Jump to content

Windows 2000 Infection


groton
 Share

Recommended Posts

Hi there,

I need some help with my mother's computer. I used MBAM scanner to remove 3 infections. After that, the computer will no longer connect to the internet, and even though malwarebytes and norton scans now come up clean, I fear that there is a virus that has taken hold. Any help would be appreciated!

I also recieved an error while using defogger, the log is posted below.

DDS:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Neil at 22:44:25.75 on Tue 22/02/2011

Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1023.599 [GMT -5:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe

C:\WINNT\ATKKBService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Creative\SurroundMixer\CTSYSVOL.EXE

C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/

uWindow Title = Microsoft Internet Explorer provided by Sympatico Internet Service

uInternet Settings,ProxyOverride = 127.0.0.1;<local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll

mRun: [synchronization Manager] mobsync.exe /logon

mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [standardInstall]

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [sSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe"

mRun: [NeroCheck] c:\winnt\system32\\NeroCheck.exe

mRun: [AudioHQ] c:\program files\creative\sblive\audiohq\AHQTB.EXE

mRun: [CTSYSVOL] c:\program files\creative\surroundmixer\CTSYSVOL.EXE

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [instantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h

mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit

mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE

dRun: [internat.exe] internat.exe

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

Trusted Zone: motive.com\pbctbc.bc

Trusted Zone: motive.com\pbctbcivr.bc

Trusted Zone: sympatico.ca\assistance

Trusted Zone: sympatico.ca\fix

Trusted Zone: sympatico.ca\rc

Trusted Zone: sympatico.ca\rcfr

Trusted Zone: sympatico.ca\service

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://cfmail.ca/dwa85W.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

TCP: NameServer =

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\d7andnxr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R1 AsUpIO;AsUpIO;c:\winnt\system32\drivers\AsUpIO.sys [2010-5-11 11448]

R1 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-12-19 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-12-19 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2008-5-30 191848]

R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2007-11-2 202088]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2008-5-30 169320]

R2 FastPara;FastPara;c:\winnt\system32\drivers\fastpara.sys [2007-5-13 35008]

R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2007-8-1 139888]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-5-30 1251720]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-15 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110222.002\NAVENG.Sys [2011-2-22 86008]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110222.002\NavEx15.Sys [2011-2-22 1360760]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2007-5-11 49776]

S3 6dbf5996-31ae-4c00-8dfc-0703672899f8;6dbf5996-31ae-4c00-8dfc-0703672899f8;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\winnt\system32\drivers\l150x86.sys [2007-8-30 35328]

S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [2007-5-13 141904]

S3 DbgProxy;Visual Studio Debugger Proxy Service;"c:\program files\microsoft visual studio .net 2003\common7\packages\debugger\dbgproxy.exe" --> c:\program files\microsoft visual studio .net 2003\common7\packages\debugger\dbgproxy.exe [?]

S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-12-19 198416]

=============== Created Last 30 ================

2011-02-23 03:24:32 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2011-02-23 03:09:58 -------- d-----w- C:\Backup for Ccleaner

2011-02-22 23:43:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2011-02-22 23:43:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-02-22 23:43:50 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys

2011-02-22 23:43:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-20 14:48:36 8404896 ----a-w- c:\program files\mozilla firefox\Firefox Setup 3.6.13.exe

2011-02-06 23:24:12 -------- d-----w- c:\docume~1\admini~1\applic~1\Brother

2011-02-06 23:20:14 86016 ----a-r- c:\winnt\system32\QL57F.DLL

2011-02-06 23:20:14 43520 ----a-r- c:\winnt\system32\QL57L.DLL

2011-02-06 23:20:14 290816 ----a-r- c:\winnt\system32\QL57M.EXE

2011-02-06 23:20:14 11776 ----a-r- c:\winnt\system32\QL57M.DLL

2011-02-06 23:16:48 -------- d-----w- c:\program files\common files\Brother

2011-02-06 23:16:33 -------- d-----w- c:\program files\Brother

==================== Find3M ====================

2007-05-23 19:32:42 368512 -c--a-w- c:\program files\ImportContacts.exe

============= FINISH: 22:44:46.12 ===============

Attach.zip

mbam-log-2011-02-22 (22-42-27).txt

defogger_disable.log

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.