Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-ups -BookedSpace, Elitum.Elitebar, & Pacimedia

Started by spywarebites , Jun 24 2005 01:24 PM

  • Please log in to reply

#1
spywarebites
Posted 24 June 2005 - 01:24 PM

spywarebites

    New Member

  • Member
  • Pip
  • 6 posts
Help, please!!

I seem to have spyware that I just can't get rid of. I will continually and randomly get pop-ups; even if I'm not connected to the internet, and I have a little red icon that shows up everytime I boot up my computer, but it goes away once it has fully booted. When I first started realizing I had a problem a few days ago, it was when I noticed new icons there and had clicked on that same one (Virtual Bouncer or Ad destroyer). When I ran Ad-aware, it recognized these as spyware and said it deleted them. My concern is that it's still there for a brief moment even though I have Ad-aware'd and Spybot'ed many times since then.

I followed the instructions on your link; I installed and ran Cleanup!, updated and ran Ad-aware (with the settings recommended), installed and ran CWShredder, downloaded and ran a newer version of Spybot. When running Spybot, I get an error in the middle of the scan that says, "There were problems in the include file C:\Program Files\Spybot - Search_Destroy\Includes\Hijackers.sbi. See 'Include errors.log' for details." Repeat offenders from the Spybot problems are BookedSpace, Elitum.Elitebar, and Pacimedia.

I also ran the Trend Housecall - it found 4 Trojans! - and I was able to delete all but one that it said was in use. My Windows updates are up to date and I did reboot.

Here is my HijackThis log - hopefully someone can help me determine what is causing the problem and I can stop pulling my hair out. Thank you!!

Kelly Griffin


Logfile of HijackThis v1.99.1
Scan saved at 11:53:36 AM, on 6/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cmhc\CMHCinst.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\mssynth.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG10.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kelly\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.komotv.com/traffic/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [o3mS3sQ] mssynth.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteekx32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe
O4 - HKCU\..\Run: [Z052RictX] msirt4.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted IP range: 10.1.0.2
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097687517100
O16 - DPF: {6583D1DB-416B-4E4C-9776-C322990D002D} (instMgr.cMain) - http://10.16.2.50/cm...vex/instmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {74E2BDB6-3F25-11D5-8B99-00105A8305D4} - http://192.168.1.5/c...ex/cmhcmisd.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - http://192.168.1.5/c...ui/java/jre.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {99FE97A4-4479-11D5-8BA0-00105A8305D4} (CMHCbuiUpdate.buiUpdate) -
O16 - DPF: {9FE80A8C-4C54-483C-97F3-04CF23CB4BC0} (cmhcwordspell.spellx) - http://10.1.0.3:2808...hcwordspell.cab
O16 - DPF: {A9B0A42B-6FE5-4C11-BDEF-EE8EB5946EB9} (cmhcbuimon.BUILogDisplay) - http://192.168.1.5/c.../cmhcbuimon.cab
O16 - DPF: {A9EAE8E8-84A7-417D-9845-CCAF108216DA} (posscan.ucScan) - http://192.168.1.5/c...ex/cmhcirms.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CBA5909B-C076-4523-829A-91E983B9624A} - http://192.168.1.5/c...ocs/cab/rmi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Install Manager for CMHC Systems (CMHCInstMgr) - CMHC Systems, Inc. - C:\WINDOWS\system32\cmhc\CMHCinst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Wizard
Posted 25 June 2005 - 09:09 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Spywarebites and Welcome!

Do you access this PC remotely?

If it returns Infected,please include in the file and folder removal and be sure to delete the entire folder if it is infected!

Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
Ewido Security Suite:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.

From the main Ewido screen, Click on Update in the left menu, then click the Start Update button.

After the Update finishes (the status bar at the bottom will display "Update successful"), Now close the program.

If you have problems updating see here
http://www.ewido.net...wnload/updates/

Download and Install CleanUp! 4.0 but dont it yet!!
http://downloads.ste...p/CleanUp40.exe

Download LQfix.zip:
http://users.pandora...atchy/LQfix.zip
Unzip it and save it to your desktop, don't use it yet!!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!

Here is a link to help with that
http://www.bleepingc...showtutorial=62

Be sure to follow the directions that apply to your Operating System!

From the LQFix Folder Doubleclick LQfix.bat that you saved on your desktop before.

A doswindow will open and close again, this is normal.

Now Locate and Delete these

C:\WINDOWS\cfgmgr52.dll<< File

C:\WINDOWS\system32\mssynth.exe<< File

C:\windows\system32\eliteekx32.exe<< File

C:\Program Files\AutoUpdate

Open the Search Assistant(Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by these 3:

Search System Folders
Search hidden files and folders
Search Subfolders

Now under All Files and Folders,enter this into the text box:

msirt4.exe<< Delete all exact matches of that filename!

Run CleanUp!

Click "Cleanup" and it will Scan and Remove all available Temp files>Click "Close">Click "No" to Logoff!

Scan with Ewido>when prompted>Select to clean and place a check by the box to use this action for all infections!

Once it completes,Click the tab to Save the report and Save it to your Desktop for easy access!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.komotv.com/traffic/

R3 - Default URLSearchHook is missing

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

O4 - HKLM\..\Run: [o3mS3sQ] mssynth.exe

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteekx32.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKCU\..\Run: [Z052RictX] msirt4.exe

O4 - Global Startup: VPN Client.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O15 - Trusted IP range: 10.1.0.2

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab

O16 - DPF: {6583D1DB-416B-4E4C-9776-C322990D002D} (instMgr.cMain) - http://10.16.2.50/cm...vex/instmgr.cab

O16 - DPF: {74E2BDB6-3F25-11D5-8B99-00105A8305D4} - http://192.168.1.5/c...ex/cmhcmisd.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - http://192.168.1.5/c...ui/java/jre.exe

O16 - DPF: {99FE97A4-4479-11D5-8BA0-00105A8305D4} (CMHCbuiUpdate.buiUpdate) -

O16 - DPF: {9FE80A8C-4C54-483C-97F3-04CF23CB4BC0} (cmhcwordspell.spellx) - http://10.1.0.3:2808...hcwordspell.cab

O16 - DPF: {A9B0A42B-6FE5-4C11-BDEF-EE8EB5946EB9} (cmhcbuimon.BUILogDisplay) -
http://192.168.1.5/c.../cmhcbuimon.cab

O16 - DPF: {A9EAE8E8-84A7-417D-9845-CCAF108216DA} (posscan.ucScan) - http://192.168.1.5/c...ex/cmhcirms.cab

O16 - DPF: {CBA5909B-C076-4523-829A-91E983B9624A} - http://192.168.1.5/c...ocs/cab/rmi.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Post back with a fresh HijackThis log and the reports from Ewido and Panda!!
  • 0

#3
spywarebites
Posted 26 June 2005 - 12:08 PM

spywarebites

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for your help!

I do not access my PC remotely, but often access other PCs/servers remotely with this laptop as part of my job.

With LQfix, I was able to delete everything except for two things I couldn't find: C:\windows\system32\eliteekx32.exe and any instances of msirt4.exe.

Here is the Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:23:45 PM, 6/25/2005
+ Report-Checksum: 1FDE762D

+ Date of database: 6/25/2005
+ Version of scan engine: v3.0

+ Duration: 76 min
+ Scanned Files: 66470
+ Speed: 14.45 Files/Second
+ Infected files: 8
+ Removed files: 8
+ Files put in quarantine: 8
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Program Files\WebEx\ieatgpc.dll -> Spyware.WebEx -> Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\rwozcpqp.exe -> Spyware.BookedSpace.e -> Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me -> Cleaned with backup
C:\WINDOWS\system32\auto_update_uninstall.exe -> Spyware.Apropos -> Cleaned with backup
C:\WINDOWS\system32\ebcimgn.dll -> Spyware.Look2Me -> Cleaned with backup
C:\WINDOWS\tct101.dll -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup


::Report End

Also, when I ran the HijackThis to delete the items you asked me to delete, there were a few I didn't delete because I need them for work. I've listed the ones I kept below:

O15 - Trusted IP range: 10.1.0.2

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab

O16 - DPF: {6583D1DB-416B-4E4C-9776-C322990D002D} (instMgr.cMain) - http://10.16.2.50/cm...vex/instmgr.cab

O16 - DPF: {74E2BDB6-3F25-11D5-8B99-00105A8305D4} - http://192.168.1.5/c...ex/cmhcmisd.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - http://192.168.1.5/c...ui/java/jre.exe

O16 - DPF: {99FE97A4-4479-11D5-8BA0-00105A8305D4} (CMHCbuiUpdate.buiUpdate) -

O16 - DPF: {9FE80A8C-4C54-483C-97F3-04CF23CB4BC0} (cmhcwordspell.spellx) - http://10.1.0.3:2808...hcwordspell.cab

O16 - DPF: {A9B0A42B-6FE5-4C11-BDEF-EE8EB5946EB9} (cmhcbuimon.BUILogDisplay) -
http://192.168.1.5/c.../cmhcbuimon.cab

O16 - DPF: {A9EAE8E8-84A7-417D-9845-CCAF108216DA} (posscan.ucScan) - http://192.168.1.5/c...ex/cmhcirms.cab

O16 - DPF: {CBA5909B-C076-4523-829A-91E983B9624A} - http://192.168.1.5/c...ocs/cab/rmi.cab


When I deleted the others though through HijackThis, this error message popped up:
"Unexpected error occurred! Error #52 (Bad file name or number) in SubGetLongPath (?.exe). Please send a report to [email protected] mentioning what you were doing and what version of Windows you have. This message has been copied to your clipboard." I did not send anything to this email address since I figured it was probably a trick.

Here are the results from my Panda scan:

Incident Status Location

Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\auto_update_uninstall.???
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\auto_update_uninstall.log

And Here is my HijackThis that I just ran. It looks like there are some more things that I will need to delete again (C:\Program Files\Aprps), but I will wait for your feedback.

Logfile of HijackThis v1.99.1
Scan saved at 10:49:44 AM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cmhc\CMHCinst.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\kelly\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted IP range: 10.1.0.2
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097687517100
O16 - DPF: {6583D1DB-416B-4E4C-9776-C322990D002D} (instMgr.cMain) - http://10.16.2.50/cm...vex/instmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {74E2BDB6-3F25-11D5-8B99-00105A8305D4} - http://192.168.1.5/c...ex/cmhcmisd.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - http://192.168.1.5/c...ui/java/jre.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {99FE97A4-4479-11D5-8BA0-00105A8305D4} (CMHCbuiUpdate.buiUpdate) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9FE80A8C-4C54-483C-97F3-04CF23CB4BC0} (cmhcwordspell.spellx) - http://10.1.0.3:2808...hcwordspell.cab
O16 - DPF: {A9B0A42B-6FE5-4C11-BDEF-EE8EB5946EB9} (cmhcbuimon.BUILogDisplay) - http://192.168.1.5/c.../cmhcbuimon.cab
O16 - DPF: {A9EAE8E8-84A7-417D-9845-CCAF108216DA} (posscan.ucScan) - http://192.168.1.5/c...ex/cmhcirms.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CBA5909B-C076-4523-829A-91E983B9624A} - http://192.168.1.5/c...ocs/cab/rmi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Install Manager for CMHC Systems (CMHCInstMgr) - CMHC Systems, Inc. - C:\WINDOWS\system32\cmhc\CMHCinst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Thanks again for all of your help!
  • 0

#4
Wizard
Posted 26 June 2005 - 03:49 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
My Apologies for not researching those entries further,good thing you took it upon yourself to make the call! :tazz:

The log looks clean,how is the PC running?

Only these left to Delete

C:\Program Files\WebEx<< Folder

C:\Program Files\Aprps<< Folder

C:\WINDOWS\system32\auto_update_uninstall.???<< Probably file renamed by ewido!

C:\WINDOWS\system32\auto_update_uninstall.log<< File!

Install these 2 programs

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

IE Spyad:
http://www.bleepingc...showtutorial=53
There is a direct download inside and great tutorial also!

Disable System Restore
http://service1.syma...src=sec_doc_nam

Restart the PC

Go back and Renable System Restore by Unchecking the Box and Moving the Slider to the Half Way Position!

Post back and let me know how things are running!
  • 0

#5
spywarebites
Posted 27 June 2005 - 10:57 AM

spywarebites

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My computer is running pretty well - no more random pop-ups. I followed your last set of instructions and then ran the Panda Scan again - it came back with 2 lingering things.


Incident Status Location

Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\RECYCLER\S-1-5-21-1659004503-507921405-854245398-1003\Dc1\ProxyStub.dll

I tried deleting the C:\RECYCLER\.....\Dc1\ProxyStub.dll, but even with "display hidden files and folders" I couldn't find the \Dc1 folder or the ProxyStub.dll. Is there something else I can do to get rid of these last few things? Should reboot in Safe Mode again and try deleting it again?

How do I find that Dyfuca in the Windows registry?
  • 0

#6
Wizard
Posted 27 June 2005 - 01:17 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,I think we can fix this!

Click Start>> Run>> Type in cmd and Click OK!

Once at the Command Prompt Screen>> Type in>> cd\ and hit Enter

Now Copy&Paste

attrib -h -s c:\recycler and hit Enter

Now Copy&Paste

del c:\recycler and hit Enter

Download RegScrubXP v.3.25
http://www.majorgeek...wnload2048.html

Now locate and open RegScrubXP and Click "RegScrubXP finds Problems"

Let it scan the System and when it completes Click "Select all Problems" and "Fix Selected Problems"

Once Completed,Disable and Renable System Restore once more,so there will be a clean restore point to use if ever needed!

Restart and Scan again if you like,My hope is,it will be all clear!
  • 0

#7
spywarebites
Posted 28 June 2005 - 01:15 AM

spywarebites

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi again,

I'm still having one thing that is hanging on - but it seems to be different from the last time. I've already re-run the RegScrubXP and did the disable system restore and re-enabled it and rebooted.

Should I shut down, reboot in safe mode and then try the RegScrubXP again? Previous times when I have run the RegScrubXP, I have done it in Normal mode.

Here is the PandaScan. Thank you so much for your help!! You have been wonderful!


Incident Status Location

Adware:Adware/BookedSpace No disinfected Windows Registry
  • 0

#8
Wizard
Posted 28 June 2005 - 05:29 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please dont continue to rin RegScrub as a daily weekly or even monthly tool,its way too intense to do that!

It should only be run a few time a year at the most!


Attached is a Zip Folder that contains a regfile to remove all known BookedSpace entries!

Download>> Unzip>> Double Click to Execute>> Allow it to merge into Registry

Restart and Post a fresh HijackThis log!

Attached Files


  • 0

#9
spywarebites
Posted 08 July 2005 - 12:43 PM

spywarebites

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for all of your help!! Sorry it took me so long to reply - I had a business trip this week and was catching up on my work after losing 30 hours with this spyware/virus issue. ;)

According to the latest Pandascan, I still have an Adware/Apropos issue, but I don't know that it's a big deal (or very harmful).

You guys totally rock! I'm for sure making a donation. :tazz: Do you have any recommendations for an anti-virus & anti-spyware solution that I should buy to prevent this in the future? My license for my Norton Antivirus Professional 2004 expires next week, and I'm not sure that I like it after this fiasco.

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:21:59 AM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cmhc\CMHCinst.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\kelly\Desktop\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.komotv.com/traffic
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AnySync Technology - 3CmPlm] C:\Program Files\Common Files\XCPCSync\Translators\3CmPlm\AutoDet.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097687517100
O16 - DPF: {6583D1DB-416B-4E4C-9776-C322990D002D} (instMgr.cMain) - http://10.16.2.50/cm...vex/instmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {74E2BDB6-3F25-11D5-8B99-00105A8305D4} - http://192.168.1.5/c...ex/cmhcmisd.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - http://192.168.1.5/c...ui/java/jre.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {99FE97A4-4479-11D5-8BA0-00105A8305D4} (CMHCbuiUpdate.buiUpdate) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9FE80A8C-4C54-483C-97F3-04CF23CB4BC0} (cmhcwordspell.spellx) - http://10.1.0.3:2808...hcwordspell.cab
O16 - DPF: {A9B0A42B-6FE5-4C11-BDEF-EE8EB5946EB9} (cmhcbuimon.BUILogDisplay) - http://192.168.1.5/c.../cmhcbuimon.cab
O16 - DPF: {A9EAE8E8-84A7-417D-9845-CCAF108216DA} (posscan.ucScan) - http://192.168.1.5/c...ex/cmhcirms.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CBA5909B-C076-4523-829A-91E983B9624A} - http://192.168.1.5/c...ocs/cab/rmi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Install Manager for CMHC Systems (CMHCInstMgr) - CMHC Systems, Inc. - C:\WINDOWS\system32\cmhc\CMHCinst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#10
Wizard
Posted 08 July 2005 - 02:31 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Here is a link to beef up the Hosts File,as you read the link you will understand what the entries do!
http://www.mvps.org/...p2002/hosts.htm


This link is a help guide to properly install the new Hosts File
http://www.mvps.org/...2002/hosts2.htm


Do you have a paid subscription for your Symantec Products?

I cant tell if the Symantec Product you have has a firewall with it???

Let me know about the Symantec Products?!
  • 0

#11
spywarebites
Posted 08 July 2005 - 09:29 PM

spywarebites

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks! I have added this hosts file as you suggested. That should fix the problem.

I do have a paid subscription for my Symantec product (it runs out on 7/20), but I can not tell whether or not it has a firewall. I would guess not if it doesn't explicitly tell me that I have one. I do have SP2 with the Windows firewall enabled, and I have a router with a hardware firewall as well.

The Norton Antivirus Professional 2004 version that I have is 10.0.1.13. It says in the selected options that it is supposed to protect against spyware and adware as well, but I got spyware and viruses anyway. I update and run the Norton product weekly.

Since my subscription is up very soon, I thought it was a good time to revisit which product I use for anti-virus and anti-spyware protection. If you have any suggestions based on what you've seen that works really well, I'm open to suggestions.

Thank you so much for all of the time you spent helping me! Your service is the best!!
  • 0

#12
Wizard
Posted 09 July 2005 - 04:50 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I think I can show a few that I believe have a decent reputation!

AVG
http://www.grisoft.com/doc/1

Antivir
http://www.free-av.com/

Avast! 4 Home Edition
http://www.avast.com...ast_4_home.html

BitDefender Free Edition v7
http://www.bitdefend...cts.php?p_id=24


Why Pay when you dont have to!?

Any one of those along with the additions I have given you and the XP Firewall + a Firewalled Router is about as good as it gets in my opinion!

The 3 little black links in my signature will give ya lots of good heads up info on how to avoid this in the future!


That should about get ya,if you need anything else,feel free to ask!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP