Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Analysis Please


  • Please log in to reply
12 replies to this topic

#1 cambrill

cambrill

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 08:50 PM

I think ive been infected with Browsela.dll and other nasties. Here is my HJT. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 5:48:33 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINNT\prflbmsgp32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINNT\adsldpbg.dll
O3 - Toolbar: (no name) - {146A855C-A098-4D3E-9837-8187688BFBB1} - (no file)
O3 - Toolbar: (no name) - {34168C81-EB92-46AD-B8B7-2C8846ECF6BA} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [lmhsvc] "C:\WINNT\system32\lmhsvc.exe"
O4 - HKCU\..\Run: [esent] "C:\WINNT\system32\esent.exe"
O4 - HKCU\..\Run: [netapi32] "C:\WINNT\system32\netapi32.exe"
O4 - HKCU\..\Run: [ipxwan] "C:\WINNT\system32\ipxwan.exe"
O4 - HKCU\..\Run: [rdpdd] "C:\WINNT\system32\rdpdd.exe"
O4 - HKCU\..\Run: [jgdw400] "C:\WINNT\system32\jgdw400.exe"
O4 - HKCU\..\Run: [rpcss] "C:\WINNT\system32\rpcss.exe"
O4 - HKCU\..\Run: [nvoglnt] "C:\WINNT\system32\nvoglnt.exe"
O4 - HKCU\..\Run: [wmvdmoe] "C:\WINNT\system32\wmvdmoe.exe"
O4 - HKCU\..\Run: [ifsutil] "C:\WINNT\system32\ifsutil.exe"
O4 - HKCU\..\Run: [tscfgwmi] "C:\WINNT\system32\tscfgwmi.exe"
O4 - HKCU\..\Run: [dbgeng] "C:\WINNT\system32\dbgeng.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.30/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB20F1FE-CBF8-4B90-81C4-49BFAFA1DF42}: NameServer = 68.6.16.30,68.2.16.30
O20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dll
O20 - Winlogon Notify: st3 - C:\WINNT\system32\st3.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmrtrend - Unknown owner - C:\WINNT\system32\lmrtrend.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 09:24 PM

Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
Close all windows, open the win32delfkil folder and double click on fix.bat.

The computer will reboot automatically
================
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 cambrill

cambrill
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 09:51 PM

K..i ran fix.dat and the dos program came up and everthign was cool then it started fixing things and the same thing kept appearing in the DOS code. It stayed like this for about 5 minutes until i manually reset my computer. Im sweeping right now. Should I be worried about the win32delfkil?

Thanks for the speedy reply

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 09:57 PM

Give it time it will fix a major problem
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 cambrill

cambrill
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 09:57 PM

Here is the SpySweeper log:

********
6:37 PM: | Start of Session, Sunday, January 22, 2006 |
6:37 PM: Spy Sweeper started
6:37 PM: Sweep initiated using definitions version 604
6:37 PM: Found Trojan Horse: trojan-downloader-2pursuit
6:37 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ || dllname (ID = 910576)
6:37 PM: st3.dll (ID = 910576)
6:37 PM: HKCR\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\inprocserver32\ (2 subtraces) (ID = 1064244)
6:37 PM: st3.dll (ID = 1064244)
6:37 PM: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\inprocserver32\ (2 subtraces) (ID = 1098696)
6:37 PM: browsela.dll (ID = 1098696)
6:37 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\browsela\ || dllname (ID = 1098846)
6:37 PM: browsela.dll (ID = 1098846)
6:37 PM: HKCR\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\inprocserver32\ (2 subtraces) (ID = 1124597)
6:37 PM: adsldpbg.dll (ID = 1124597)
6:37 PM: Starting Memory Sweep
6:37 PM: Detected running threat: C:\WINNT\system32\st3.dll (ID = 188587)
6:38 PM: Memory Sweep Complete, Elapsed Time: 00:01:39
6:38 PM: Starting Registry Sweep
6:39 PM: Found Adware: websearch toolbar
6:39 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
6:39 PM: Found Adware: seekerbar hijack
6:39 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 146559)
6:39 PM: HKCR\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\ (5 subtraces) (ID = 910438)
6:39 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513)
6:39 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ (10 subtraces) (ID = 910519)
6:39 PM: HKLM\software\classes\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\ (5 subtraces) (ID = 910556)
6:39 PM: Found Adware: easyerror
6:39 PM: HKCR\clsid\{16875e09-927b-4494-82bd-158a1cd46ba0}\ (4 subtraces) (ID = 927633)
6:39 PM: HKLM\software\classes\clsid\{16875e09-927b-4494-82bd-158a1cd46ba0}\ (4 subtraces) (ID = 927655)
6:39 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{16875e09-927b-4494-82bd-158a1cd46ba0}\ (ID = 927665)
6:39 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {16875e09-927b-4494-82bd-158a1cd46ba0} (ID = 927668)
6:39 PM: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094393)
6:39 PM: HKLM\software\classes\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094538)
6:39 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {31ee3286-d785-4e3f-95fc-51d00fdabc01} (ID = 1094560)
6:39 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\browsela\ (10 subtraces) (ID = 1094567)
6:39 PM: HKCR\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (5 subtraces) (ID = 1098652)
6:39 PM: HKLM\software\classes\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (5 subtraces) (ID = 1098686)
6:39 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\ (ID = 1098692)
6:39 PM: Found Adware: bikinidesk myfunstart.com sb.html hijacker
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\main\ || search bar (ID = 104411)
6:39 PM: Found Adware: browseraid
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\windows\currentversion\updt\ (ID = 105189)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\{2cf0b992-5eeb-4143-99c0-5297ef71f444}\ (ID = 105190)
6:39 PM: Found Adware: commonname
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\commonname\ (8 subtraces) (ID = 106881)
6:39 PM: Found Adware: gsim
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\dynamic toolbar\gsim\ (5 subtraces) (ID = 127017)
6:39 PM: Found Adware: 180search assistant/zango
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\180solutions\ (13 subtraces) (ID = 135617)
6:39 PM: Found Adware: squire webhelper
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\sq\ (ID = 142159)
6:39 PM: Found Adware: startpage obfuscated true-counter.com hijack
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\ || search (ID = 142635)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\ || searchurl (ID = 142636)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\main\ || default_page_url (ID = 142638)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\main\ || default_search_url (ID = 142639)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\main\ || search page (ID = 142641)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\main\ || start page (ID = 142642)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\search\ || searchassistant (ID = 142646)
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\search\ || customizesearch (ID = 142647)
6:39 PM: Found Adware: sidesearch
6:39 PM: HKU\WRSS_Profile_S-1-5-21-971929597-2939153371-2801439982-501\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\ie config\ (17 subtraces) (ID = 105116)
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\windows\currentversion\404updt\ (1 subtraces) (ID = 105129)
6:39 PM: Found Adware: cws-aboutblank
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
6:39 PM: Found Adware: drsnsrch.com hijack
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
6:39 PM: Found Adware: isearch toolbar
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {1a00c40b-da85-4aa3-a67f-582d9347eecd} (ID = 129028)
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\st3\ (11 subtraces) (ID = 910473)
6:39 PM: HKU\S-1-5-21-971929597-2939153371-2801439982-1006\software\microsoft\ppp\c\ (5 subtraces) (ID = 920182)
6:39 PM: Registry Sweep Complete, Elapsed Time:00:00:14
6:39 PM: Starting Cookie Sweep
6:39 PM: Found Spy Cookie: tribalfusion cookie
6:39 PM: erik ahlswede@tribalfusion[1].txt (ID = 3589)
6:39 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:39 PM: Starting File Sweep
6:39 PM: c:\documents and settings\guest\application data\{2cf0b992-5eeb-4143-99c0-5297ef71f444} (ID = -2147481310)
6:39 PM: Found Adware: coolwebsearch (cws)
6:39 PM: a0291341.dll (ID = 201377)
6:40 PM: left.html (ID = 51927)
6:43 PM: ActiveX Shield: found: Trojan Horse: trojan-downloader-2pursuit, version 1.0.0.0 -- Installation denied
6:45 PM: Found Adware: apropos
6:45 PM: a0278413.exe (ID = 50118)
6:46 PM: st3.dll (ID = 188587)
6:46 PM: a0291327.exe (ID = 232975)
6:46 PM: a0308299.exe (ID = 232975)
6:46 PM: a0307272.dll (ID = 235074)
6:50 PM: cnbabeie.exe (ID = 53748)
6:50 PM: notfound.html (ID = 51930)
6:51 PM: Found Adware: exact cashback/bargain buddy
6:51 PM: ub.dat (ID = 50877)
6:51 PM: default.inf (ID = 53773)
6:51 PM: Found Adware: directrevenue-abetterinternet
6:51 PM: a0279569.inf (ID = 83154)
6:51 PM: polmx2.inf (ID = 83430)
6:51 PM: a0279396.inf (ID = 83199)
6:51 PM: Warning: Invalid Stream
6:51 PM: a0311359.lnk (ID = 910576)
6:51 PM: a0311359.lnk (ID = 1064244)
6:51 PM: a0311359.lnk (ID = 188587)
6:51 PM: File Sweep Complete, Elapsed Time: 00:12:41
6:51 PM: Full Sweep has completed. Elapsed time 00:14:38
6:51 PM: Traces Found: 204
6:53 PM: Removal process initiated
6:53 PM: Quarantining All Traces: 180search assistant/zango
6:53 PM: Quarantining All Traces: cws-aboutblank
6:53 PM: Quarantining All Traces: directrevenue-abetterinternet
6:53 PM: Quarantining All Traces: websearch toolbar
6:53 PM: Quarantining All Traces: apropos
6:53 PM: Quarantining All Traces: commonname
6:53 PM: Quarantining All Traces: coolwebsearch (cws)
6:53 PM: Quarantining All Traces: easyerror
6:53 PM: Quarantining All Traces: isearch toolbar
6:53 PM: Quarantining All Traces: sidesearch
6:53 PM: Quarantining All Traces: squire webhelper
6:53 PM: Quarantining All Traces: bikinidesk myfunstart.com sb.html hijacker
6:53 PM: Quarantining All Traces: browseraid
6:53 PM: Quarantining All Traces: drsnsrch.com hijack
6:53 PM: Quarantining All Traces: exact cashback/bargain buddy
6:53 PM: Quarantining All Traces: gsim
6:53 PM: Quarantining All Traces: seekerbar hijack
6:53 PM: Quarantining All Traces: startpage obfuscated true-counter.com hijack
6:53 PM: Quarantining All Traces: tribalfusion cookie
6:53 PM: Quarantining All Traces: trojan-downloader-2pursuit
6:54 PM: trojan-downloader-2pursuit is in use. It will be removed on reboot.
6:54 PM: Removal process completed. Elapsed time 00:00:39
********
6:35 PM: | Start of Session, Sunday, January 22, 2006 |
6:35 PM: Spy Sweeper started
6:36 PM: Your spyware definitions have been updated.
6:37 PM: | End of Session, Sunday, January 22, 2006 |





HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:55:33 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O3 - Toolbar: (no name) - {146A855C-A098-4D3E-9837-8187688BFBB1} - (no file)
O3 - Toolbar: (no name) - {34168C81-EB92-46AD-B8B7-2C8846ECF6BA} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [lmhsvc] "C:\WINNT\system32\lmhsvc.exe"
O4 - HKCU\..\Run: [esent] "C:\WINNT\system32\esent.exe"
O4 - HKCU\..\Run: [netapi32] "C:\WINNT\system32\netapi32.exe"
O4 - HKCU\..\Run: [ipxwan] "C:\WINNT\system32\ipxwan.exe"
O4 - HKCU\..\Run: [rdpdd] "C:\WINNT\system32\rdpdd.exe"
O4 - HKCU\..\Run: [jgdw400] "C:\WINNT\system32\jgdw400.exe"
O4 - HKCU\..\Run: [rpcss] "C:\WINNT\system32\rpcss.exe"
O4 - HKCU\..\Run: [nvoglnt] "C:\WINNT\system32\nvoglnt.exe"
O4 - HKCU\..\Run: [wmvdmoe] "C:\WINNT\system32\wmvdmoe.exe"
O4 - HKCU\..\Run: [ifsutil] "C:\WINNT\system32\ifsutil.exe"
O4 - HKCU\..\Run: [tscfgwmi] "C:\WINNT\system32\tscfgwmi.exe"
O4 - HKCU\..\Run: [dbgeng] "C:\WINNT\system32\dbgeng.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.30/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB20F1FE-CBF8-4B90-81C4-49BFAFA1DF42}: NameServer = 68.6.16.30,68.2.16.30
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmrtrend - Unknown owner - C:\WINNT\system32\lmrtrend.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


I hope that helps

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 10:04 PM

download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O3 - Toolbar: (no name) - {146A855C-A098-4D3E-9837-8187688BFBB1} - (no file)

O3 - Toolbar: (no name) - {34168C81-EB92-46AD-B8B7-2C8846ECF6BA} - (no file)

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

O4 - HKCU\..\Run: [lmhsvc] "C:\WINNT\system32\lmhsvc.exe"

O4 - HKCU\..\Run: [esent] "C:\WINNT\system32\esent.exe"

O4 - HKCU\..\Run: [netapi32] "C:\WINNT\system32\netapi32.exe"

O4 - HKCU\..\Run: [ipxwan] "C:\WINNT\system32\ipxwan.exe"

O4 - HKCU\..\Run: [rdpdd] "C:\WINNT\system32\rdpdd.exe"

O4 - HKCU\..\Run: [jgdw400] "C:\WINNT\system32\jgdw400.exe"

O4 - HKCU\..\Run: [rpcss] "C:\WINNT\system32\rpcss.exe"

O4 - HKCU\..\Run: [nvoglnt] "C:\WINNT\system32\nvoglnt.exe"

O4 - HKCU\..\Run: [wmvdmoe] "C:\WINNT\system32\wmvdmoe.exe"

O4 - HKCU\..\Run: [ifsutil] "C:\WINNT\system32\ifsutil.exe"

O4 - HKCU\..\Run: [tscfgwmi] "C:\WINNT\system32\tscfgwmi.exe"

O4 - HKCU\..\Run: [dbgeng] "C:\WINNT\system32\dbgeng.exe"

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} –
C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program
Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O23 - Service: lmrtrend - Unknown owner - C:\WINNT\system32\lmrtrend.exe (file missing)
================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

lmrtrend

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.
===============



DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\system32\lmhsvc.exe
C:\WINNT\system32\esent.exe
C:\WINNT\system32\netapi32.exe
C:\WINNT\system32\ipxwan.exe
C:\WINNT\system32\rdpdd.exe
C:\WINNT\system32\jgdw400.exe
C:\WINNT\system32\rpcss.exe
C:\WINNT\system32\nvoglnt.exe
C:\WINNT\system32\wmvdmoe.exe
C:\WINNT\system32\ifsutil.exe
C:\WINNT\system32\tscfgwmi.exe
C:\WINNT\system32\dbgeng.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 cambrill

cambrill
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 10:26 PM

Everything was deleted by killbox.
I have one question. You said Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
I have a C:\Temp file also. Should i go back in safemode and delete those contents too?

New Log as of NOT in safe mode.

Logfile of HijackThis v1.99.1
Scan saved at 7:25:11 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.30/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB20F1FE-CBF8-4B90-81C4-49BFAFA1DF42}: NameServer = 68.6.16.30,68.2.16.30
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#8 cambrill

cambrill
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 10:29 PM

My system seems to be running great! I used to get Windows Explorer error twice evertime i turn my computer on. It gave me the "click here to restore your active destop" screen. It hasn't messed up once yet! Things are working great. Thanks so far for what you have done! I really appreciate what you guys do here.

#9 cambrill

cambrill
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 January 2006 - 11:57 PM

I did an Ad-Aware scan and it came up with 4 tracking cookies. Is this bad or is this normal?

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 23 January 2006 - 09:19 AM

Normal but lets eliminate Third party cookies

1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 cambrill

cambrill
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 23 January 2006 - 06:32 PM

Done. Am I good to go?

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 23 January 2006 - 07:20 PM

Yep - good to go

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 cambrill

cambrill
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 23 January 2006 - 08:17 PM

Thank you so much for your help. I really appreciate you taking your time to do this! You guys are great!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users