Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Assistance required removing Bloodhound.W32.EP [RESOLVED]

Started by Lord Morbius , Jul 02 2005 08:39 AM

  • This topic is locked This topic is locked

#1
Lord Morbius
Posted 02 July 2005 - 08:39 AM

Lord Morbius

    Member

  • Member
  • PipPip
  • 18 posts
Hi there this is my first post here but it certainly seems to be a great forum from what i've seen already.

I arrived here on a google search for help in dealling with my recent Bloodhound.W32.EP infection.

I came across a very helpfull thread posted about a week ago dealing with this problem but was not able to understand all of it as i am not familiar with hijackthis logs etc. I tried to follow the advice it offered about renaming my wininet.dll file and replacing it with the same file from the dllcache folder however despite having hidden files displayed i was unable to locate the dllcache folder!

I hope someone can assist me with this problem as i would like to get my machine cleaned up asap, thanks in advance for any assistance - Morbius.
  • 0

Advertisements

#2
Michelle
Posted 08 July 2005 - 05:48 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go!

I apologize for the wait, please download Hijack This. Follow the instructions in step five of this guide, and post your log here.
  • 0

#3
Lord Morbius
Posted 10 July 2005 - 05:16 AM

Lord Morbius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi again and thanks for your help, it's really appreciated. I have run hijackthis and the log is attached below...

Logfile of HijackThis v1.99.1
Scan saved at 12:11:22, on 10/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\ALCWZRD.EXE
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
I:\Program Files\Lexmark X5100 Series\lxbabmon.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\QuickTime\qttask.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\System32\intel32.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\System32\rundll32.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Documents and Settings\Lord Morbius\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://morwillsearch...id=fish&sub_id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://morwillsearch...id=fish&sub_id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://morwillsearch...id=fish&sub_id=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ABIT uGuru] I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] I:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [intel32.exe] I:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [PSGuard] I:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1041.dll,InstantAccess
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downlo..._1041_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120388988000
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://morwillsearch.com/mwsearch.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - I:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hope this info is usefull - M. Pritchard.
  • 0

#4
Michelle
Posted 10 July 2005 - 10:48 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Download smitRem.zip and save the file to your desktop.
Right click on the file and select "Extract All" and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (You can do this, by going to the page, the right-clicking and choosing "Create Shortcut".

Please download Ewido Security Suite

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Do NOT run it yet.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select "Safe Mode" and hit enter.
Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O4 - HKLM\..\Run: [intel32.exe] I:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [PSGuard] I:\Program Files\PSGuard\PSGuard.exe

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Open Ad-aware and do a full scan. Remove all it finds.

Now open Ewido Security Suite
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot back into normal mode, connect to the Internet, and click the Panda ActiveScan shortcut on your desktop, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log.

Post the results from ActiveScan along with a new HijackThis Log and the Ewido Log into this topic.
Let us know if any problems persist.
  • 0

#5
Lord Morbius
Posted 11 July 2005 - 05:32 AM

Lord Morbius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I attempted to follow your advice but i appear to have encountered a few obstacles... Nothing to do with your instructions, they were very clear and precise, however after launching the smitrem batch file i was greeted by a windows error statement saying "no disk in drive, drive not ready / harddrive 2 / DR3" and my machine froze up!

I rebooted back into safe mode and tried again - Same result.
I rebooted a second time into normal windows mode and ran the batch again, this time it seemed to run however there was loads of scrolling text saying "file not found" and "invalid file" or things to that effect. Disk cleanup initiated ok as far as i could tell but then that disk error statment came up again and i had to reboot again, into normal mode.

When i started Adaware i selected full system scan (usually i only run a smart scan) and i got around 7000 files into it when it froze up! i closed that down, selected smart scan and that removed about 9 items.

The ewido and panda software seemed to run ok, both claiming to have uncovered malicious items.

The logs are posted below.

P.S. i had an icon in my taskbar with an occasional text bubble saying"you are infected, click here to protect your computer", this dodgy popup seems to be gone now. When i rebooted after doing all the above i got a RUNDLL error statement saying that a file was not found.


Hijackthis log after fixing the two items advised above...

Logfile of HijackThis v1.99.1
Scan saved at 11:05:57, on 11/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\System32\ctfmon.exe
I:\Documents and Settings\Lord Morbius\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://morwillsearch...id=fish&sub_id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://morwillsearch...id=fish&sub_id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://morwillsearch...id=fish&sub_id=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ABIT uGuru] I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] I:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gwxpuzrt] i:\windows\system32\gwxpuzrt.exe -start
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1041.dll,InstantAccess
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downlo..._1041_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120388988000
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://morwillsearch.com/mwsearch.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - I:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - I:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:01:56, 11/07/2005
+ Report-Checksum: E7C7D8CC

+ Scan result:

I:\Documents and Settings\Lord Morbius\Cookies\lord morbius@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
I:\WINDOWS\Downloaded Program Files\mwsearch.dll -> Spyware.Morwill : Cleaned with backup
I:\WINDOWS\eg_auth_1041.dll -> Trojan.Wintrim : Cleaned with backup
I:\WINDOWS\p2esocks_1041.dll -> Trojan.Wintrim : Cleaned with backup
I:\WINDOWS\system32\fvp.dll -> TrojanDownloader.Agent.oc : Cleaned with backup
I:\WINDOWS\system32\intel32.exe -> Trojan.Agent.ff : Cleaned with backup
I:\WINDOWS\system32\oleadm.dll -> Trojan.Agent.ff : Cleaned with backup


::Report End



Panda Activescan report...

Incident Status Location

Adware:Adware/NaviPromo No disinfected Windows Registry
  • 0

#6
Michelle
Posted 11 July 2005 - 09:45 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Run HiJackThis. Place a check next to the following item and click FIX CHECKED:

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1041.dll,InstantAccess

Close HiJackThis

That will take care of the RUNDLL error.

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

I:\WINDOWS\System32\wininet.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here.
  • 0

#7
Lord Morbius
Posted 14 July 2005 - 05:14 AM

Lord Morbius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi again, just before we go any further i'd like to say how much i appreciate all your help, you guys really seem to know your stuff and i'm greatfull for all the assistance i can get.

I ran Hijackthis and elliminated the advised item, however when i attempted to upload wininet.dll i recieved this error statment from the site...

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.

Can i assume that this is not good news?

Thanks again for your time and patience - M.Pritchard.
  • 0

#8
Michelle
Posted 14 July 2005 - 11:39 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You're very welcome :tazz:

Ok, let me ask you this, are you still receiving Bloodhound warning messages from Norton about wininet.dll?

Please post a new HiJackThis log from normal mode. ;)
  • 0

#9
Lord Morbius
Posted 15 July 2005 - 06:17 AM

Lord Morbius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Yes still recieving the same norton popup warning about that file.
please find another hijackthis log file below...


P.S. also getting screen popups for anti-virus software etc.


Logfile of HijackThis v1.99.1
Scan saved at 13:13:18, on 15/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\ALCWZRD.EXE
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\ewido\security suite\ewidoctrl.exe
I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Lexmark X5100 Series\lxbabmon.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\WINDOWS\System32\svchost.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\QuickTime\qttask.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Documents and Settings\Lord Morbius\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://morwillsearch...id=fish&sub_id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://morwillsearch...id=fish&sub_id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://morwillsearch...id=fish&sub_id=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ABIT uGuru] I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] I:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [intel32.exe] I:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [PSGuard] I:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downlo..._1041_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120388988000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://morwillsearch.com/mwsearch.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - I:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - I:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks as always - M. Pritchard.

Edited by Lord Morbius, 15 July 2005 - 06:21 AM.

  • 0

#10
Michelle
Posted 15 July 2005 - 08:34 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need you to restart your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode, using Windows Explorer locate this file:

I:\Windows\system32\wininet.dll

Right-click on it and choose "copy". Then go to your desktop and right-click to paste wininet.dll to your desktop.

Reboot into normal mode and please run ActiveScan again:
ActiveScan

Copy the results of the ActiveScan and paste them here.
  • 0

Advertisements

#11
Lord Morbius
Posted 15 July 2005 - 01:31 PM

Lord Morbius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi again, i copied wininet.dll to my desktop in safe mode (leaving then original copy in my windows32 directory).

i then rebooted and ran activescan again. Activescan located what it called "viruses and spyware which it was unable to deal with".

It provided me with the following saved scan report...


Incident Status Location

Adware:adware/navipromo No disinfected HKEY_CURRENT_USER\SOFTWARE\MC
Adware:adware/psguard No disinfected HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437D-B334-DEB7EB4982A3}
Adware:adware/stickypops No disinfected HKEY_CLASSES_ROOT\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
Adware:adware/azesearch No disinfected HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}
Possible Virus. No disinfected I:\WINDOWS\system32\msclock32.dll
  • 0

#12
Michelle
Posted 15 July 2005 - 02:45 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Copy everything in the code box below (starting with REGEDIT4) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All files". Save it as fixme.reg on your desktop.

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437D-B334-DEB7EB4982A3}]

[-HKEY_CURRENT_USER\SOFTWARE\MC]

[-HKEY_CLASSES_ROOT\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}]

[-HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}]

Double-click fixme.reg on your desktop. When asked if you want to merge with the registry click YES.

After the merged successfully prompt, Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O4 - HKLM\..\Run: [intel32.exe] I:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [PSGuard] I:\Program Files\PSGuard\PSGuard.exe

Close Hijackthis.

* Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

I:\WINDOWS\system32\msclock32.dll
I:\WINDOWS\System32\intel32.exe
I:\Program Files\PSGuard\PSGuard.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

After reboot, please delete this folder:

I:\Program Files\PSGuard

Then do this for me:

Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt

Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
  • 0

#13
Lord Morbius
Posted 17 July 2005 - 02:31 PM

Lord Morbius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello again, I followed your advice up to the point where i executed the delete sequence using Killbox... it seemed to be working but then i got this statement -


PendingFileRenameOperations Registry Data has been Removed by External Process!

And then i was back to square one! multiple attempts produced the same result.
I then rebooted manually (although i suspect it was pointless as the previous step in the process seems to have failed) and was unable to locate the PSGuard directory.

I ran the batch file and this is the resulting info you requested.

P.S. i am off to Dublin Tomorrow on business and will not be back until friday... just in case you wonder where i've dissapeared!

Thanks again for all the help, i get the feeling this nasty bug is proving rather stubborn, i hope your labours will be rewarded with success as i do not relish the prospect of doing a complete clean down of my machine - M.Pritchard.

Volume in drive I has no label.
Volume Serial Number is 70D5-0997

Directory of I:\Documents and Settings\Lord Morbius\Desktop

23/08/2004 20:32 589,312 wininet.dll
1 File(s) 589,312 bytes

Directory of I:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$

29/08/2002 13:00 599,040 wininet.dll
1 File(s) 599,040 bytes

Directory of I:\WINDOWS\SoftwareDistribution\Download\ea4fe5325a873581baacd3ab51700fd2\rtmgdr

27/04/2005 10:54 574,976 wininet.dll
1 File(s) 574,976 bytes

Directory of I:\WINDOWS\SoftwareDistribution\Download\ea4fe5325a873581baacd3ab51700fd2\RTMQFE

27/04/2005 18:51 585,216 wininet.dll
1 File(s) 585,216 bytes

Directory of I:\WINDOWS\system32

23/08/2004 20:32 589,312 wininet.dll
1 File(s) 589,312 bytes

Directory of I:\WINDOWS\system32\dllcache

23/08/2004 20:32 589,312 WININET.DLL
1 File(s) 589,312 bytes
  • 0

#14
Michelle
Posted 17 July 2005 - 03:47 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, not a problem ;)

Just post to this topic when you get back with a fresh HiJackThis log and we'll take it from there :tazz:
  • 0

#15
Lord Morbius
Posted 17 July 2005 - 04:08 PM

Lord Morbius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the updated log file...

Logfile of HijackThis v1.99.1
Scan saved at 23:07:25, on 17/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\ALCWZRD.EXE
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
I:\Program Files\ewido\security suite\ewidoctrl.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Lexmark X5100 Series\lxbabmon.exe
I:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\QuickTime\qttask.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\Lord Morbius\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://morwillsearch...id=fish&sub_id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://morwillsearch...id=fish&sub_id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://morwillsearch...id=fish&sub_id=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "I:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ABIT uGuru] I:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] I:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downlo..._1041_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120388988000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://morwillsearch.com/mwsearch.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - I:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - I:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP