Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

arrrrrrrgh! adware, spybot, norton, [resolved]


  • This topic is locked This topic is locked

#1
gravy

gravy

    Member

  • Member
  • PipPip
  • 12 posts
This is a particularly bad infestation.
finally finished microsoft updates,
which was really painfull cause every
time I logged on the dsl would go crazy
downloading new adware. It went like this.
update, restart, adware, spybot, resart,
update, restart, adware, spybot, resart
and still they keep coming, this is my last hope.
Can someone tell me what to remove in
hijack this? :tazz:
Logfile of HijackThis v1.98.2
Scan saved at 3:50:32 PM, on 3/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DELL\Drivers\498FF\Program\point32.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\mwin.exe
C:\WINNT\system32\ldvusw.exe
C:\WINNT\system32\csrs.exe
C:\WINNT\system32\MSNmassegez.exe
C:\WINNT\system32\rtnfs.exe
C:\WINNT\system32\msexcel.exe
C:\WINNT\system32\spoolsvc.exe
C:\WINNT\system32\bxgenmpieg.exe
C:\WINNT\system32\urlwks.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\strsend.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.my.delleworks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=429
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.netscape.c...com/index2.psp"); (C:\Program Files\Netscape\Users\bschultz4\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - (no file)
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721316} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Program\point32.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 7 1
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sygate Personal Firewall] mwin.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe
O4 - HKLM\..\Run: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKLM\..\Run: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\system32\spoolsvc.exe
O4 - HKLM\..\Run: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [p4mX37i] urlwks.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] mwin.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\RunServices: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKLM\..\RunServices: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Sygate Personal Firewall] mwin.exe
O4 - HKCU\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKCU\..\Run: [Microsoft Locals] diadushka.exe
O4 - HKCU\..\Run: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKCU\..\Run: [Windows_Protect] rtnfs.exe
O4 - HKCU\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKCU\..\Run: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Y357RXG7g] strsend.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
  • 0

Advertisements


#2
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I'm tempted to try to remove things myself
but am worried I'll delete the wrong thing
and shoot myself in the foot.
  • 0

#3
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Not trying to bump this up.
Just posting a new hijack log
using the current version.
Hoping to save the step where
you tell me to download latest. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 2:27:11 PM, on 3/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DELL\Drivers\498FF\Program\point32.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\mwin.exe
C:\WINNT\system32\csrs.exe
C:\WINNT\system32\rtnfs.exe
C:\WINNT\system32\msexcel.exe
C:\WINNT\system32\urlwks.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\strsend.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\bxgenmpieg.exe
C:\WINNT\system32\MSNmassegez.exe
C:\WINNT\system32\ldvusw.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.my.delleworks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=429
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.netscape.c...com/index2.psp"); (C:\Program Files\Netscape\Users\bschultz4\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - (no file)
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721316} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Program\point32.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 7 1
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sygate Personal Firewall] mwin.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe
O4 - HKLM\..\Run: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKLM\..\Run: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\system32\spoolsvc.exe
O4 - HKLM\..\Run: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [p4mX37i] urlwks.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] mwin.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\RunServices: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKLM\..\RunServices: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Sygate Personal Firewall] mwin.exe
O4 - HKCU\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKCU\..\Run: [Microsoft Locals] diadushka.exe
O4 - HKCU\..\Run: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKCU\..\Run: [Windows_Protect] rtnfs.exe
O4 - HKCU\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKCU\..\Run: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Y357RXG7g] strsend.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#4
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Back from page 9 to 1
Please help me.
  • 0

#5
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi gravy

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following processes:
C:\WINNT\system32\mwin.exe
C:\WINNT\system32\csrs.exe
C:\WINNT\system32\rtnfs.exe
C:\WINNT\system32\msexcel.exe
C:\WINNT\system32\urlwks.exe
C:\WINNT\system32\strsend.exe
C:\WINNT\system32\bxgenmpieg.exe
C:\WINNT\system32\MSNmassegez.exe
C:\WINNT\system32\ldvusw.exe

Exit the Task Manager when finished.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=429
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - (no file)
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721316} - (no file)
O4 - HKLM\..\Run: [Sygate Personal Firewall] mwin.exe
O4 - HKLM\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\system32\csrs.exe
O4 - HKLM\..\Run: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKLM\..\Run: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\system32\spoolsvc.exe
O4 - HKLM\..\Run: [WindowsRegKey update] bxgenmpieg.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINNT\system32\mwin.exe<--Delete this file
C:\WINNT\system32\csrs.exe<--Delete this file
C:\WINNT\system32\rtnfs.exe<--Delete this file
C:\WINNT\system32\msexcel.exe<--Delete this file
C:\WINNT\system32\urlwks.exe<--Delete this file
C:\WINNT\system32\strsend.exe<--Delete this file
C:\WINNT\system32\MSNmassegez.exe<--Delete this file
C:\WINNT\system32\ldvusw.exe<--Delete this file
mwin.exe<--Delete this file
ldvusw.exe<--Delete this file
MSNmassegez.exe<--Delete this file
rtnfs.exe<--Delete this file
msexcel.exe<--Delete this file
C:\WINNT\system32\spoolsvc.exe<--Delete this file
bxgenmpieg.exe<--Delete this file
Exit Explorer, and reboot as normal afterwards.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#6
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I did what you said, but I couldn't run the
free web scans. Trend micro downloaded something
to my computer but then lagged. I tried again with netscape
instead of IE and trendmicro had me download a file which
I couldn't run due to Virtual Device driver problems. It seemed
like my internet connection was busy talking to someone
perhaps the hijackers. Anyway here is the log from hijack this

Logfile of HijackThis v1.99.1
Scan saved at 3:11:40 PM, on 3/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DELL\Drivers\498FF\Program\point32.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ldvusw.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis_1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.my.delleworks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.netscape.c...com/index2.psp"); (C:\Program Files\Netscape\Users\bschultz4\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Program\point32.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 7 1
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [p4mX37i] urlwks.exe
O4 - HKLM\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] mwin.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\RunServices: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKLM\..\RunServices: [Windows_Protect] rtnfs.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Sygate Personal Firewall] mwin.exe
O4 - HKCU\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKCU\..\Run: [Microsoft Locals] diadushka.exe
O4 - HKCU\..\Run: [Macafea Personal Firewall] MSNmassegez.exe
O4 - HKCU\..\Run: [Windows_Protect] rtnfs.exe
O4 - HKCU\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKCU\..\Run: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Y357RXG7g] strsend.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#7
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi gravy

Welcome to geekstogo

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.my.delleworks.com
O4 - HKLM\..\Run: [p4mX37i] urlwks.exe
O4 - HKLM\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] mwin.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ldvusw.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] mwin.exe
O4 - HKCU\..\Run: [Windows Compliant] ldvusw.exe
O4 - HKCU\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKCU\..\Run: [WindowsRegKey update] bxgenmpieg.exe
O4 - HKCU\..\Run: [Y357RXG7g] strsend.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINNT\System32\srvc32.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

urlwks.exe<--Delete this file
ldvusw.exe<--Delete this file
mwin.exe<--Delete this file
msexcel.exe<--Delete this file
bxgenmpieg.exe<--Delete this file
C:\WINNT\System32\spoolsrv32.exe<--Delete this file
C:\WINNT\System32\srvc32.exe<--Delete this file
strsend.exe<--Delete this file

Exit Explorer,

Reboot your system as normal

Post back a fresh HijackThis log and we will take another look.

Kc :tazz:
  • 0

#8
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I think we are making some real progress.
It now starts up better, but asks me about
the spoolsrv32.exe and srvc32.exe files
at start up. I think it misses them.
Here is the latest hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 8:50:34 AM, on 3/31/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\DELL\Drivers\498FF\Program\point32.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis_1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.netscape.c...com/index2.psp"); (C:\Program Files\Netscape\Users\bschultz4\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Program\point32.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 7 1
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Microsoft Locals] diadushka.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Y357RXG7g] strsend.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#9
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi gravy

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O4 - HKCU\..\Run: [Microsoft Locals] diadushka.exe
O4 - HKCU\..\Run: [Y357RXG7g] strsend.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44160E2F-6C1D-4D05-B0FD-1BB1D7C21501} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B07FD5E0-AC50-4ED5-8690-F25890CB91DB} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
diadushka.exe<--Delete this file
strsend.exe<--Delete this file
Exit Explorer, and reboot as normal afterwards.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs from Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#10
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok this is getting much better.
Here is the panda:




Incident Status Location

Adware:Adware/Apropos No disinfected C:\temp\cxtpls_loader_ff.exe
Adware:Adware/Apropos No disinfected C:\temp\CtxPlus.exe
Spyware:Spyware/ISTbar No disinfected C:\WINNT\SYSTEM32\tsuninst.exe
Adware:Adware/IGuard No disinfected C:\WINNT\SYSTEM32\wldr.dll
Adware:Adware/Searchmeup No disinfected C:\WINNT\SYSTEM32\srvc32.dll
Adware:Adware/Searchmeup No disinfected C:\WINNT\SYSTEM32\srdrv32.dll
Adware:Adware/CWS.Searchmeup No disinfected C:\WINNT\SYSTEM32\srpcsrv32.dll
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3DE6ME97\istdownload[2].exe
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3DE6ME97\MediaAccK[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FJ35ZI3\istrecover[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FJ35ZI3\cmctl[1].dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FJ35ZI3\newmajorse2[1].cab
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FJ35ZI3\newmajorse2[1].cab[newmajorse2.txt]
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FJ35ZI3\bridge-c7[1].cab[MediaAccX.dll]
Adware:Adware/SideFind No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DEFRKVFX\sidefind[1].exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DEFRKVFX\targetsaver[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DEFRKVFX\istbarcm[1].dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DEFRKVFX\TBPSSvc[1].cab[TBPSSvc.exe]
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DEFRKVFX\MediaAccC[1].dll
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0BTABTTX\istsvc[1].exe
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0BTABTTX\index[1].html
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0BTABTTX\optimize[1].exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0BTABTTX\AproposClientInstaller[1].exe
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0BTABTTX\MediaAccess[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\TEMP\f4dfOhF.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Administrator\Local Settings\TEMP\optimize.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Administrator\Local Settings\TEMP\temp.fr6645
Adware:Adware/SideFind No disinfected C:\Documents and Settings\Administrator\Local Settings\TEMP\targetsaver.exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\Administrator\Local Settings\TEMP\GLFAGLFA.EXE
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\TEMP\tsinstall_4_0_3_8_b17.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Administrator\Local Settings\TEMP\GLFDGLFD.EXE



This is the hijack:


Logfile of HijackThis v1.99.1
Scan saved at 10:46:54 AM, on 3/31/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DELL\Drivers\498FF\Program\point32.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.netscape.c...com/index2.psp"); (C:\Program Files\Netscape\Users\bschultz4\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Program\point32.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 7 1
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

Advertisements


#11
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi gravy

Please read through the instructions before you start (you may want to print this out).

Download Pocket Killbox and unzip it; save it to your Desktop.

Download the CCleaner unzip the file to install. DO NOT RUN IT YET.

Reboot into Safe Mode: Click here if you don't know how to do this.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:
Check there are no files left inthis location C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\ (empty)

Open the ccleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Now click on Run Cleaner

C:\temp<--Delete the whole folder

Run killboxand click the radio button that says Delete a file on reboot.
Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINNT\SYSTEM32\tsuninst.exe
C:\WINNT\SYSTEM32\wldr.dll
C:\WINNT\SYSTEM32\srvc32.dll
C:\WINNT\SYSTEM32\srdrv32.dll
C:\WINNT\SYSTEM32\srpcsrv32.dll

End of killbox files

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#12
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I did everything but the panda and trendmicro scans.
For some reason I can't get on the net from that computer
any more. Might have to reinstall something, but that's better
than having a bunch of visuses and spys, anyway here's the
hijack log:


Logfile of HijackThis v1.99.1
Scan saved at 1:09:25 PM, on 3/31/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DELL\Drivers\498FF\Program\point32.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.netscape.c...com/index2.psp"); (C:\Program Files\Netscape\Users\bschultz4\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Program\point32.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 7 1
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#13
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi gravy

Now… there is more than one way to repair this issue. In the Knowledge Base on the Microsoft website, there are two articles, 811259 and 299257 that will give you instructions to remove the proper Registry entries to cause Winsock and the IP stack to reload, and also command line NetShell instructions to reset Winsock.

Or, there is a freeware application called WinSock XP Fix 1.2 that will create a backup of your registry and then repair any Registry entries that may have been affected by the adware removal tools. This does NOT remove the stack and force you to reload Winsock, which is what the Microsoft solution above does.

I am told this work with 2000
Winsock XP fix 1.2 can be found at freeware sites, as well as http://www.spychecke...nsockxpfix.html

IMPORTANT: w2fix.exe ONLY WORKS for Windows 98, 98SE, and Windows Millennium
http://www.bu.edu/pc...insock2fix.html

Your HJT.Log is clean no more Malware on the system.

Post back so we can finnish the system fully.

Kc :tazz:
  • 0

#14
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok much better, here is the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 2:33:42 PM, on 3/31/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DELL\Drivers\498FF\Program\point32.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis_1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.netscape.c...com/index2.psp"); (C:\Program Files\Netscape\Users\bschultz4\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] C:\DELL\Drivers\498FF\Program\point32.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 7 1
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

and the panda:


Incident Status Location

Spyware:Spyware/ISTbar No disinfected C:\WINNT\SYSTEM32\tsuninst.exe
  • 0

#15
gravy

gravy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I noticed that one of the last panda files was
one yoiu just had me delete so I did the steps
again for that and ran another panda:


Incident Status Location

Adware:Adware/CWS No disinfected C:\Documents and Settings\Administrator\Favorites\Fun & Games\Betting.lnk
Adware:Adware/BHO No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/SideFind No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\!Submit\tsuninst.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP