Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help needed with Adware/Spyware removal [RESOLVED]


  • This topic is locked This topic is locked

#1
Probe1

Probe1

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

First of all I'd like to thankyou so very much for having this great forum!

I've done everything you say to do at geekstogo.com for
a severe infection. I've also run other AntiSpyware programs for example: Microsoft AntiSpyware BETA1. In the Microsoft AntiSpyware BETA1 community forums I was told to come to your site for help. I have had Norton Internet Security Pro for many years.
I have had the quarantine area of Norton Anti Virus infected along with the Microsoft AntiSpyware quarantine recently infected.

After running all the programs your site recommends,
now when I run a virus report at Symantec the report is down
from 866 files infected to finding only 14. Although I
have deleted approx 1800 infected files with all the
adware/spyware removal tools geekstogo.com says to
download. I found the most effective was Ewido Security
Suite, it deleted 922 infected files after I had run many
other adware removal tools. And the online Ewido scan deleted another 226 files.

Symantec reports the following files on my computer as still infected:
C:\WINDOWS\n_adprxb.dat is infected with Adware.Iefeats
C:\WINDOWS\n_bhdtsj.dat is infected with Adware.WinProtect
C:\WINDOWS\n_dgfizo.dat is infected with Adware.Iefeats
C:\WINDOWS\n_ixxohn.dat is infected with Adware.Iefeats
C:\WINDOWS\n_nigkud.dat is infected with Adware.Iefeats
C:\WINDOWS\n_okbtnx.dat is infected with Adware.WinProtect
C:\WINDOWS\n_olslrr.dat is infected with Adware.WinProtect
C:\WINDOWS\n_ozpizl.dat is infected with Adware.WinProtect
C:\WINDOWS\n_poneyh.dat is infected with Adware.Iefeats
C:\WINDOWS\n_rojbbs.dat is infected with Adware.WinProtect
C:\WINDOWS\n_vkgunc.dat is infected with Adware.WinProtect
C:\WINDOWS\n_xpytru.dat is infected with Adware.Iefeats
C:\WINDOWS\n_yfjvdj.dat is infected with Adware.Iefeats

I have tried to remove those files with symantecs information pages but to no prevail.

I have found I still can't use the microsoft update page and I'm still
getting the aboutblank IE popup when I start my computer.
Microsoft gave me a download link for Windows XP Service
Pack 2 but I can't download it, Ive tried a dozen times
and the connection always gets cut off after about 60%
downloaded. But all other problems affected are gone.

I have joined your message board in hope that you all
can help me figure out how to remove the adware/spyware I
have left on my system.

My hijackthis log file is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:53 PM, on 8/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\quickenw\QAGENT.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rich\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hybcr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hybcr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hybcr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hybcr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hybcr.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hybcr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {FFB59007-30E2-88D1-986B-566D8510B4B3} - C:\WINDOWS\ieba.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [msiy32.exe] C:\WINDOWS\msiy32.exe
O4 - HKLM\..\Run: [d3bx.exe] C:\WINDOWS\d3bx.exe
O4 - HKLM\..\Run: [sdkkz.exe] C:\WINDOWS\sdkkz.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0C253E15-E096-4E07-BDF9-110895A258D4} (CamfrogWEB Control) - http://camfrogweb.co..._instmodule.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122604899732
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyc...fsloader_v3.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comne...iveSecurity.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{294205DE-7878-4C85-995F-3906D9589990}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{294205DE-7878-4C85-995F-3906D9589990}: NameServer = 66.82.4.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = direcway.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{294205DE-7878-4C85-995F-3906D9589990}: Domain = direcway.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{294205DE-7878-4C85-995F-3906D9589990}: NameServer = 66.82.4.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = direcway.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{294205DE-7878-4C85-995F-3906D9589990}: Domain = direcway.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{294205DE-7878-4C85-995F-3906D9589990}: NameServer = 66.82.4.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = direcway.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) - Hughes Network Systems - C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: DeepSight Extractor Service for NPF03 (ExtractorServiceNPF03) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Professional Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thankyou for your website,
Rich
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Rich and welcome to GTG.

Please read this topic and follow the steps outlined there. You must install XP SP1a before we proceed any further. Without it, you are wide open to many security attacks. So once you completed all those steps listed there (including updating to SP1a - hold off on SP2 until your computer is clean), you may give us a new HijackThis log so we can see how it looks now.
  • 0

#3
Probe1

Probe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I can not install windows SP1. I have tried many times over the past three years and access is always denied. I have talked to compaq presario about it and they told me simply that I could not install SP1. I have tried to install SP2 three times and get the same access denied message.

I noticed the file it stops on is called FXSAPI.DLL

I'm currently talking to microsoft threw email about not being able to access to update page. I can not access the microsoft update page anymore! Microsoft has given me all kinds of things to try but nothing has worked...

They sent me a download link for windows SP2 but it will not install. Also my system restore has never worked since I purchased the computer new.

Thanks,
Rich
  • 0

#4
Probe1

Probe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi Rich and welcome to GTG.

Please read this topic and follow the steps outlined there.  You must install XP SP1a before we proceed any further.  Without it, you are wide open to many security attacks.  So once you completed all those steps listed there (including updating to SP1a - hold off on SP2 until your computer is clean), you may give us a new HijackThis log so we can see how it looks now.

View Post


I have already done everything on that topic and more last night. Like about_blank buster and the cool web search buster and a few other online Spyware removers. I do not find a virus at symantic anymore!

My computer looks clean now!

The only thing I have a problem with now is accessing the microsoft download page and trying to upgrade my computer.


Thankyou,
Rich
  • 0

#5
Probe1

Probe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
My new Hijack this logfile...


Logfile of HijackThis v1.99.1
Scan saved at 10:28:49 PM, on 8/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\quickenw\QAGENT.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\notepad.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rich\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultegroupscafe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultegroupscafe.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {FFB59007-30E2-88D1-986B-566D8510B4B3} - C:\WINDOWS\ieba.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [msiy32.exe] C:\WINDOWS\msiy32.exe
O4 - HKLM\..\Run: [d3bx.exe] C:\WINDOWS\d3bx.exe
O4 - HKLM\..\Run: [sdkkz.exe] C:\WINDOWS\sdkkz.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0C253E15-E096-4E07-BDF9-110895A258D4} (CamfrogWEB Control) - http://camfrogweb.co..._instmodule.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122604899732
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyc...fsloader_v3.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comne...iveSecurity.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45762222-A3BB-4943-9211-E792EC9899FE}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{45762222-A3BB-4943-9211-E792EC9899FE}: NameServer = 66.82.4.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = direcway.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) - Hughes Network Systems - C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: DeepSight Extractor Service for NPF03 (ExtractorServiceNPF03) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Professional Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thankyou,
Rich
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Your computer is definitely not clean yet. I see a few entries there that will cause problems.

OK, since you have problems installing the Service Packs, I want you to do this:

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)
  • Click on Windows Validation Assistant
  • Click on the Validate Now button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click continue
  • When it says "Validation Complete" please click Continue to return to your previous activity
  • Copy what it says and paste it here.
You can also order XP SP2 from Microsoft for free. The CD will have the updates on them.
  • 0

#7
Probe1

Probe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi greynight17,

I have asked microsoft to send me a cd already by telephone because their cd ordering page would never work for me. I should get it in 4 to 6 weeks.


Windows Validation Assistant said the following:

Thank you for running the Windows Validation Assistant. It appears that your Windows Product Key is valid.

This is a strong indicator that your operating system is genuine, however the Windows Validation Assistant cannot make a final determination.


To verify that you received a genuine Certificate of Authenticity and software CD, compare your anti-piracy features in the next section.

-------------------

I found the COA label, but the site kept asking for Windows XP professional and it is Windows XP Home Edition. My certificate looks different then those it gave examples of. I really believe it is genuine! Top of my label says COMPAQ. Encarta 2000 Online, Microsoft Money 2000 Standard, Microsoft Works 2000. At the bottom it says Microsoft Certificate of Authenticity 2001 Microsoft Corporation. It also says in the middle in small writing, that it is genuine and if you believe it is not to mail Microsoft at piracy@microsoft.com. The right side contains a holographic design that transitions between the words 'Microsoft' and 'Genuine'.

I can not find the Windows installation CD. I do not think I ever had one, just recovery cd's and the quickrestore cd's Compag sent me after my first hardrive crash. I had saved everything I got with my computer in my safe, so I know I never had one!

I purchased it at Staples and had the hardrive replaced twice under warrenty in the first few months I had it. Radio Shack sent it in for me.


It never asked to download ActiveX loads. The page just came up real fast.


Thankyou greynight17 for your help,

Regards,
Rich
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Rich, that's ok. We believe you :tazz: I just needed to verify that ;)

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs already - Ad-aware, Spybot and Microsoft AntiSpyware. If you didn't, do them now. For more information, go to http://www.greyknigh...com/spyware.htm

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

I want you to run a full system scan with Ewido now. Save the log to post here later.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultegroupscafe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultegroupscafe.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {FFB59007-30E2-88D1-986B-566D8510B4B3} - C:\WINDOWS\ieba.dll (file missing)
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [msiy32.exe] C:\WINDOWS\msiy32.exe
O4 - HKLM\..\Run: [d3bx.exe] C:\WINDOWS\d3bx.exe
O4 - HKLM\..\Run: [sdkkz.exe] C:\WINDOWS\sdkkz.exe
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyc...fsloader_v3.cab


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\ieba.dll
C:\WINDOWS\msiy32.exe
C:\WINDOWS\d3bx.exe
C:\WINDOWS\sdkkz.exe


Restart and run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here. You may also use Panda ActiveScan at http://www.pandasoft...ucts/activescan. Post the log from the Panda scan here.

Restart and run a new HijackThis scan. Save the log file and post it here along with the Ewido and Panda logs (if you ran it).
  • 0

#9
Probe1

Probe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi greynight17,
I have done everything you said to do. I couldn't upgrade the ewido so I went online and ran their new online Beta Spyware remover. The online found nothing this time. But the first time I ran it found another 236 after the downloaded Ewido found 926.

I thought I should let you know I had a problem with my direcway software when I first put it on my computer. It said this is not a windows certified program and do I want to continue. I did continue but I found I had to install the (Norton Internet Security and Anti Virus Pro) before I installed the direcway server software or Norton program would not install. I also found I had to format my hardrive all over, not just un-install the direcway software, before I could install the Norton Internet Security and Anti Virus program.

I thought this may have been why I couldn't upgrade to SP2 so I uninstalled the software server the other night. Then tried to upgrade. It still denied me when stopped on file FXSAPI.DLL.

I still can not access the windows update page! I could just a few months ago. The windows update icon shows for about 10-20 seconds when I first start my computer but then disappears.

I want to thankyou for all your help and let me know if you have a page where I can donate to you for your support? You've really helped me already!

If you can help me get my computer to upgrade you and your website will have my gratitude for life...

I myself own a website with over 28,000 uniques a day that I will promote your site on if thats ok with you?

My reports are as follows:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:33:03 PM, 8/7/2005
+ Report-Checksum: C26BC882

+ Scan result:

C:\Documents and Settings\Rich\Cookies\rich@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rich\Cookies\rich@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Rich\Cookies\rich@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup


::Report End

----------------------------------------------------
Actice Scan report
----------------------------------------------------
Incident Status Location

Spyware:spyware/petro-line No disinfected C:\DOCUMENTS AND SETTINGS\RICH\FAVORITES\SITES ABOUT\Ab scissor.url
Adware:adware/navipromo No disinfected C:\WINDOWS\SYSTEM32\sdklf32.exe
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\RICH\FAVORITES\Fun & Games
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Rich\Local Settings\Temporary Internet Files\Content.IE5\K96345A3\symantec[1].css

--------------------------------------------------
HijackThis log
--------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:26:09 PM, on 8/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\quickenw\QAGENT.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\DIRECWAY\BIN\dpcnav.exe
C:\Documents and Settings\Rich\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultegroupscafe.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0C253E15-E096-4E07-BDF9-110895A258D4} (CamfrogWEB Control) - http://camfrogweb.co..._instmodule.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122604899732
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comne...iveSecurity.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45762222-A3BB-4943-9211-E792EC9899FE}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{45762222-A3BB-4943-9211-E792EC9899FE}: NameServer = 66.82.4.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = direcway.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) - Hughes Network Systems - C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: DeepSight Extractor Service for NPF03 (ExtractorServiceNPF03) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Professional Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Regards,
Rich
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm not sure, but maybe Norton is the cause of the problems. You should be able to install any software with or without Norton.

That FXSAPI.DLL seems to relate to your modem driver. Let's do this:

Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultegroupscafe.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\DOCUMENTS AND SETTINGS\RICH\FAVORITES\SITES ABOUT\
C:\WINDOWS\SYSTEM32\sdklf32.exe
C:\DOCUMENTS AND SETTINGS\RICH\FAVORITES\Fun & Games


Restart and run a new HijackThis scan. Save the log file and post it here.

For the Windows Update problem, go to Start->Run and type in regsvr jscript.dll and hit OK. Did that register ok? Restart and try Windows Update. Let me know if that worked or not.
  • 0

#11
Probe1

Probe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
After I emailed you last night I updated and ran the Ad-Aware software for the third time and it surprisingly found another 270 infections. I have a log file if you would like to see it.

I could install anything with Norton on my computer! but couldn't install Norton with my direcway server software already on the computer.

When I ran the run regsvr jscript.dll it could not find the file.

When I ran the sfc /scannow it did not say anything or ask for a Windows CD. But for some reason when I restarted my computer in safe mode it asked for the windows cd, I just pressed Esc.

When I ran the Hyjakthis in Safe Mode it did not have any of the files you mentioned. But when I ran it again in regular windows mode it did show the files you specified. So I deleted them and restarted my computer once again. The new Hyjakthis file is below:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:25 AM, on 8/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\quickenw\QAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Documents and Settings\Rich\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0C253E15-E096-4E07-BDF9-110895A258D4} (CamfrogWEB Control) - http://camfrogweb.co..._instmodule.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122604899732
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comne...iveSecurity.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/d.../dpcsysinfo.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45762222-A3BB-4943-9211-E792EC9899FE}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{45762222-A3BB-4943-9211-E792EC9899FE}: NameServer = 66.82.4.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = direcway.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) - Hughes Network Systems - C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: DeepSight Extractor Service for NPF03 (ExtractorServiceNPF03) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Professional Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Regards,
Rich
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I say uninstall Norton if you don't have to use it. Install a free antivirus like Grisoft AVG and a firewall like ZoneAlarm and you should be good.

Regarding the Windows update problem, how about if you go straight to http://windowsupdate.microsoft.com? Will that work?

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#13
Probe1

Probe1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I will un-install Norton and then try to upgrade to SP2 again. Do you believe Norton may be stopping the SP2 from installing? I know a person who has the same Norton program that I have and he has upgraded to SP2 with no problem.

Going straight to http://windowsupdate.microsoft.com does not help any. That is the page I always have used.

I see no problems other than (I forgot to mention) my 3 1/2 floppy in drive A: stopped working a few months ago, and still does not work or is even listed as a drive I have available on my computer.


Thankyou once again :tazz:
Rich
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It could be Norton but I'm not positive that it's definitely the cause of it. There might be other reasons.

My suggestion is to ask this question in the Windows Forum if uninstalling Norton still gives you problems with the Windows Update. They should help you figure this one out by asking you to try several things.

For the floppy, check to make sure the cable is not loose or if the floppy drive is not dead. Replace it if anything since these are under $5 now. Might also be a bad cable. Ask this in the Hardware Forum if problems still not fixed.

Just have to move those questions away since they are not related to spyware anymore. More likely the Windows Update problem is some setting that's preventing it from installing. You might want to give this a try. Add the Windows Update site to your Trusted Zone/Sites in Internet Explorer (Internet Explorer->Tools->Internet Options->Security->Trusted Sites->Add Site).

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP