Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Microsoft Word document is 0 kb in size  (Read 13898 times)

0 Members and 1 Guest are viewing this topic.

dl65

  • R.I.P.


    • Prodigy

    Thanked: 18
    Re: Microsoft Word document is 0 kb in size
    « Reply #15 on: June 19, 2006, 04:44:29 PM »
    JanieRyan...... Before you go any further , Shut off System restore on all drives , I fear they are infected . Next reboot into SAFE MODE  and run your anti virus  ....removing anything it finds.

    Then reboot back into normal and ...open Ewido, make sure its updated and then do a full system scan

    Here's what should be fixed using hijackthis ........

    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)    
      
     
    R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)    

    O2 - BHO: (no name) - SOFTWARE - (no file)  

    O2 - BHO: - {26D4D48D-B8FC-4512-B18F-E24123783782} - C:\WINDOWS\lbbho.dll (file missing)    

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - ŚC:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)  


    O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /nocomm    
       [highlight]Added as result of a Troj/Dluca-C dialer/trojan infection [/highlight]

      
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm  

    O4 - HKLM\..\Run: [Modeminf] c:\windows\system32\modeminf.exe    [highlight]another tojan result [/highlight]

    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

    018  entries  [highlight]remove all of them and consider removing Desktop messenger and try reinstalling [/highlight]
    Make sure that they are all marked and then click fix marked ..........


    Let us know how you make out , another hijackthis scan may be required.

    dl65  ::)
    « Last Edit: June 19, 2006, 05:31:20 PM by dl65 »
    Logged
    If you don't know the answer, it isn't a dumb question.

    thetwinkster

    • Guest
    Re: Microsoft Word document is 0 kb in size
    « Reply #16 on: June 19, 2006, 05:07:14 PM »
    Here's yet another HJT log.  Hopefully the last one.  Everything that has been suggested has been done.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:02:19 PM, on 6/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\MMKeybd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HJT\HijackThis.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO:   - {26D4D48D-B8FC-4512-B18F-E24123783782} - C:\WINDOWS\lbbho.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -   ŚC:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
    O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /nocomm
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Mscolour] c:\windows\system32\mscolour.exe
    O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
    O4 - HKLM\..\Run: [Modeminf] c:\windows\system32\modeminf.exe
    O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Deskt
    Logged

    thetwinkster

    • Guest
    Re: Microsoft Word document is 0 kb in size
    « Reply #17 on: June 19, 2006, 05:08:07 PM »
    Log #2

    O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com/plugins/Plugin0501.0082/streetnoagent7.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {E2D1AA6F-13E4-4DB3-A651-39EF812D5C31} - http://bspa.pits.ca/update510to520/setup.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O18 - Protocol: bw+0 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    Logged

    thetwinkster

    • Guest
    Re: Microsoft Word document is 0 kb in size
    « Reply #18 on: June 19, 2006, 05:08:48 PM »
    Log # 3

    O18 - Protocol: bwx0s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {850D2178-B691-465E-80E1-EC3EB610FC62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Thanks!!!!
    Logged

    dl65

    • R.I.P.


      • Prodigy

      Thanked: 18
      Re: Microsoft Word document is 0 kb in size
      « Reply #19 on: June 19, 2006, 05:15:48 PM »
      JanieRyan......  Before I run throught this logfile again  , what was found in safe mode by the AV app?
      You did remove all the items I detailed with hijackthis didnt you , because they all appear to still be there ?
      What was found in normal mode with Ewido ?

      Why are all those Desktop messenger entries still there ?
      Did you remove it as I suggested ?

      dl65  ::)
      « Last Edit: June 19, 2006, 05:28:11 PM by dl65 »
      Logged
      If you don't know the answer, it isn't a dumb question.

      thetwinkster

      • Guest
      Re: Microsoft Word document is 0 kb in size
      « Reply #20 on: June 20, 2006, 08:25:30 AM »
      Hacker,
      Sorry, I didn't see your post until after I posted the last log file.  I was looking at Sage's post that requested I post the log again after I fixed all the stuff found by Edwido.  
      I will attempt to delete the things you stated in your post.  I've never used HJT before, so I'll see if I can figure out how to delete them as you've said.
      In safe mode my AV found nothing - all was good.
      In normal mode, the things that were found by Edwido have all been fixed/quarantined so I don't remember what they were.
      Like I said, I will fix what you've said, and then post another log file.
      Thanks for your help (and patience). :)
      Logged

      thetwinkster

      • Guest
      Re: Microsoft Word document is 0 kb in size
      « Reply #21 on: June 20, 2006, 09:23:30 AM »
      I did another CCleaner, Ewido and AV scan, deleted the items in HJT, and have another log file (after) everything was completed.  Hopefully this is the last log file post and everything is now good.  I'll wait eagerly to hear if all is well.
      Thanks

      Logfile of HijackThis v1.99.1
      Scan saved at 8:49:30 AM, on 6/20/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\MMKeybd.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\WINDOWS\system32\ezSP_Px.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\Netropa\OSD.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
      C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
      C:\WINDOWS\Nhksrv.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\WINDOWS\System32\svchost.exe
      c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
      C:\Program Files\HJT\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
      O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /nocomm
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Mscolour] c:\windows\system32\mscolour.exe
      O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
      O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
      O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] \Program\
      O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
      O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
      Logged

      thetwinkster

      • Guest
      Re: Microsoft Word document is 0 kb in size
      « Reply #22 on: June 20, 2006, 09:24:10 AM »
      Log File #2,

      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
      O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
      O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com/plugins/Plugin0501.0082/streetnoagent7.cab
      O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
      O16 - DPF: {E2D1AA6F-13E4-4DB3-A651-39EF812D5C31} - http://bspa.pits.ca/update510to520/setup.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
      O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

      Thanks !!!
      Logged

      dl65

      • R.I.P.


        • Prodigy

        Thanked: 18
        Re: Microsoft Word document is 0 kb in size
        « Reply #23 on: June 20, 2006, 02:25:33 PM »
        JanieRyan......... for some reason this entry wasn't removed . I don't know if you missed marking it or it's just being persistant .
        Before you attempt to remove it again with hijackthis , go into control panel / add/remove programs and see if theres anything in the that looks like ..........  [highlight]Mscnt[/highlight]   if there is uninstall it .

        O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /nocomm

        So lets try it again ........ make sure there is a check mark in the box in front of it and then click on the "fix checked box".

        Now , before you do another hijackthis scan , go into [highlight]c:\windows\system32\[/highlight]   and see if there is an entry called mscnt.exe .  Hope fully there will not be one ........ if there is delete it .

        Now then run hijackthis again and see if that 04 entry is now gone .


        let us know .

        dl65  ::)
        Logged
        If you don't know the answer, it isn't a dumb question.

        thetwinkster

        • Guest
        Re: Microsoft Word document is 0 kb in size
        « Reply #24 on: June 20, 2006, 02:59:46 PM »
        I went into the areas you indicated and there was nothing there that I needed to delete.
        I ran a HJT scan again, deleted the entry, ran a scan again and now it is gone.

        Now what?  Am I fixed?  :D

        Thanks
        Logged

        dl65

        • R.I.P.


          • Prodigy

          Thanked: 18
          Re: Microsoft Word document is 0 kb in size
          « Reply #25 on: June 20, 2006, 03:36:05 PM »
          JanieRyan......  Well done ....... Your system appears to be clean again .......
          You should remember to turn back on System Restore on all drives .
          Create a test doc and check to be sure things are working ok.

          dl65  ::)
          « Last Edit: June 20, 2006, 03:38:23 PM by dl65 »
          Logged
          If you don't know the answer, it isn't a dumb question.

          thetwinkster

          • Guest
          Re: Microsoft Word document is 0 kb in size
          « Reply #26 on: June 20, 2006, 03:51:18 PM »
          Thanks for all your help !!
          This forum is excellent, I'm so glad it exists.
          Everybody who donates their time and efforts to assist all of us (not experts) who need help should be commended and congratulated.
          Thanks again and have a most excellent day !!   ;D
          Logged

          Rob Pomeroy



            Prodigy

          • Systems Architect
            • Thanked: 124
            • Me
          • Experience: Expert
          • OS: Other
          Re: Microsoft Word document is 0 kb in size
          « Reply #27 on: June 21, 2006, 02:46:12 PM »
          We should have a collection bucket at the door, I reckon guys.  ;D

          Glad things are sorted for you, JR.  Fab work dl65.
          Logged
          Only able to visit the forums sporadically, sorry.

          Geek & Dummy - honest news, reviews and howtos

          GX1_Man

          • Guest
          Re: Microsoft Word document is 0 kb in size
          « Reply #28 on: June 21, 2006, 04:57:05 PM »
          dl65 and Fed are the Hijack Kings!
          Logged
          Pages: 1 [2]  All   Go Up
          « previous next »