I was experiencing the same "about:blank" infection as alan24brown and your instructions to him allowed me to clear up my problem. Your help has proven invaluable.
Dr. Watson postmortem debugger problem[RESOLVED]
Started by
alan24brown
, Feb 24 2005 05:20 PM
#16
Posted 09 March 2005 - 04:17 PM
I was experiencing the same "about:blank" infection as alan24brown and your instructions to him allowed me to clear up my problem. Your help has proven invaluable.
#17
Guest_thatman_*
Posted 09 March 2005 - 04:55 PM
Hi jburchard
Thank you thatman.
I was experiencing the same "about:blank" infection as alan24brown and your instructions to him allowed me to clear up my problem. Your help has proven invaluable.
Glad I was able to help
Kc
Thank you thatman.
I was experiencing the same "about:blank" infection as alan24brown and your instructions to him allowed me to clear up my problem. Your help has proven invaluable.
Glad I was able to help
Kc
#18
Posted 10 March 2005 - 03:19 PM
Alright, here we go.
Here is the PandaScan info you asked for...
Incident Status Location
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall*.exe
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\farmmext.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs
Adware:Adware/EliteBar No disinfected C:\WINNT\EliteSideBar
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Administrator\Application Data\tsad.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\addvp32.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\cruw.exe
Spyware:Spyware/Iehelp No disinfected C:\WINNT\Downloaded Program Files\ipreg32.inf
Spyware:Spyware/BetterInet No disinfected C:\WINNT\inf\ceres.inf
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\farmmext.inf
Adware:Adware/SearchAid No disinfected C:\WINNT\javawu32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINNT\ntmz.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\sysbd32.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\sysnb(2).exe
Adware:Adware/SearchAid No disinfected C:\WINNT\sysnb.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINNT\system32\atlqq32.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\JVAW~1.EXE
Adware:Adware/SearchAid No disinfected C:\WINNT\system32\msoh.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\NTEPAD~1.EXE
Adware:Adware/CWS.Aboutblank No disinfected C:\WINNT\system32\sdkjr32.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\system32\syskl32.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\WWEXEC~1.EXE
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\HKDSK~1.EXE
Adware:Adware/SBSoft No disinfected C:\WINNT\webdlg32.inf
The "housecall" scan you asked me to do won't work.
But here is the next HiJackThis you asked for.
Logfile of HijackThis v1.99.1
Scan saved at 4:17:33 PM, on 3/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks for all this help.
Now what?
- Alan
Here is the PandaScan info you asked for...
Incident Status Location
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall*.exe
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\farmmext.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs
Adware:Adware/EliteBar No disinfected C:\WINNT\EliteSideBar
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Administrator\Application Data\tsad.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\addvp32.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\cruw.exe
Spyware:Spyware/Iehelp No disinfected C:\WINNT\Downloaded Program Files\ipreg32.inf
Spyware:Spyware/BetterInet No disinfected C:\WINNT\inf\ceres.inf
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\farmmext.inf
Adware:Adware/SearchAid No disinfected C:\WINNT\javawu32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINNT\ntmz.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\sysbd32.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\sysnb(2).exe
Adware:Adware/SearchAid No disinfected C:\WINNT\sysnb.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINNT\system32\atlqq32.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\JVAW~1.EXE
Adware:Adware/SearchAid No disinfected C:\WINNT\system32\msoh.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\NTEPAD~1.EXE
Adware:Adware/CWS.Aboutblank No disinfected C:\WINNT\system32\sdkjr32.exe
Adware:Adware/SearchAid No disinfected C:\WINNT\system32\syskl32.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\WWEXEC~1.EXE
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\HKDSK~1.EXE
Adware:Adware/SBSoft No disinfected C:\WINNT\webdlg32.inf
The "housecall" scan you asked me to do won't work.
But here is the next HiJackThis you asked for.
Logfile of HijackThis v1.99.1
Scan saved at 4:17:33 PM, on 3/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks for all this help.
Now what?
- Alan
#19
Guest_thatman_*
Posted 10 March 2005 - 03:46 PM
Hi alan24brown
We are getting there
1. Download the Pocket Killbox.
2. Unzip the contents of KillBox.zip to a convenient location.
3. Double-click on KillBox.exe.
4. Click "Replace on Reboot" and check the "Use Dummy" box.
5. Paste this file into the top "Full Path of File to Delete" box.
C:\WINNT\NDNuninstall*.exe
6. Click the "Delete File" button which looks like a stop sign.
7. Click "Yes" at the Replace on Reboot prompt.
Follow steps 4 , 5 , 6 , 7 , with all the following files in Blue
C:\WINNT\NDNuninstall*.exe
C:\WINNT\inf\farmmext.inf
C:\WINNT\isrvs
C:\WINNT\EliteSideBar
C:\Documents and Settings\Administrator\Application Data\tsad.exe
C:\WINNT\addvp32.exe
C:\WINNT\cruw.exe
C:\WINNT\Downloaded Program Files\ipreg32.inf
C:\WINNT\inf\ceres.inf
C:\WINNT\inf\farmmext.inf
C:\WINNT\javawu32.exe
C:\WINNT\ntmz.exe
C:\WINNT\sysbd32.exe
C:\WINNT\sysnb(2).exe
C:\WINNT\sysnb.exe
C:\WINNT\system32\atlqq32.exe
C:\WINNT\system32\JVAW~1.EXE
C:\WINNT\system32\msoh.exe
C:\WINNT\system32\NTEPAD~1.EXE
C:\WINNT\system32\sdkjr32.exe
C:\WINNT\system32\syskl32.exe
C:\WINNT\system32\WWEXEC~1.EXE
C:\WINNT\system32\HKDSK~1.EXE
C:\WINNT\webdlg32.inf
Don't feel bad about this I did have one member with 400+ to remove
Please run the following free, online virus scans:
http://www.pandasoft...n_principal.htm
Post the panda scan and a new hijacthis.log
Thank You
kc
We are getting there
1. Download the Pocket Killbox.
2. Unzip the contents of KillBox.zip to a convenient location.
3. Double-click on KillBox.exe.
4. Click "Replace on Reboot" and check the "Use Dummy" box.
5. Paste this file into the top "Full Path of File to Delete" box.
C:\WINNT\NDNuninstall*.exe
6. Click the "Delete File" button which looks like a stop sign.
7. Click "Yes" at the Replace on Reboot prompt.
Follow steps 4 , 5 , 6 , 7 , with all the following files in Blue
C:\WINNT\NDNuninstall*.exe
C:\WINNT\inf\farmmext.inf
C:\WINNT\isrvs
C:\WINNT\EliteSideBar
C:\Documents and Settings\Administrator\Application Data\tsad.exe
C:\WINNT\addvp32.exe
C:\WINNT\cruw.exe
C:\WINNT\Downloaded Program Files\ipreg32.inf
C:\WINNT\inf\ceres.inf
C:\WINNT\inf\farmmext.inf
C:\WINNT\javawu32.exe
C:\WINNT\ntmz.exe
C:\WINNT\sysbd32.exe
C:\WINNT\sysnb(2).exe
C:\WINNT\sysnb.exe
C:\WINNT\system32\atlqq32.exe
C:\WINNT\system32\JVAW~1.EXE
C:\WINNT\system32\msoh.exe
C:\WINNT\system32\NTEPAD~1.EXE
C:\WINNT\system32\sdkjr32.exe
C:\WINNT\system32\syskl32.exe
C:\WINNT\system32\WWEXEC~1.EXE
C:\WINNT\system32\HKDSK~1.EXE
C:\WINNT\webdlg32.inf
Don't feel bad about this I did have one member with 400+ to remove
Please run the following free, online virus scans:
http://www.pandasoft...n_principal.htm
Post the panda scan and a new hijacthis.log
Thank You
kc
#20
Posted 10 March 2005 - 10:05 PM
I did everything you asked.
Pandascan results:
Incident Status Location
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall*.exe
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\farmmext.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs
Adware:Adware/EliteBar No disinfected C:\WINNT\EliteSideBar
HiJackThis results:
Logfile of HijackThis v1.99.1
Scan saved at 11:01:07 PM, on 3/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Anything else?
Thanks a million for all the help!
- Alan
Pandascan results:
Incident Status Location
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall*.exe
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\farmmext.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINNT\isrvs
Adware:Adware/EliteBar No disinfected C:\WINNT\EliteSideBar
HiJackThis results:
Logfile of HijackThis v1.99.1
Scan saved at 11:01:07 PM, on 3/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Anything else?
Thanks a million for all the help!
- Alan
#21
Guest_thatman_*
Posted 11 March 2005 - 03:13 AM
Hi alan24brown
Reboot into Safe Mode: Click here if you don't know how to do this.
Press Ctrl+Alt+Delete once -> Click Task Manager -> Click the Processes tab -> Double-click the Image Name column header to alphabetically sort the processes -> Scroll through the list and look for:
No files[/b]
If you find the files, click on them, and then click End Process -> Exit the Task Manager.
CLOSE ALL WINDOWS AND BROWSERS Scan with HijackThis and put checks next to all the following,
No files to remove
Then click on "Fix Checked"
Using Windows Explorer delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.
C:\WINNT\NDNuninstall*.exe<--Delete this file
C:\WINNT\inf\farmmext.inf<--Delete this file
C:\WINNT\isrvs<--Delete this file
C:\WINNT\EliteSideBar<--Delete this file
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)
Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Scan with AdAware and let it remove any bad files found.
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
Download the ccleaner
I use this Program and is setup like this all boxs are check.
Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files [color=red](NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.
Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache
Double click on the cwsserviceremove and when asked to merge say yes.
Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
Reboot into normal mode.
Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.
http://housecall.tre.../start_corp.asp
Make sure you check "AutoClean"
Please reboot and post a fresh HijackThis.log to see how we did.
Kc
Reboot into Safe Mode: Click here if you don't know how to do this.
Press Ctrl+Alt+Delete once -> Click Task Manager -> Click the Processes tab -> Double-click the Image Name column header to alphabetically sort the processes -> Scroll through the list and look for:
No files[/b]
If you find the files, click on them, and then click End Process -> Exit the Task Manager.
CLOSE ALL WINDOWS AND BROWSERS Scan with HijackThis and put checks next to all the following,
No files to remove
Then click on "Fix Checked"
Using Windows Explorer delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.
C:\WINNT\NDNuninstall*.exe<--Delete this file
C:\WINNT\inf\farmmext.inf<--Delete this file
C:\WINNT\isrvs<--Delete this file
C:\WINNT\EliteSideBar<--Delete this file
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)
Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Scan with AdAware and let it remove any bad files found.
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
Download the ccleaner
I use this Program and is setup like this all boxs are check.
Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files [color=red](NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.
Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache
Double click on the cwsserviceremove and when asked to merge say yes.
Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.
Reboot into normal mode.
Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.
http://housecall.tre.../start_corp.asp
Make sure you check "AutoClean"
Please reboot and post a fresh HijackThis.log to see how we did.
Kc
#22
Posted 11 March 2005 - 06:01 AM
ATTENTION ATTENTION ATTIOTION!!!!!!!!!!
DrWatson problem solved!!!!!
TI is a problem with SP2. Go into safe mode and the go into add/remove programmes unistall SP2 and restart computer. This solved the problem for me just this minute!!!
Dave
DrWatson problem solved!!!!!
TI is a problem with SP2. Go into safe mode and the go into add/remove programmes unistall SP2 and restart computer. This solved the problem for me just this minute!!!
Dave
#23
Posted 12 March 2005 - 10:24 PM
Alright, here we go...
I did everything you asked.
I searched and deleted the following...
C:\WINNT\NDNuninstall*.exe<--Delete this file
C:\WINNT\inf\farmmext.inf<--Delete this file
C:\WINNT\isrvs<--Delete this file
C:\WINNT\EliteSideBar<--Delete this file
But... "NDNunistall..." was not found. But it keeps popping up on virus scans.
What was the "hoster" things you asked me to download? I opened it, closed it. HUH?
Here's the new Hijack This log...
Logfile of HijackThis v1.99.1
Scan saved at 11:21:06 PM, on 3/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINNT\System32\msiexec.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Documents and Settings\Administrator\Desktop\Odds & Ends\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Now what?
Thanks again, man!
- Alan
I did everything you asked.
I searched and deleted the following...
C:\WINNT\NDNuninstall*.exe<--Delete this file
C:\WINNT\inf\farmmext.inf<--Delete this file
C:\WINNT\isrvs<--Delete this file
C:\WINNT\EliteSideBar<--Delete this file
But... "NDNunistall..." was not found. But it keeps popping up on virus scans.
What was the "hoster" things you asked me to download? I opened it, closed it. HUH?
Here's the new Hijack This log...
Logfile of HijackThis v1.99.1
Scan saved at 11:21:06 PM, on 3/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINNT\System32\msiexec.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Documents and Settings\Administrator\Desktop\Odds & Ends\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Now what?
Thanks again, man!
- Alan
#24
Guest_thatman_*
Posted 13 March 2005 - 05:33 AM
Hi alan24brown
Thanks to LineOFire for this .reg file fix -
1.) Copy the contents of the Quote Box below to Notepad.
2.) Save the file as RemoveTrustedZone.reg
3.) Change the Save as Type to All Files.
4.) Save this file to the desktop.
Quote:
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
--
1.) Double-click on RemoveTrustedZone.reg.
2.) When it asks you to merge the information to the registry click Yes.
3.) Reboot PC.
4.) Run HJT again and look for the O15 entry, it should be gone.
Post a HJT.log
Kc
Thanks to LineOFire for this .reg file fix -
1.) Copy the contents of the Quote Box below to Notepad.
2.) Save the file as RemoveTrustedZone.reg
3.) Change the Save as Type to All Files.
4.) Save this file to the desktop.
Quote:
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
--
1.) Double-click on RemoveTrustedZone.reg.
2.) When it asks you to merge the information to the registry click Yes.
3.) Reboot PC.
4.) Run HJT again and look for the O15 entry, it should be gone.
Post a HJT.log
Kc
#25
Guest_thatman_*
Posted 16 April 2005 - 10:27 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users