Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Watson Debugger


  • Please log in to reply

#1
SussexDon1

SussexDon1

    Member

  • Member
  • PipPip
  • 43 posts
Dear Sirs
Having several problems and would be grateful for your expert views.

1. Getting Error message called Generic Host Process for Win32 (can't remember next word) and then in the details box I find the following:-

szAppName : svchost.exe szAppVer 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

2. If I right click some of the programs on my PC I get Dr Watson Debugger pop up and the system freezes forcing me to reboot.

3. I tried yoru Malware product, and although it scanned my PC it then closed and won't reopen, well it opens and then disappears off the screen and in ALT+DEL+ Ctrl it doesn't appear to be running.

4. When I attach new hardware like a new scanner and a MP3 player the items cant be found and its if the drivers are incompatible, but the same items connect easily to my XP laptop.

I have Norton System Works and wonder if this is the problem.

I have checked that I have all the latest Windows updates.

Thanks and Regards
SussexDon1
England
Forum: Windows XP, 2000,
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
there is a well known malware program that exhibits this behavior....have you followed the instructions at the top of the malware forum (see my signature) and followed all the steps?
  • 0

#3
SussexDon1

SussexDon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I have used the programs you recommend including "malware" but that program wouldn't run. I believe I have performed all the actions you recommend and confirm I have the latest Windows updates,
Thanks for your help
  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
"malware" being what program?

hijackthis ? Is that the one that fails?

The reason we ask people to run all those programs is that it will eliminate about 70 percent of all malware, then people can concentrate on the nasty stuff.
  • 0

#5
SussexDon1

SussexDon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I can't remember where I got Malware from but I have deleted it. I ran Ad ware and deleted anything it found, I have Norton Antivirus lastest updates and it found nothing but "Panda" found 174 things, so you want the list? It disinfected some stuff
  • 0

#6
SussexDon1

SussexDon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
A Panda scan came up with following:

Incident Status Location

Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\BullsEye Network
Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel
Adware:Adware/ISearch No disinfected C:\WINDOWS\downloaded program files\initial.inf
Adware:Adware/TopRebates No disinfected C:\Program Files\Web_Rebates
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\bbchk.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx2.nls
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx2x.nls
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\javex80.vxd
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nls.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx0.nls
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exclean.exe]
Adware:Adware/ISearch No disinfected C:\WINDOWS\Downloaded Program Files\initial.inf
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\novairspec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Meeting\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: Cathay Pacific Maint Program\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: 1011\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Conference Call\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\DTC Update\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Side Letter\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: Pacific Coast Group\RosenqvistOfrrev.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Letter to Lathe\Lathe.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\Airclaims 130899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\DTC\Rosenqvist2ndOffer.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Royal L1011s\Royal1058spec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Royal L1011s\Royal1069spec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: [Fwd: SV: Purchase Offer]\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Business Plan\Business Plan 170899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\novairspec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Meeting\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: Cathay Pacific Maint Program\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: 1011\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Conference Call\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\DTC Update\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Side Letter\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: Pacific Coast Group\RosenqvistOfrrev.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Letter to Lathe\Lathe.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\Airclaims 130899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\DTC\Rosenqvist2ndOffer.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Royal L1011s\Royal1058spec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Royal L1011s\Royal1069spec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: [Fwd: SV: Purchase Offer]\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Business Plan\Business Plan 170899.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\pmaparts.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\Lifej1.doc
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=\VIBUDU.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: \YELONUK.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: AUROPO\OIUOWUTE.GIF.vbs
Virus:W32/Disemboweler Disinfected Archive Folders\Inbox\named recipent, agree that \CFGWIZ32.EXE
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Lifejackets\pmaparts.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Lifejackets\Lifej1.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\pmaparts.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\Lifej1.doc
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=\VIBUDU.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: \YELONUK.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: AUROPO\OIUOWUTE.GIF.vbs
Virus:W32/Gibe Disinfected Archive Folders\Inbox\Internet Security Update\q216309.zl9
Virus:Exploit/iFrame Disinfected Archive Folders\Sent Items\RE: 20020105130628\MSG_RTF.TXT
Virus:VBS/Loveletter.AS Disinfected Personal Folders\Inbox\FW: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=\VIBUDU.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Personal Folders\Inbox\FW: \YELONUK.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Personal Folders\Inbox\FW: AUROPO\OIUOWUTE.GIF.vbs
Virus:W32/Disemboweler Disinfected Personal Folders\Inbox\named recipent, agree that \CFGWIZ32.EXE
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\novairspec.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Meeting\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\RE: Cathay Pacific Maint Program\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\RE: 1011\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Conference Call\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\DTC Update\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Side Letter\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\RE: Pacific Coast Group\RosenqvistOfrrev.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\See Below\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\FW: See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Letter to Lathe\Lathe.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\See Below\Airclaims 130899.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\DTC\Rosenqvist2ndOffer.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\FW: Royal L1011s\Royal1058spec.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\FW: Royal L1011s\Royal1069spec.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\RE: [Fwd: SV: Purchase Offer]\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\FW: Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Personal Folders\Sent Items\Business Plan\Business Plan 170899.doc
Virus:Exploit/iFrame Disinfected Personal Folders\Sent Items\RE: 20020105130628\MSG_RTF.TXT
Virus:W32/Sober.D.worm Disinfected Personal Folders\Inbox\Microsoft Alert: Please Read!\MS-UD17820.zip[MS-Q4632364791.exe]
Virus:Exploit/iFrame Disinfected Personal Folders\Sent Items\RE: 20020105130628\MSG_RTF.TXT
Virus:VBS/Loveletter.AS Disinfected Personal Folders\Inbox\FW: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=\VIBUDU.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Personal Folders\Inbox\FW: \YELONUK.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Personal Folders\Inbox\FW: AUROPO\OIUOWUTE.GIF.vbs
Virus:W32/Disemboweler Disinfected Personal Folders\Inbox\named recipent, agree that \CFGWIZ32.EXE
Virus:Exploit/iFrame Disinfected Personal Folders\Sent Items\RE: 20020105130628\MSG_RTF.TXT
Virus:Trj/Citifraud.A Disinfected Personal Folders\Inbox\PayPaI officiaI notice\MSG_RTF.TXT
Virus:Trj/Citifraud.A Disinfected Archive Folders\Inbox\PayPaI officiaI notice\MSG_RTF.TXT
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Lifejackets\pmaparts.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Lifejackets\Lifej1.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\pmaparts.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\Lifej1.doc
Virus:W32/PrettyPark Disinfected Archive Folders\Inbox\C:\CoolProgs\Pretty Park.exe\Pretty Park.exe
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=\VIBUDU.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: \YELONUK.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: AUROPO\OIUOWUTE.GIF.vbs
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\pmaparts.doc
Virus:W97M/Class.B Disinfected Archive Folders\Inbox\Fw: Lifejackets\Lifej1.doc
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=\VIBUDU.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: \YELONUK.GIF.vbs
Virus:VBS/Loveletter.AS Disinfected Archive Folders\Inbox\FW: AUROPO\OIUOWUTE.GIF.vbs
Virus:W32/Disemboweler Disinfected Archive Folders\Inbox\named recipent, agree that \CFGWIZ32.EXE
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\novairspec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Meeting\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: Cathay Pacific Maint Program\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: 1011\novairspecupdated.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Conference Call\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\DTC Update\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Side Letter\GAL NOVA 010799.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: Pacific Coast Group\RosenqvistOfrrev.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: See Below\Westair 070899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Letter to Lathe\Lathe.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\See Below\Airclaims 130899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\DTC\Rosenqvist2ndOffer.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Royal L1011s\Royal1058spec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Royal L1011s\Royal1069spec.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\RE: [Fwd: SV: Purchase Offer]\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Atlanta\Air Atlanta 160899.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\FW: Air Lanka Tristars\GA Brochure 021298.doc
Virus:W97M/Ethan.B Disinfected Archive Folders\Sent Items\Business Plan\Business Plan 170899.doc
Virus:Trj/Zerolin.C No disinfected C:\Documents and Settings\Mike Garland\Application Data\Thunderbird\Profiles\default.yd9\Mail\Local Folders\Inbox[~008216.txt]
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Mike Garland\Application Data\Thunderbird\Profiles\default.yd9\Mail\Local Folders\Inbox[~011865.@x@][~000003.txt]
Virus:Trj/Zerolin.C No disinfected C:\Documents and Settings\Mike Garland\Application Data\Thunderbird\Profiles\default.yd9\Mail\Local Folders\Inbox[~038452.txt]
Virus:Trj/Zerolin.C No disinfected C:\Documents and Settings\Mike Garland\Application Data\Thunderbird\Profiles\default.yd9\Mail\Local Folders\Trash[~018870.txt]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mike Garland\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7a5dbafa-7d4c9e30.class
Adware:Adware/TopRebates No disinfected C:\Program Files\Web_Rebates\WebRebates1.exe
Adware:Adware/TopRebates No disinfected C:\Program Files\Web_Rebates\WebRebates0.exe
Adware:Adware/BlazeFind No disinfected C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
Adware:Adware/WUpd No disinfected C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Windows ControlAd\WinCtlAd.exe
Adware:Adware/SearchRelevancy No disinfected C:\Program Files\SearchRelevant\SearchRelevant.dll
Adware:Adware/ExactSearch No disinfected C:\Program Files\NaviSearch\bin\nls.exe
Adware:Adware/ISearch No disinfected C:\install.cab
Adware:Adware/ISearch No disinfected C:\install.cab[initial.inf]
Adware:Adware/ISearch No disinfected C:\install.cab[isearch.cat]
Virus:Exploit/CodeBase.A Disinfected C:\install.htm
Thanks for your continuing help
SussexDon1
  • 0

#7
SussexDon1

SussexDon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Since my last message have run Norton Ant Virus and Ewido Secuirty and Spybot, all found stuff which I have deleted, but still getting same errors. What's the enxt step?
Thanks
  • 0

#8
SussexDon1

SussexDon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Have not heard back from you since 7th July 2005. Please can someone help me.
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your PC certainly isn't clean.
Please go here;
http://www.geekstogo...?showtopic=2852

Follow ALL the steps listed.
All of them. You will get your help.

- Rawe :tazz:
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sorry, double posted. Didn't mean to, browser acting weirdly :tazz:

Edited by Rawe, 18 July 2005 - 05:07 AM.

  • 0

#11
SussexDon1

SussexDon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I believe I have finalised the tasks in your email. What's next?
Thanks
Mike
  • 0

#12
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
You haven't posted an HiJackThis log to malware removal - forum.
You will need to do that if you need help with malware issues.
  • 0

#13
SussexDon1

SussexDon1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 23:29:48, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\HotcardSoft\BizCard2.0\BCRAutoDetect.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Mike Garland\Local Settings\Temporary Internet Files\Content.IE5\K12B89UR\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.co.uk/"); (C:\Documents and Settings\Mike Garland\Application Data\Mozilla\Profiles\default\k1gp3mxs.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_UK.src"); (C:\Documents and Settings\Mike Garland\Application Data\Mozilla\Profiles\default\k1gp3mxs.slt\prefs.js)
O1 - Hosts: 
O1 - Hosts:
O1 - Hosts:            
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HotCard Scanner Autodetect] C:\Program Files\HotcardSoft\BizCard2.0\BCRAutoDetect.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: ADVFN - http://www.advfn.com...tream/ducab.cab
O16 - DPF: ADVFN 4v4 - http://www.advfn.com...p?pid=loadercab
O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105794771547
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - http://register.btin...lcontrol013.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: siregsrv - Unknown owner - C:\PROGRA~1\NORTON~1\SPEEDD~1\SIREGSRV.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Above is the Hijacl list. Thanks for your continuing help.
Regards
SussexDon1
  • 0

#14
woody1977

woody1977

    Member

  • Member
  • PipPipPip
  • 146 posts
What is posted in the post above i.e. your HJT log, can you please open a new thread in the malware forum, and you will get help, but be patient with them they are very busy, and DONOT "bump" or reply to your post until you get a reply :tazz:

malware forum is here : http://www.geekstogo...s_Logs-f37.html

cheers woody
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP