Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Problems with IE 6 and Outlook

This is a discussion on Problems with IE 6 and Outlook within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I have tried everything I know. I can not access IE or Outlook from my start up menu, and now


 
 
Thread Tools Search this Thread
Old 10-22-2006, 01:02 PM   #1
Guest
 
Join Date: Oct 2006
Posts: 2
OS:



I have tried everything I know. I can not access IE or Outlook from my start up menu, and now I'm having virtual mem problems. I ran Hijackthis and the results are below. Any help would be greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 2:38:21 PM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
C:\WINDOWS\system32\LEXBCES.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://www.seekerbar.com/ie.aspx?tb_id=50154
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Error Expert] C:\Program Files\Error Expert\ErrorExpert.exe /scan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - https://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: https://download.windowsupdate.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1161526029468
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - https://www.formatta.com/download/fillerpresetup.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www.symantec.com/techsupp/act...a/SymAData.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Bromucer - {FD81C2D4-A096-4592-80CD-307D103051A4} - C:\WINDOWS\system32\dotopcal.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Shavlik Remote Scheduler Service (Shavlik Scheduler) - Shavlik Technologies - C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
speedy1 is offline  
Sponsored Links
Advertisement
 
Old 10-22-2006, 10:10 PM   #2
Guest
 
Join Date: May 2006
Posts: 2,506
OS:


Hello speedy1, and welcome to TSF. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Multiple Antivirus
I see you have two or more antivirus programs installed (McAfee, Norton, Windows OneCare Antivirus). Multiple antivirus programs can bog down your system, interfere with each other, and may even cause crashes. I highly recommend you remove all but one of them using the Add/Remove Programs in the Control Panel.


Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.


Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.
  1. Load AVG Anti-Spyware and then click the Shield tab at the top
    • Click on the word active to change it to inactive.
  2. Click the Update tab at the top:
    • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
    • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
  3. Click the Scanner tab at the top and then the Settings sub-tab:
    • Under How to act?, click Recommended actions and select Quarantine.
    • Under Reports, select Automatically generate report after every scan
  4. Close AVG Anti-Spyware. Do not run a scan with it yet.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
Viewpoint
Viewpoint Manager
WeatherBug
Please let me know if any of these were unable to uninstall. WeatherBug is known to show ads on your desktop. When I have cleaned your machine, I will give you a link to a ad-free weather taskbar program that is free and resource light.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://www.seekerbar.com/ie.aspx?tb_id=50154
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O8 - Extra context menu item: &Search - https://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O21 - SSODL: Bromucer - {FD81C2D4-A096-4592-80CD-307D103051A4} - C:\WINDOWS\system32\dotopcal.dll
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following File indicated in RED and Folders indicated in BLUE if they still exist.
C:\Program Files\AWS
C:\Program Files\Viewpoint
C:\WINDOWS\system32\dotopcal.dll

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
    • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
    Click OK.
  • Press the CleanUp! button to start the program.
Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run AVG Anti-Spyware
  • Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on Save Report, then Save Report As. Save the report so that you can find it again (like on the Desktop).
  • Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded, click on NEXT.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database: extended
    • Scan Options: Scan Archives and Scan Mail Bases
  • Click OK
  • Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
  • Now under select a target to scan, select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run all the way.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button and save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. AVG Anti-Spyware scan report,
  2. Kaspersky scan report, and
  3. a new HiJackThis log taken after Kaspersky finishes.
Deckard is offline  
Old 10-24-2006, 03:58 PM   #3
Guest
 
Join Date: Oct 2006
Posts: 2
OS:



Thanks for the reply. After I posted I tried several of those things, but things only got worse. I couldn't get into safe mode and my programs were being corrupted (to inlude my anti virus). I have since taken the computer offline and stated over with my laptop till I can work on the other.
speedy1 is offline  
Sponsored Links
Advertisement
 
Old 10-24-2006, 09:30 PM   #4
Guest
 
Join Date: May 2006
Posts: 2,506
OS:


Well, I'll stay subscribed to this thread. Please let me know if I can be of any further help. Good luck!
Deckard is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:12 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts