Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some old problems


  • Please log in to reply

#16
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Dear didom,
panda detect a large collection.

In this format (as a copy paste) the panda report is not so easy to read.

I did not delete anything, waiting ror your reply.

I run HijackThis while connected on internet, so I have th O17....

Thank you

*******************************************************************
Incident Status Location

Adware:adware/cws.searchmeup Reported C:\WINNT\INETDATA\services.exe
Spyware:spyware/wareout Reported C:\WINNT\SYSTEM32\loadctr32.exe
Adware:adware/virmaid Reported C:\WINNT\SYSTEM32\perfcii.ini
Adware:adware/superspider Reported C:\WINNT\SYSTEM32\system32.dll
Adware:adware/spysheriff Reported C:\WINNT\SYSTEM32\thn.dll
Dialer:dialer.xd Reported C:\WINNT\SYSTEM32\vbsys2.dll
Adware:adware/adsmart Reported C:\WINNT\SYSTEM32\vxgamet2.exe
Dialer:dialer.akd Reported C:\WINNT\Preferiti\explorer.lnk
Adware:adware/cws Reported C:\WINNT\Preferiti\Online Sex Poker Rooms.url
Adware:adware/sbsoft Reported C:\WINNT\rdt.ini
Adware:adware/cws.yexe Reported C:\WINNT\inetdata
Adware:adware/hotoffers Reported Windows Registry
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\fulvio\Cookies\fulvio@doubleclick[1].txt
Adware:Adware/RazeSpyware Reported C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\OVS78VIB\load01[1].exe
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\fulvio\Cookies\fulvio@doubleclick[1].txt
Dialer:Dialer.ABR Reported C:\Documents and Settings\fulvio\Desktop\backups\backup-20051020-105855-707.inf
Adware:Adware/PurityScan Reported C:\Documents and Settings\fulvio\Desktop\backups\backup-20051020-105856-666.inf
Dialer:Dialer.NQ Reported C:\WINNT\Downloaded Program Files\CONFLICT.1\d_alexxx.exe
Dialer:Dialer.NQ Reported C:\WINNT\Downloaded Program Files\d_alexxx.exe
Adware:Adware/Popuper Reported C:\WINNT\popuper.exe
Adware:Adware/RazeSpyware Reported C:\WINNT\system32\43863111.exe
Virus:Trj/Downloader.FFZ Reported C:\WINNT\system32\cscxa.exe
Virus:Trj/Qhost.gen Reported C:\WINNT\system32\drivers\etc\1.hosts
Virus:Trj/Qhost.gen Reported C:\WINNT\system32\drivers\etc\2.hosts
Virus:Trj/Qhost.gen Reported C:\WINNT\system32\drivers\etc\3.hosts
Adware:Adware/QuickWeb Reported C:\WINNT\system32\hlmicro.exe
Adware:Adware/QuickWeb Reported C:\WINNT\system32\ntfsnlpa.exe
Spyware:Spyware/AdClicker Reported C:\WINNT\system32\vbsys2.dll
Virus:Trj/Lowzones.FO Reported C:\WINNT\system32\vxgamet2.exe
Virus:W32/Sober.I.worm Reported [mchr19115.zip][message_text.txt .pif]
***********************************************************
Logfile of HijackThis v1.99.1
Scan saved at 12:12:12, on 22/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\typ3pcp\bin\bnfsserv.exe
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINNT\system32\Hummbird\inetd32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\netdde.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\OpcEnum.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\slrundll.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5...m::/painter.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...RdxIE601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8534CA47-B7DA-452C-A8D1-EE7B24FA3BD3}: NameServer = 151.99.125.2 151.99.125.3
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bosch NFS Server (BoschNFSServer) - Bosch Rexroth AG BRC/ESM11 - C:\typ3pcp\bin\bnfsserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Programmi\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: HCLInetd - Hummingbird Communications Ltd. - C:\WINNT\system32\Hummbird\inetd32.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe
  • 0

Advertisements


#17
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Scan again with HijackThis and check the following items:
R3 - Default URLSearchHook is missing
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5...m::/painter.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...RdxIE601_it.cab

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12345678-0000-0010-8000-00AAFF6D2EA4}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D56A1203-1452-EBA1-7294-EE3377770000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{12345678-0000-0010-8000-00AAFF6D2EA4}"=-
"{D56A1203-1452-EBA1-7294-EE3377770000}"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Then reboot your computer.

Please download the Killbox.
Please do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\WINNT\INETDATA\services.exe
    C:\WINNT\SYSTEM32\loadctr32.exe
    C:\WINNT\SYSTEM32\perfcii.ini
    C:\WINNT\SYSTEM32\system32.dll
    C:\WINNT\SYSTEM32\thn.dll
    C:\WINNT\SYSTEM32\vbsys2.dll
    C:\WINNT\SYSTEM32\vxgamet2.exe
    C:\WINNT\Preferiti\explorer.lnk
    C:\WINNT\Preferiti\Online Sex Poker Rooms.url
    C:\WINNT\rdt.ini
    C:\WINNT\inetdata
    C:\Documents and Settings\fulvio\Cookies\fulvio@doubleclick[1].txt
    C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\OVS78VIB\load01[1].exe
    C:\Documents and Settings\fulvio\Cookies\fulvio@doubleclick[1].txt
    C:\Documents and Settings\fulvio\Desktop\backups\backup-20051020-105855-707.inf
    C:\Documents and Settings\fulvio\Desktop\backups\backup-20051020-105856-666.inf
    C:\WINNT\Downloaded Program Files\CONFLICT.1\d_alexxx.exe
    C:\WINNT\Downloaded Program Files\d_alexxx.exe
    C:\WINNT\popuper.exe
    C:\WINNT\system32\43863111.exe
    C:\WINNT\system32\cscxa.exe
    C:\WINNT\system32\drivers\etc\1.hosts
    C:\WINNT\system32\drivers\etc\2.hosts
    C:\WINNT\system32\drivers\etc\3.hosts
    C:\WINNT\system32\hlmicro.exe
    C:\WINNT\system32\ntfsnlpa.exe
    C:\WINNT\system32\vbsys2.dll
    C:\WINNT\system32\vxgamet2.exe
    [mchr19115.zip][message_text.txt .pif]


  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

  • Let the system reboot.
Find and delete this folders :
C:\!Killbox <= this folder

Download CCleaner and install it.

Start CCleaner, click Run CCleaner (bottom right)


Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0

#18
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hello didom,

what do you mean exactly saying close all windows browser except HijackThis...generally I close all the running applications.

here you are Panda and HijaackThis, many thanks


Incident Status Location

Adware:adware/cws Reported C:\DOCUMENTS AND SETTINGS\ALL USERS\PREFERITI\AdultGambling.url
Adware:adware/superspider Reported C:\WINNT\dl.exe
Adware:adware/cws.searchmeup Reported C:\WINNT\mstasks1.exe
Adware:adware/cws.yexe Reported C:\WINNT\inetdata
Adware:adware/hotoffers Reported Windows Registry
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\fulvio\Cookies\fulvio@mediaplex[2].txt
Virus:W32/Sober.I.worm Reported [mchr19115.zip][message_text.txt .pif]

*****************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 13:20:22, on 23/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\typ3pcp\bin\bnfsserv.exe
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINNT\system32\Hummbird\inetd32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\netdde.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\OpcEnum.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\slrundll.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINNT\system32\ntvdm.exe
C:\hijackthis\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8534CA47-B7DA-452C-A8D1-EE7B24FA3BD3}: NameServer = 151.99.125.2 151.99.125.3
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bosch NFS Server (BoschNFSServer) - Bosch Rexroth AG BRC/ESM11 - C:\typ3pcp\bin\bnfsserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Programmi\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: HCLInetd - Hummingbird Communications Ltd. - C:\WINNT\system32\Hummbird\inetd32.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe
  • 0

#19
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts

what do you mean exactly saying close all windows browser except HijackThis...generally I close all the running applications.

I mean all the open windows you have....

Step #1

Download CCleaner and install it. (Please do not run the CCleaner utility yet.)

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\WINNT\dl.exe <= this file
C:\WINNT\mstasks1.exe <= this file
C:\DOCUMENTS AND SETTINGS\ALL USERS\PREFERITI\AdultGambling.url <= this file

C:\WINNT\inetdata <= this folder


Step #5
While still in safe mode Start Ccleaner. click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right).


Reboot your computer normally.

Step #6

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the Panda ActiveScan log. Start HijackThis and perform a new scan.


Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in. Also tell me how your computer is running!
  • 0

#20
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Dear didom,
I followed your steps.

Step 2
After I click start I cannot see my computer (windows 2000 SP4)
I did the request settings in the standard application used to browse folders and files, I guess in English named explorer.
Besides the settings were already as requested.

Step 3
In Italian when you press F8 the choice is among the following menu

Modalita’ provvisoria ( temporary mode)
Modalita’ provvisoria con rete ( temporary mode with net)
Modalita’ provvisoria con prompt dei comandi ( temporary mode with command prompt)

Abilita registro avvio ( Enabling start register)
Abilita modalita’ VGA (Enabling VGA mode)

Ultima configurazione sicuram.funzionante (Last working configuration)
Modalita’ ripristino servizi directory solo controlli domini windows 2000
(Temporary restore directory services only controls domain windows 2000)
Modalita’ di debug (Debug mode)

I always choose the first “modalita’provvisoria” because in the Italian application and documents about virus fix programs, it is asked to start the system in this mode.

Step 4
I found also and did NOT delete the files

C:\WINT\dl.htm
C:\WINNT\mstasks.exe
C:\WINNT\mstasks2.exe
C:\WINNT\mstasks3.exe
C:\WINNT\mstasks4.exe

In C:\DOCUMENTS AND SETTING\ALL USERS\PREFERITI\AdultGambling did not show the estension .url. In any case with the right click button property it was classified as
url http://www.adultgambling.org/go.php
and I deleted it

in the directory C:\DOCUMENTS AND SETTING\ALL USERS\PREFERITI there were also the folders ( I did NOT delete too)
Online Pharmacy
Sex And Dating
Spyware Unistall

And about 20 files
[bleep] real girls
Play adult poker
Sex dating
To name only some.

Step 6
While browsing disk D, panda stops and asks to choose a profile, showing the choice outlook. I confirm and after a few seconds the threat is found. At the end I get 5 spyware and 1 threat.
A little less every day, congratulations.

To send you an answer I connect www.geekstogo.com. This time a lot of other windows where opened one after the other. I close them quickly so do not ask me abou the links

At the end the logs. Once more thanks a lot.

Sorry I run HijackThis while I had opened the internet geekstogo mail connectio, I hope it is OK anyway.

*************************************************************

Incident Status Location

Adware:adware/cws Reported C:\DOCUMENTS AND SETTINGS\ALL USERS\PREFERITI\Free Online Dating.url
Adware:adware/superspider Reported C:\WINNT\dl.html
Adware:adware/cws.searchmeup Reported C:\WINNT\mstasks2.exe
Adware:adware/hotoffers Reported Windows Registry
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\fulvio\Cookies\fulvio@mediaplex[2].txt
Virus:W32/Sober.I.worm Reported [mchr19115.zip][message_text.txt .pif]
****************************************************
Logfile of HijackThis v1.99.1
Scan saved at 00:13:12, on 24/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\typ3pcp\bin\bnfsserv.exe
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINNT\system32\Hummbird\inetd32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\netdde.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\OpcEnum.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\slrundll.exe
C:\WINNT\system32\ntvdm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8534CA47-B7DA-452C-A8D1-EE7B24FA3BD3}: NameServer = 151.99.125.2 151.99.125.3
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bosch NFS Server (BoschNFSServer) - Bosch Rexroth AG BRC/ESM11 - C:\typ3pcp\bin\bnfsserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Programmi\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: HCLInetd - Hummingbird Communications Ltd. - C:\WINNT\system32\Hummbird\inetd32.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe
  • 0

#21
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please download the Killbox.
Please do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\DOCUMENTS AND SETTINGS\ALL USERS\PREFERITI\Free Online Dating.url
    C:\WINNT\dl.html
    C:\WINNT\dl.exe
    C:\WINNT\mstasks.exe
    C:\WINNT\mstasks1.exe
    C:\WINNT\mstasks2.exe
    C:\WINNT\mstasks3.exe
    C:\WINNT\mstasks4.exe


  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

  • Let the system reboot.
Find and delete this folders :
C:\!Killbox <= this folder

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0

#22
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hello didom,

Here are the files. Thanks


Incident Status Location

Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\PREFERITI\[bleep] Real Girls.url
Adware:adware/superspider No disinfected C:\WINNT\dlm.exe
Adware:adware/cws.searchmeup No disinfected C:\WINNT\toolbar.exe
Adware:adware/hotoffers No disinfected Windows Registry
Possible Virus. No disinfected C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\GPYVSLEZ\load02[1].exe
Possible Virus. No disinfected C:\WINNT\system32\51861823.exe
Virus:W32/Sober.I.worm Renamed [mchr19115.zip][message_text.txt .pif]
*****************************************************

Logfile of HijackThis v1.99.1
Scan saved at 17:22:12, on 24/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\typ3pcp\bin\bnfsserv.exe
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINNT\system32\Hummbird\inetd32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\netdde.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\OpcEnum.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\slrundll.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\notepad.exe
C:\hijackthis\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8534CA47-B7DA-452C-A8D1-EE7B24FA3BD3}: NameServer = 151.99.125.2 151.99.125.3
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bosch NFS Server (BoschNFSServer) - Bosch Rexroth AG BRC/ESM11 - C:\typ3pcp\bin\bnfsserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Programmi\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: HCLInetd - Hummingbird Communications Ltd. - C:\WINNT\system32\Hummbird\inetd32.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe
  • 0

#23
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please download and run this removal tool from Symantec:
http://securityrespo...moval.tool.html

----------------------------
  • Please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\WINNT\dlm.exe
    C:\WINNT\toolbar.exe


  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

  • Let the system reboot.
--------------------------

C:\DOCUMENTS AND SETTINGS\ALL USERS\PREFERITI\[bleep] Real Girls.url
Please delete this url manually because I can't see all of the file name (because of the [bleep]).

----------------------------

Make sure all hidden files and folders are visible (Instructions )

Please go to this site: http://virusscan.jotti.org/
On top you'll find "File to upload and scan".
Browse to the next file, submit it on that site and let it scan:

C:\WINNT\system32\51861823.exe

Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.
  • 0

#24
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Dear didom,

I downloaded from http://securetyrespo...enter/FxSbr.exe

I did NOT succeed in the procedure to check the Digital signature, in any case I run the
downloaded FxSbr.exe.

I run it with the system started in normal and safe mode.
In both cases I got the windows message:

Symantec W32.Sober[B-G,I,L,N,O] removal tool
W32.Sober [B-G,I,L,N,O] has not been found on your computer


As asked I submitted the file 51861823.exe to jotti.org with the following result
( I made a copy paste of the page, I could not find any report)

Service load: 0% 100%

File: 51861823.exe
Status: INFECTED/MALWARE
MD5 d0fad9a1341f5a1c3d3c479fccd7eb63
Packers detected: PE_PATCH, MEW

Scanner results
AntiVir Found Packer/MEW
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Mutbot.D
ClamAV Found nothing
Dr.Web Found BACKDOOR.Trojan (probable variant)
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Mutbot.d
NOD32 Found nothing
Norman Virus Control Found W32/Suspicious_M.gen
UNA Found nothing
VBA32 Found Trojan.Win32.Mutbot.d

Last file scanned at least one scanner reported something about:
A+++.exe.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web Trojan.Aplus
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Trojan-Spy.Win32.VB.av
NOD32 Win32/Spy.VB.AV
Norman Virus Control X
UNA X
VBA32 TrojanSpy.Win32.VB.av


Thanks
  • 0

#25
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Download this program:
submit files packer
past the list of files into the tool.

C:\WINNT\system32\51861823.exe

It will create an archive with these files and a small log on the desktop.

Then please go to this forum: http://www.thespykil...x.php?board=1.0
You don't need to be a member to upload the archive!
Just press new topic, fill in the needed details and just give a link to your HijackThis log topic at this forum & then press the browse button and then navigate to & select the archive on your computer, press Post to upload the files.
  • 0

Advertisements


#26
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hello didom,

I did not understand what you mean with " give a link".
As message I made a copy paste of the HijackThis.txt file

As topic I used W32 Sober Analysis Started by formula65

I sent as per attached the file requested-files[2005-10-25_20_00].cab

And now what will happen ?

Thanks
  • 0

#27
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Step #1

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #2

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Find and delete these files and folders (if they are still there):

C:\WINNT\system32\51861823.exe <= this file



Reboot your computer normally.

Step #4

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the Panda ActiveScan log. Start HijackThis and perform a new scan.
  • 0

#28
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Thank you didom for the link on thespykiller,
better than a guardian angel :tazz:
  • 0

#29
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
You're welcome :tazz:

You can follow my last instructions.
  • 0

#30
formula65

formula65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Hello, here you are the log files

(requested files [2005-10-25_20_00].cab is still pasted on the desktop, I thinkI can delete it now)

Thanks

***************************************************

Incident Status Location

Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\PREFERITI\Kill Annoying Popups.url
Adware:adware/superspider No disinfected C:\WINNT\dlm.html
Adware:adware/hotoffers No disinfected Windows Registry
Possible Virus. No disinfected C:\Documents and Settings\Default User\Impostazioni locali\Temporary Internet Files\Content.IE5\GPYVSLEZ\load02[1].exe
Possible Virus. No disinfected C:\Documents and Settings\fulvio\Desktop\requested-files[2005-10-25_20_00].cab[51861823.exe]
****************************************************

Logfile of HijackThis v1.99.1
Scan saved at 23:25:45, on 25/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\typ3pcp\bin\bnfsserv.exe
C:\WINNT\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINNT\system32\Hummbird\inetd32.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\netdde.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\OpcEnum.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\slrundll.exe
D:\Fun\RealPlayer\RealPlay.exe
C:\hijackthis\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programmi\IrfanView\Ebay\Ebay.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8534CA47-B7DA-452C-A8D1-EE7B24FA3BD3}: NameServer = 151.99.125.2 151.99.125.3
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bosch NFS Server (BoschNFSServer) - Bosch Rexroth AG BRC/ESM11 - C:\typ3pcp\bin\bnfsserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Programmi\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: HCLInetd - Hummingbird Communications Ltd. - C:\WINNT\system32\Hummbird\inetd32.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP