1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't logon to Norton/Symatec Sites

Discussion in 'Virus & Other Malware Removal' started by WillowCreek, Apr 4, 2010.

Thread Status:
Not open for further replies.
  1. WillowCreek

    WillowCreek Thread Starter

    Joined:
    Apr 3, 2010
    Messages:
    1
    I can't logon to www.norton.com, www.symantec.com, or www.avg.com, an vartiations. When I put any of them in the Address bar and click Go, I get redirected to Google with search results for the site entered. Also, anytime I try to get to an antivirus site, I get "The page cannot be displayed" with a "Cannot find server or DNS Error" message, as well as "Unknown error".

    Root cause info: I wanted to defrag my 12Gb. drive, but had insufficient space to do it. I fount about 7Gb. of space taken up mostly by NAV 2005 antivirus library extensions. So I de-installed NAV 2005, deleted all the extensions, and defragged the drive. Now I have 8Gb. free. Then I tried to download a fresh version of NAV 2006, which turned out not to be compatible with my Windows/2000 config. I was directed to download NAV 2005, had problems doing that (56kb dial up speed may have corrupted the file), and downloaded a Free Download Manager for another attempt at NAV 2005. The Symantec support folks then used their FDM to download NAV 2005, installed, and it came up already expired. Then they couldn't extend my license due to some problem connecting with their own server, and told me to check back the next day. The Symantec support line requires a lot of patience... and I ran out 3 days latrer :(

    Frustrated, I decided to try AVG as an alternative, and downloaded a free copy of AVG from www.avg.com. I tried installing it and found it incompatible with my W/2000 config. Then I went back to Symantec support, and discovered the logon problem.

    Consequently, my NAV 2005 works, but is out of date (Virus Definitions 8/11/2004) and detects no virus infections. I try to update the definitions, but can't get to the Symantec site to synch with their server.

    Then, I followed the Tech Support Guy thread from BuscuitsNGravy, downloaded and ran ComboFix (see log below), downloaded and ran Malwarebytes' Anti-Malware (zero object infected for both the quick and full scans), and still have the redirect to Google.

    Not sure what to do next. Here's the log:
    ComboFix 10-04-02.01 - Wayne Philpott 04/03/2010 12:51:09.1.1 - x86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.191.93 [GMT -5:00]
    Running from: c:\downloads\Software\ComboFix.exe
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\winnt\patch.exe
    c:\winnt\system32\.exe
    c:\winnt\system32\svhost.exe
    c:\winnt\system32\sys.txt
    c:\winnt\Web\default.htt
    c:\winnt\system32\comres.dll . . . is infected!!
    c:\winnt\system32\comres.dll . . . is infected!!
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
    .
    2010-04-03 17:48 . 2010-04-03 17:48 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_4a0.dat
    2010-04-01 02:53 . 2010-04-01 03:02 -------- d-----w- c:\program files\Norton AntiVirus
    2010-04-01 02:52 . 2004-08-26 19:03 83168 ----a-w- c:\winnt\system32\S32EVNT1.DLL
    2010-04-01 02:52 . 2004-08-26 19:03 104144 ----a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
    2010-03-30 05:48 . 2010-04-01 03:02 -------- d---a-w- c:\winnt\LMI18.tmp
    2010-03-30 04:16 . 2010-03-30 05:43 -------- d-----w- C:\Downloads
    2010-03-30 02:24 . 2010-04-03 18:03 -------- d-----w- c:\documents and settings\Wayne Philpott\Application Data\Free Download Manager
    2010-03-30 02:24 . 2010-03-30 05:35 -------- d-----w- c:\program files\Free Download Manager
    2010-03-28 23:20 . 2010-03-28 23:20 -------- d-----w- c:\program files\SBC Yahoo!
    2010-03-28 23:20 . 2010-03-28 23:20 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\SBC Yahoo!
    2010-03-28 23:19 . 2010-03-28 23:19 -------- d-----w- c:\winnt\winsxs
    2010-03-27 21:56 . 2010-04-01 02:55 -------- d-----w- c:\program files\Symantec
    2010-03-27 20:58 . 2010-03-28 23:52 -------- d---a-w- c:\winnt\LMI88.tmp
    2010-03-26 03:58 . 2010-03-28 23:52 -------- d---a-w- c:\winnt\LMI41.tmp
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-01 03:17 . 2005-09-06 05:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-04-01 02:53 . 2005-09-06 07:32 10344 ----a-w- c:\winnt\system32\drivers\symlcbrd.sys
    2010-03-27 20:40 . 2005-09-06 05:22 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Symantec
    2010-03-14 20:58 . 2009-05-10 22:09 -------- d-----w- c:\program files\AT&T Worldnet Accelerator
    2010-03-13 18:27 . 2005-09-04 07:48 -------- d-----w- c:\program files\Hewlett-Packard
    2010-03-13 18:24 . 2005-09-04 07:52 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-13 18:19 . 2006-09-16 01:46 -------- d-----w- c:\program files\Wireless LAN Utility
    2010-03-13 18:15 . 2005-11-28 03:38 -------- d-----w- c:\program files\Common Files\Real
    2005-08-31 21:48 . 2005-08-31 21:48 21952 ---h--w- c:\program files\folder.htt
    2007-07-28 19:09 . 2007-07-28 19:07 61545 --sha-r- c:\winnt\eraseme_86784.exe
    1999-12-07 12:00 . 1999-12-07 12:00 94784 --sh--w- c:\winnt\twain.dll
    1999-12-07 12:00 . 1999-12-07 12:00 44816 --sh--w- c:\winnt\twain_32.dll
    2007-07-28 19:17 . 2007-07-28 19:10 61545 --sha-r- c:\winnt\system32\eraseme_86784.exe
    2003-06-19 19:05 . 1999-12-07 12:00 161814 --sha-r- c:\winnt\system32\hgktdg.dll
    2003-06-19 19:05 . 2005-09-02 08:14 1015859 --sh--w- c:\winnt\system32\mfc42.dll
    1999-12-07 12:00 . 1999-12-07 12:00 77878 --sh--w- c:\winnt\system32\msvcirt.dll
    2003-06-19 19:05 . 1999-12-07 12:00 626960 --sh--w- c:\winnt\system32\OLEAUT32.DLL
    2003-06-19 19:05 . 2005-09-02 08:15 164112 --sh--w- c:\winnt\system32\OLEPRO32.DLL
    2003-06-19 19:05 . 2005-09-02 08:15 11024 --sh--w- c:\winnt\system32\REGSVR32.EXE
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QAGENT"="c:\quickenw\QAGENT.EXE" [1998-08-25 41472]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-13 1101824]
    "NeroCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 77824]
    "Propel Accelerator"="c:\program files\AT&T Worldnet Accelerator\trayctl.exe" [2005-06-16 28672]
    "AT&T Dial Connection Manager"="c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2008-06-03 1457256]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 58488]
    "SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]
    c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Billminder.lnk - c:\quickenw\BILLMIND.EXE [2005-9-5 30208]
    BlackICE PC Protection.lnk - c:\program files\ISS\BlackICE\blackice.exe [2006-12-17 778240]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    PKZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\9.00.0010\PKTray.exe [2005-12-20 169552]
    Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2005-9-5 27136]
    R?2 mxbhxwm;Network Center;c:\winnt\system32\svchost.exe -k netsvcs [12/7/1999 7:00 AM 7952]
    R2 BlackICE;BlackICE;c:\program files\ISS\BlackICE\blackd.exe [12/17/2006 1:22 AM 1229430]
    R2 BsUDF;InCD UDF Driver;c:\winnt\system32\drivers\bsudf.sys [9/4/2005 2:42 AM 379038]
    R3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\winnt\system32\drivers\el575ND5.sys [8/30/2005 8:55 PM 77072]
    R3 maestro;ESS Maestro Audio Driver (WDM);c:\winnt\system32\drivers\maestro.sys [8/30/2005 9:28 PM 48368]
    R4 black;black;c:\winnt\system32\drivers\blackdrv.sys [9/5/2005 1:03 PM 229331]
    S0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);c:\winnt\system32\DRIVERS\SONYPVM1.SYS --> c:\winnt\system32\DRIVERS\SONYPVM1.SYS [?]
    S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/20/2004 6:47 AM 98304]
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/20/2004 5:40 AM 118784]
    S3 hpoid407;IEEE-1284.4 Driver hpoid407;c:\winnt\system32\drivers\hpoid407.sys [9/4/2005 2:53 AM 50480]
    S3 hpoius07;USB to IEEE-1284.4 Translation Driver hpoius07;c:\winnt\system32\drivers\hpoius07.sys [9/4/2005 2:53 AM 18992]
    S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [8/31/2006 7:24 PM 24784]
    S3 PSEXESVC;PSEXESVC;c:\winnt\system32\PSEXESVC.EXE [9/25/2006 8:51 PM 61440]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\winnt\system32\drivers\PTDUBus.sys [12/21/2008 7:05 PM 29824]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\winnt\system32\drivers\PTDUMdm.sys [12/21/2008 7:05 PM 41344]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\winnt\system32\drivers\PTDUVsp.sys [12/21/2008 7:05 PM 39936]
    S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\winnt\system32\drivers\PTDUWFLT.sys [12/21/2008 7:05 PM 5120]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\winnt\system32\drivers\PTDUWWAN.sys [12/21/2008 7:05 PM 59776]
    S3 RapDrv;RapDrv;c:\winnt\system32\drivers\RapDrv.sys [12/17/2006 1:22 AM 104968]
    S3 RapFile;RapFile;c:\winnt\system32\drivers\RapFile.sys [9/5/2005 1:03 PM 36644]
    S3 RapNet;RapNet;c:\winnt\system32\drivers\RapNet.sys [9/5/2005 1:03 PM 24344]
    S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [9/2/2005 3:16 AM 49776]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    mxbhxwm
    .
    Contents of the 'Scheduled Tasks' folder
    2010-04-03 c:\winnt\Tasks\Norton AntiVirus - Scan my computer - Wayne Philpott.job
    - c:\progra~1\NORTON~1\Navw32.exe [2004-08-30 23:34]
    2010-04-03 c:\winnt\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2010-04-01 22:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://webmail.att.net/wmc/en-US/v/wm/4A0755EA000D6C78000015B72223068222?cmd=List&sid=c0&from=wmgoto
    uInternet Settings,ProxyServer = http=localhost:8080
    uInternet Settings,ProxyOverride = <local>
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Refresh Pa&ge with Full Quality - c:\program files\AT&T Worldnet Accelerator\pac-page.html
    IE: Refresh Pi&cture with Full Quality - c:\program files\AT&T Worldnet Accelerator\pac-image.html
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    LSP: %SystemRoot%\system32\msafd.dll
    Trusted Zone: aol.com\free
    TCP: {4FC4BC81-B3B7-4C8E-AEE5-D3BCAD42744B} = 68.94.156.1 68.94.157.1
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-03 13:09
    Windows 5.0.2195 Service Pack 4 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mxbhxwm]
    "ServiceDll"="c:\winnt\system32\hgktdg.dll"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(188)
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL
    .
    Completion time: 2010-04-03 13:16:54
    ComboFix-quarantined-files.txt 2010-04-03 18:16
    Pre-Run: 8,475,230,208 bytes free
    Post-Run: 8,577,572,864 bytes free
    - - End Of File - - 64A126D8CEA0418A608167998E49017E
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914659

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice