Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Another savetheinformation pop-ups issue


  • This topic is locked This topic is locked
3 replies to this topic

#1 Chris-JT

Chris-JT

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 26 October 2007 - 01:31 PM

I have the same problem as "wiremode" who posted on Oct 16 2007, 03:38 PM.

I've tried to follow the same steps, but it seems everytime I try to do a scan, install a new malware remover, or even just run HJT, the program just errors out and things go further south. So, I thought I might ask you guys for some help. Here is my nutshell status:

1. I'm in safe mode, because now no other mode will boot up.
2. Symantec antivirus appears to be removing malware, but I notice symantec's virus definition date is now "blank".
3. I changed HJT to scanner.exe and finally got a log again. Below is my current HJT log...
4. Yes, I have a separate workstation on which I'm communicating with you.

Can you help?

Logfile of HijackThis v1.99.1
Scan saved at 2:10:50 PM, on 10/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Hijackthis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Riddick Engineering Corporation
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - D:\WINNT\system32\mmweoppl.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O2 - BHO: (no name) - {F2A8EFAB-2F2A-4128-96C0-FCA8DEAE10B8} - D:\WINNT\system32\ddcbx.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "D:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [09421dad] rundll32.exe "D:\WINNT\system32\acgkikbb.dll",b
O4 - HKLM\..\RunServices: [helloworld] nb32ext3.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8183] command /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2147] cmd /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1630] command /c del "D:\WINNT\system32\kodsrngn.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC819] cmd /c del "D:\WINNT\system32\kodsrngn.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA82] command /c del "D:\WINNT\system32\dwdsrngt.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2618] cmd /c del "D:\WINNT\system32\dwdsrngt.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2721] command /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3272] cmd /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5210] command /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1263] cmd /c del "D:\WINNT\system32\sdttadne.dll"
O4 - HKLM\..\RunOnce: [VundoFix] "T:\UPGRADES\AntiVirus\VundoFix\vundofix.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6813] command /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1254] cmd /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6799] command /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9519] cmd /c del "D:\WINNT\system32\sdttadne.dllbox"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FlashPath Monitor.lnk = E:\SmartDisk\FlashPath\sdstat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3D679FAC-C75F-11D2-A4D6-00C04F68FE3A} (PJ9enuC Class) - http://mp.usintellig...033/pjcintl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {484A7A26-FDB0-11D0-8D2B-00C04FB92E89} (MS Project Text Conversion Class) - http://mp.usintellig...ts/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131651202055
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://ftp.hp.com/pu...ayer/isetup.cab
O16 - DPF: {EA29E197-44E3-45BE-84C1-5869B67BDE01} (IntraLaunch.MainControl) - file://\\Server-r2\INTERNET\Webpages\riddickeng-com\Intranet\IntraLaunch\sample\IntraLaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = riddickeng.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = riddickeng.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = riddickeng.com
O20 - Winlogon Notify: NavLogon - D:\WINNT\system32\NavLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

    Advertisements

Register to Remove


#2 Chris-JT

Chris-JT

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 26 October 2007 - 05:42 PM

After running combofix in safe mode, system rebooted. However the system just hung even when going into safe mode. Basically system was completely cactus. Sooooooooooooo, I just re-imaged this workstation and all works fine now. I know this isn't a fix that will help most visitors of this site, but I thought I'd better give reason for my solution.

#3 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 26 October 2007 - 08:22 PM

OK, Thanks for letting us know, MrC

#4 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 26 October 2007 - 08:22 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users