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program\Delade filer\Real\Update_OB\realsched.exe
    C:\WINNT\system32\internat.exe
    C:\Program\Microsoft Office\Office\OSA.EXE
    C:\WINNT\Acecad\xpoint32.exe
    C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program\Internet Explorer\IEXPLORE.EXE
    C:\Program\WinRAR\WinRAR.exe
    C:\DOCUME~1\MARTIN~1\LOKALA~1\Temp\Rar$EX00.648\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.se
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.se
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\_s.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\_s.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=Userinit.exe,
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://mail.yahoo.com"); (C:\Program\Netscape\Users\default\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Camera Detector] C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINNT\Acecad\Wtxpload.exe Acecad
    O4 - HKLM\..\Run: [ZPOINT32] C:\WINNT\System32\ZPOINT32.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\ccleaner.exe" /AUTO
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\DOCUME~1\MARTIN~1\LOKALA~1\Temp\Rar$EX00.461\ToolbarCop.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\DOCUME~1\MARTIN~1\LOKALA~1\Temp\Rar$EX00.461\ToolbarCop.exe (file missing) (HKCU)
    O12 - Plugin for .AVI: C:\Program\Netscape\Communicator\Program\PLUGINS\npavi32.dll
    O12 - Plugin for .swf: C:\Program\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O12 - Plugin for .wmv: C:\Program\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: {0B4EDA83-7EDB-5D63-343A-449A22FF3362} - http://69.50.188.54/1/gdnFR208.exe
    O16 - DPF: {0F7A8DAC-3226-7735-B40B-5BEE34D3CC93} - http://69.50.188.54/1/gdnFR208.exe
    O16 - DPF: {1E87228C-9351-0806-8F8D-596767E57CCC} - http://69.50.188.54/1/gdnFR208.exe
    O16 - DPF: {2165E7DC-67C5-495B-BA41-2AA04A8BA35A} - http://69.50.188.54/1/gdnFR208.exe
    O16 - DPF: {3E2E2766-4683-68E7-7C06-75A4340B7638} - http://69.50.188.54/1/gdnFR208.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
    O19 - User stylesheet: (file missing)
    O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE
    O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINNT\System32\ZoneLabs\isafe.exe
    O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: NS - Unknown - C:\WINNT\System32\ns.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
    O23 - Service: Nt System Kernel - Unknown - C:\WINNT\System32\ntsyskrnl.exe (file missing)
    O23 - Service: Qossrv Packet Scheduler - Unknown - C:\WINNT\system32\smss\Home\svchost.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
    O23 - Service: windbs - Unknown - C:\WINNT\System32\winxtc.exe (file missing)
    O23 - Service: Windows Internet Explorer - Unknown - C:\WINNT\system32\Microsoft\groups\svchost.exe
    O23 - Service: Wintab32 - Unknown - C:\WINNT\System32\Wintab32.exe
     
    pntslndkvst, Dec 17, 2004
    #1
  2. marktheemu

    marktheemu Private E-2

    marktheemu, Dec 17, 2004
    #2
  3. Colemanguy

    Colemanguy MajorGeek

    Also you should post this in the spyware forums.
     
    Colemanguy, Dec 17, 2004
    #3
  4. pntslndkvst

    pntslndkvst Private E-2

    Well, maybe I should, maybe I shouldn't, see I am not sure how much the spyware has to do with my problems.

    And, Mark The Emu, thanks for the link, but if I can, I'd rather keep all symantec stuff off my computer, since I can't remove it, and it conflicts with my present Zone Alarm firewall/virus protection.
     
    pntslndkvst, Dec 18, 2004
    #4
  5. Farbib

    Farbib Corporal

    What's good Pntslndkvst and welcome to Major Geeks, I am sympathetic about your spyware argument. I personally think people jump the gun and say "virus" or "spyware" WAY too quickly. I don't see that on Major Geeks though, and in your case, based on your post, you talked about about a browser hijack, and ya cannot uninstall Norton. Those are symptoms, and worth posting in the spyware forum.

    If they say you're spyware free, and then you still have the browser problem, check back in the software forum, and we'll exhaust all options bro. But right now your browser problem looks to be spyware-related.
     
    Farbib, Dec 18, 2004
    #5
  6. pntslndkvst

    pntslndkvst Private E-2

    ok, I get your drift. cheers.
     
    pntslndkvst, Dec 18, 2004
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds