Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rdriv.sys refusing to go [RESOLVED]

Started by DJBenz , Aug 15 2005 05:30 PM

  • This topic is locked This topic is locked

#31
Guest_thatman_*
Posted 22 August 2005 - 02:23 PM

Guest_thatman_*
  • Guest
Hi DJBenz

Please CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download DelDomains.inf file. Save it to your desktop.
Now right click on the DelDomains.inf and click on install.

Please download the following file http://www.majorgeek...e475d32de456022
Hoster is an ultra-groovy Hosts file Manager, Editor and Helper-outter. Below you'll find a list of Hoster's functions. Just a Simple word of caution - Hosts files are not to be taken lightly. now run the hoster and have id rest you hosts file.


The wpa.exe service is gone (because it is disabled), but it is still present in services.msc (if it is running, HJT cannot fix it - if it's disabled HJT doesn't find it.) I still cannot connect to Activescan or Amazon.

The wpa.exe service is gone<-- Have you checked to see if the file wpa.exe is still on the system if you can not find it.
Then all you have is a link in one of the following: system configuration utility (I.E msconfig) if found delete the entry.wpa.exe
system.ini
win.ini
boot.ini
startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, if found delete the value Internat.exe

legitimate Windows application C:\WINNT\system32\Internat.exe

Bad file C:\WINNT\\Internat.exe<--Delete if found in this location

This is the new link for the panda scanner.
Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:
  • 0

Advertisements

#32
DJBenz
Posted 23 August 2005 - 05:50 AM

DJBenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Please CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download DelDomains.inf file. Save it to your desktop.
Now right click on the DelDomains.inf and click on install.


Done.

Please download the following file http://www.majorgeek...e475d32de456022
Hoster is an ultra-groovy Hosts file Manager, Editor and Helper-outter. Below you'll find a list of Hoster's functions. Just a Simple word of caution - Hosts files are not to be taken lightly. now run the hoster and have id rest you hosts file.


Done. It showed me that the hosts file had several entries that shouldn't be there, but they were several lines down so when I opened the file previously I didn't see them (because I didn't scroll down). Embarrassed. :) Sorry coachwife!!!

I can connect to any website now. :)

The wpa.exe service is gone<-- Have you checked to see if the file wpa.exe is still on the system if you can not find it.
Then all you have is a link in one of the following: system configuration utility (I.E msconfig) if found delete the entry.wpa.exe
system.ini
win.ini
boot.ini
startup


There's no sign of wpa.exe anywhere. No entry in system.ini, win.ini, or boot.ini.
No msconfig (because I'm on Win2K) and a full search would find the file in startup, so I'm pretty sure it isn't on the system anywhere.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, if found delete the value Internat.exe


Value not found

legitimate Windows application C:\WINNT\system32\Internat.exe

Bad file C:\WINNT\\Internat.exe<--Delete if found in this location


I found it in C:\WINNT\system32\dllcache\ does that need to be deleted?

I can access the panda scanner now, so I will run a full sweep tonight and post the results. Got some real progress now! :tazz:
  • 0

#33
coachwife6
Posted 23 August 2005 - 06:11 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts

Embarrassed. blushing.gif Sorry coachwife!!!


Just like a man -- never listens to a woman. :tazz: Had to have another man before you would listen. :)

Thanks thatman. He'll carry you home. :)
  • 0

#34
Guest_thatman_*
Posted 23 August 2005 - 07:17 AM

Guest_thatman_*
  • Guest
Hi DJBenz

Removal using the W32.Esbot Removal Tool
Symantec Security Response has developed a removal tool to clean the infections of W32.Esbot.B. Use this removal tool first, as it is the easiest way to remove this threat.

W32.Esbot Removal Tool<--WPA.EXE-->-->Please read all the information before you use the removal tools.
http://securityrespo...moval.tool.html.
This will remove any left over registery key


OK, I looked at the hosts file and it is exactly as it should be. The only modification is one I made, adding an IP and host name of my PC to identify it to my router (currently I'm not using the router as it is being replaced).

In your post 21 this is what you missed. Allways check fully below 127.0.0.1 making sure there are no entry's.

HOSTS file
----------

C:\WINNT\System32\drivers\etc\HOSTS

maps: 49 domain names to IP addresses,
1 of the IP addresses is *not* localhost!

Done. It showed me that the hosts file had several entries that shouldn't be there, but they were several lines down so when I opened the file previously I didn't see them (because I didn't scroll down). Embarrassed. :blushing:Sorry coachwife!!!

I found it in C:\WINNT\system32\dllcache\ does that need to be deleted? No this is a legit file

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:
  • 0

#35
DJBenz
Posted 23 August 2005 - 11:53 AM

DJBenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Removal using the W32.Esbot Removal Tool
Symantec Security Response has developed a removal tool to clean the infections of W32.Esbot.B. Use this removal tool first, as it is the easiest way to remove this threat.

W32.Esbot Removal Tool<--WPA.EXE-->-->Please read all the information before you use the removal tools.
http://securityrespo...moval.tool.html.
This will remove any left over registery key


Done that and it said W32.Esbot was not found.

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.


I cannot get Panda to run. It just hangs after the ActiveX control file is downloaded and goes no further. I tried the previous link that coachwife posted, that one got a little further, but then hung shortly after starting the scan. :tazz:

Run HijackThis and post the new log.


Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 18:48:17, on 23/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
C:\UGSPLM\I-DEAS11\sec\eds_id11.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124040838625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: FLEXlm License Manager - Unknown owner - C:\EDS\I-DEAS10\sec\lmgrd.exe (file missing)
O23 - Service: I-DEAS License Manager 11.0 - GLOBEtrotter Software Inc. - C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IT iona_services.config_rep.bensonpc cfr-MyDomain - Unknown owner - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe" -ORBproduct_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A" -ORBlicense_file "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\licenses.txt" -ORBconfig_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc\domains" -ORBdomain_name cfr-MyDomain -ORBname iona_services.config_rep.bensonpc -plugin=config_rep it_jump_start (file missing)
O23 - Service: IT iona_services.locator.bensonpc MyDomain - Unknown owner - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe" -ORBproduct_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A" -ORBlicense_file "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\licenses.txt" -ORBconfig_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.locator.bensonpc -plugin=locator it_jump_start (file missing)
O23 - Service: IT iona_services.naming.bensonpc MyDomain - Unknown owner - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe" -ORBproduct_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A" -ORBlicense_file "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\licenses.txt" -ORBconfig_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.naming.bensonpc -plugin=naming it_jump_start (file missing)
O23 - Service: IT iona_services.node_daemon.bensonpc MyDomain - Unknown owner - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe" -ORBproduct_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A" -ORBlicense_file "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\licenses.txt" -ORBconfig_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.node_daemon.bensonpc -plugin=node_daemon it_jump_start (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
  • 0

#36
Guest_thatman_*
Posted 23 August 2005 - 12:27 PM

Guest_thatman_*
  • Guest
Hi DJBenz

I have had a number of user not being able to run the Panda scan I being one of them this only happed when panda changed over to a new server, I think it is possible that they have a limit on users on at any one time.
I also have Panda anti-virus software on my system can you beat that.

But we will continue till we know you are having no more problems.
You can surf the net now is the panda scan the only problem ?

Download this scanner - cureit.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green
Click on the green man in the right corner, it will scan All your drive's, say yes to all

Post a new Hjt.log when done.

Kc :tazz:
  • 0

#37
DJBenz
Posted 25 August 2005 - 04:16 PM

DJBenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi KC,

Apologies for my quiet period. I followed the last set of instructions and this is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:12:01, on 25/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\UGSPLM\I-DEAS11\sec\eds_id11.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\eMule\MorphXT\emule.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124040838625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B68D0DD7-4961-4518-BBAB-6689554977B9}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: FLEXlm License Manager - Unknown owner - C:\EDS\I-DEAS10\sec\lmgrd.exe (file missing)
O23 - Service: I-DEAS License Manager 11.0 - GLOBEtrotter Software Inc. - C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

I also installed all the latest patches from Microsoft and I'm scanning regularly with AVG, Spybot S&D, and Ad-aware. Seems to be clean so far. :tazz:
  • 0

#38
Guest_thatman_*
Posted 25 August 2005 - 04:34 PM

Guest_thatman_*
  • Guest
Hi DJBenz

Nice and clean, I will leave this topic open Panda have set up a new server for virus and spyware.

How is the system running now.

Don't forget to change all the passwords on your system.

New panda spyware scanner
http://www.pandasoft..._principal.htm#

Not sure if its running yet

Kc :tazz:
  • 0

#39
DJBenz
Posted 26 August 2005 - 02:26 AM

DJBenz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
System seems to be running fine now. I'm behind a router and I have Kerio Personal Firewall running for added protection.

I also scanned with xoftspy, which picked up a couple of things and removed them.

My only niggle now is that when I log into Gmail (Google mail), I just get a blank screen. This may not be related to any spyware or virus issues as I have had the problem before and if I remember correctly it was a Gmail problem rather than a PC one. I can log in fine on my laptop on the same internet connection, so it may be related to some configuration on my main PC.

I will give the panda scanner a try when I get home.

Many, many thanks to you, and of course the wonderful coachwife6 for guiding me through all this. I couldn't have done it without you guys. :tazz:
  • 0

#40
Guest_thatman_*
Posted 06 September 2005 - 08:23 AM

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP