Hi!
Most likely am I infected with the new malicous exploit that kills your Antivirus and locks you out of Security sites. What should I do?
Here's my log from HiJackThis:
Logfile of HijackThis v1.97.7
Scan saved at 17:33:12, on 2004-04-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\PANICW~1\POP-UP~1\PSFree.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Trillian\trillian.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\LuDC\LuDCPlusPlus.exe
C:\WUTemp\com_microsoft.837001_XP_SP1Only_WinSE_84421_Express\WINDOWSXP-KB837001-X86-SVE-express.EXE
g:\b8e4d9ed4e28f9544c\update\update.exe
C:\Program\Winamp3\winamp3.exe
H:\LuDC\virus removal & patches\FixBlast.exe
H:\LuDC\spybotsd12.exe
C:\DOCUME~1\GARE~1\LOKALA~1\Temp\INS15.tmp
H:\LuDC\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia....0.0.0.6;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchv.com/w/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L?nkar
R3 - URLSearchHook: (no name) - {BECD7FB6-D67E-4104-A8AD-0DBC10251438} - (no file)
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O1 - Hosts: 216.40.211.228 auto.search.msn.com
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2E0099} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Inet Delivery] C:\Program\Inet Delivery\inetdl.exe
O4 - HKLM\..\Run: [Microsoft Update Process] wmipcvse.exe
O4 - HKLM\..\RunServices: [Microsoft Update Process] wmipcvse.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &SearchIt Toolbar search - res://C:\Program\IEToolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: e-kort (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com
O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.c...at_ver3_son.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.c.../emsat_ver3.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8089.3739351852
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
Thanks in advance.
Cheers
Andreas
Here's my HijackThis log, please check it!
Started by
ignoreland
, Apr 27 2004 03:46 PM
12 replies to this topic
#2
CalamityJane
-
- Charter Members
-
- 5,268 posts
Global Board Mom
Posted 27 April 2004 - 07:12 PM
First Please do a search on your PC for a file named: HOSTS.
If one is found, please open it up (use open with Notepad) and look at the entries inside. If you did not place them there yourself, please delete them.
If you are not sure what to do, please feel free to post your HOSTS list here and we will be glad to assist you.
There are a few showing on your Hijack log but there have been some that have been know to be installed that are hidden from the program HijackThis.
.............................................
Next, you have a CoolWebSearch hijacker and that needs a special (free) tool to remove it called CWShredder.
Download it here:
http://www.spywarein.../CWShredder.exe
Just download it, and click on it (You will need to have all browsers and any open windows closed). Hit the *Fix* button to run it. Let it fix what it finds. When done, press *next* and you will get the results, and then *exit*
Scan once more with HijackThis and post a new log please, there will be more to do
If one is found, please open it up (use open with Notepad) and look at the entries inside. If you did not place them there yourself, please delete them.
If you are not sure what to do, please feel free to post your HOSTS list here and we will be glad to assist you.
There are a few showing on your Hijack log but there have been some that have been know to be installed that are hidden from the program HijackThis.
.............................................
Next, you have a CoolWebSearch hijacker and that needs a special (free) tool to remove it called CWShredder.
Download it here:
http://www.spywarein.../CWShredder.exe
Just download it, and click on it (You will need to have all browsers and any open windows closed). Hit the *Fix* button to run it. Let it fix what it finds. When done, press *next* and you will get the results, and then *exit*
Scan once more with HijackThis and post a new log please, there will be more to do
#3
ignoreland
-
- Member
-
- 8 posts
New Member
Posted 27 April 2004 - 08:12 PM
Thanks for helping me!
My HOSTS file:
209.66.114.130 sitefinder.verisign.com
127.0.0.1 localhost
216.40.211.228 auto.search.msn.com
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.grisoft.com
What should I delete?
My HOSTS file:
209.66.114.130 sitefinder.verisign.com
127.0.0.1 localhost
216.40.211.228 auto.search.msn.com
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.grisoft.com
What should I delete?
#4
CalamityJane
-
- Charter Members
-
- 5,268 posts
Global Board Mom
Posted 27 April 2004 - 08:34 PM
Delete all of them
This should stop the blocking of security sites for you (and a couple of redirects that should not be there) added by some malware on your system.
You should also now be able to get the updates for Adaware from the inprogram updater link. You should also be able to update your AV as well if that wasn't working. Do that and another scan with it as well
After updating and scanning with Adaware, reboot your PC and run it again (just to make sure it has a chance to get it all.
Reboot once more and scan again with HijackThis and post a new log so we can see if it got everything
This should stop the blocking of security sites for you (and a couple of redirects that should not be there) added by some malware on your system.
You should also now be able to get the updates for Adaware from the inprogram updater link. You should also be able to update your AV as well if that wasn't working. Do that and another scan with it as well
After updating and scanning with Adaware, reboot your PC and run it again (just to make sure it has a chance to get it all.
Reboot once more and scan again with HijackThis and post a new log so we can see if it got everything
#5
ignoreland
-
- Member
-
- 8 posts
New Member
Posted 27 April 2004 - 10:50 PM
Hi.
I've done it all and rebooted.
Just to be on the safe side I checked the HOSTS file again. All the URL:s where back again... I deleted them again though.
I did update all my virusdefinitions and ran both Ad-Aware and Norton Antivirus. No virus or spyware where found.
Here is my HiJackThis log from after my reboot:
Logfile of HijackThis v1.97.7
Scan saved at 00:46:17, on 2004-04-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program\PANICW~1\POP-UP~1\PSFree.exe
C:\Program\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Trillian\trillian.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
H:\LuDC\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia....0.0.0.6;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L?nkar
R3 - URLSearchHook: (no name) - {BECD7FB6-D67E-4104-A8AD-0DBC10251438} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2E0099} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Inet Delivery] C:\Program\Inet Delivery\inetdl.exe
O4 - HKLM\..\Run: [Microsoft Update Process] wmipcvse.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft Update Process] wmipcvse.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &SearchIt Toolbar search - res://C:\Program\IEToolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: e-kort (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com
O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.c...at_ver3_son.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083086254437
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.c.../emsat_ver3.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8089.3739351852
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
I also ran SpyBot and got the following results, what should I delete?
Advertising.com: Tracking cookie or cookie of tracking site (Fil, nothing done)
C:\Documents and Settings\?gare\Cookies\?gare@servedby.advertising[1].txt
Advertising.com: Tracking cookie or cookie of tracking site (Fil, nothing done)
C:\Documents and Settings\?gare\Cookies\?gare@advertising[1].txt
Alexa Related: What's related link (Ers?tt fil, nothing done)
C:\WINDOWS\Web\related.htm
Comet Cursors: Interface ( (IFileInfo)) (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{6EF3CF0F-9A1E-4FCC-9A2C-2A1F1F41CC65}
DoubleClick: Tracking cookie or cookie of tracking site (Fil, nothing done)
C:\Documents and Settings\?gare\Cookies\?gare@doubleclick[1].txt
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-21-2695808723-771758250-3754823585-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
EzCyberSearch: Uninstall settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s
RadLight Media Player: File extension (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\RPKFile
RadLight Media Player: File extension (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\.rpk
RadLight Media Player: Global settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\RadLight Team
RadLight Media Player: Program directory (Bibliotek, nothing done)
C:\Program\RadLight
RadLight Media Player: Uninstall settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadLight_is1
VLoading: Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0}
--- Spybot-S&D version: 1.2 ---
2003-03-16 Includes\Cookies.sbi
2003-03-16 Includes\Dialer.sbi
2003-03-16 Includes\Hijackers.sbi
2003-03-16 Includes\Keyloggers.sbi
2003-03-16 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2003-03-16 Includes\Security.sbi
2003-03-16 Includes\Spybots.sbi
2003-03-16 Includes\Temporary.sbi
2003-03-16 Includes\Tracks.uti
2003-03-16 Includes\Trojans.sbi
Everytime I start my PC it freezes if I don't quickly close all the norton products that autostarts.
What should I do?
Cheers
Andreas
I've done it all and rebooted.
Just to be on the safe side I checked the HOSTS file again. All the URL:s where back again... I deleted them again though.
I did update all my virusdefinitions and ran both Ad-Aware and Norton Antivirus. No virus or spyware where found.
Here is my HiJackThis log from after my reboot:
Logfile of HijackThis v1.97.7
Scan saved at 00:46:17, on 2004-04-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program\PANICW~1\POP-UP~1\PSFree.exe
C:\Program\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Trillian\trillian.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
H:\LuDC\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia....0.0.0.6;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L?nkar
R3 - URLSearchHook: (no name) - {BECD7FB6-D67E-4104-A8AD-0DBC10251438} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2E0099} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Inet Delivery] C:\Program\Inet Delivery\inetdl.exe
O4 - HKLM\..\Run: [Microsoft Update Process] wmipcvse.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft Update Process] wmipcvse.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &SearchIt Toolbar search - res://C:\Program\IEToolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: e-kort (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com
O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.c...at_ver3_son.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083086254437
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.c.../emsat_ver3.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8089.3739351852
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
I also ran SpyBot and got the following results, what should I delete?
Advertising.com: Tracking cookie or cookie of tracking site (Fil, nothing done)
C:\Documents and Settings\?gare\Cookies\?gare@servedby.advertising[1].txt
Advertising.com: Tracking cookie or cookie of tracking site (Fil, nothing done)
C:\Documents and Settings\?gare\Cookies\?gare@advertising[1].txt
Alexa Related: What's related link (Ers?tt fil, nothing done)
C:\WINDOWS\Web\related.htm
Comet Cursors: Interface ( (IFileInfo)) (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{6EF3CF0F-9A1E-4FCC-9A2C-2A1F1F41CC65}
DoubleClick: Tracking cookie or cookie of tracking site (Fil, nothing done)
C:\Documents and Settings\?gare\Cookies\?gare@doubleclick[1].txt
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-21-2695808723-771758250-3754823585-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
DSO Exploit: Data source object exploit (Register?ndring, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
EzCyberSearch: Uninstall settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s
RadLight Media Player: File extension (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\RPKFile
RadLight Media Player: File extension (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\.rpk
RadLight Media Player: Global settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\RadLight Team
RadLight Media Player: Program directory (Bibliotek, nothing done)
C:\Program\RadLight
RadLight Media Player: Uninstall settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadLight_is1
VLoading: Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0}
--- Spybot-S&D version: 1.2 ---
2003-03-16 Includes\Cookies.sbi
2003-03-16 Includes\Dialer.sbi
2003-03-16 Includes\Hijackers.sbi
2003-03-16 Includes\Keyloggers.sbi
2003-03-16 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2003-03-16 Includes\Security.sbi
2003-03-16 Includes\Spybots.sbi
2003-03-16 Includes\Temporary.sbi
2003-03-16 Includes\Tracks.uti
2003-03-16 Includes\Trojans.sbi
Everytime I start my PC it freezes if I don't quickly close all the norton products that autostarts.
What should I do?
Cheers
Andreas
#6
CalamityJane
-
- Charter Members
-
- 5,268 posts
Global Board Mom
Posted 27 April 2004 - 11:29 PM
You have both Panda and Norton running at the same time?
That could be a problem causing the freezing by Norton. You should not run two AVs at the same time. Disable one of them and only run one of them at startup with resident protection. The other might be a backup ondemand scanner, but you should disable one when you are using the other.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L?nkar
R3 - URLSearchHook: (no name) - {BECD7FB6-D67E-4104-A8AD-0DBC10251438} - (no file)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2E0099} - (no file)
O4 - HKLM\..\Run: [Inet Delivery] C:\Program\Inet Delivery\inetdl.exe
O4 - HKLM\..\Run: [Microsoft Update Process] wmipcvse.exe
O4 - HKLM\..\RunServices: [Microsoft Update Process] wmipcvse.exe
O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.c...at_ver3_son.CAB
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.c.../emsat_ver3.CAB
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
.....................................................
Reboot the PC
C:\Program\Inet Delivery (delete folder)
wmipcvse.exe (delete file) <---Please tell me IF this file was found
That could be a problem causing the freezing by Norton. You should not run two AVs at the same time. Disable one of them and only run one of them at startup with resident protection. The other might be a backup ondemand scanner, but you should disable one when you are using the other.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L?nkar
R3 - URLSearchHook: (no name) - {BECD7FB6-D67E-4104-A8AD-0DBC10251438} - (no file)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2E0099} - (no file)
O4 - HKLM\..\Run: [Inet Delivery] C:\Program\Inet Delivery\inetdl.exe
O4 - HKLM\..\Run: [Microsoft Update Process] wmipcvse.exe
O4 - HKLM\..\RunServices: [Microsoft Update Process] wmipcvse.exe
O16 - DPF: {1574B835-2FDB-45A8-B28A-D75897929CC4} (VacPro.emsat_ver3_son) - http://www.advnt01.c...at_ver3_son.CAB
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.c.../emsat_ver3.CAB
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
.....................................................
Reboot the PC
C:\Program\Inet Delivery (delete folder)
wmipcvse.exe (delete file) <---Please tell me IF this file was found
#7
ignoreland
-
- Member
-
- 8 posts
New Member
Posted 27 April 2004 - 11:34 PM
Ok, I'll remove Panda.
What about the Spyboot results?
What about the Spyboot results?
#8
ignoreland
-
- Member
-
- 8 posts
New Member
Posted 28 April 2004 - 12:16 AM
This is the message I get when I start my PC:
"Microsoft visual C++ Runtime library
Runtime Error!
Program c:\program files\ common files\ symantec shared\ccEvtMgr.exe
R605
- Pure virtual funtion call"
All the functions in Norton Antivirus/Firewall are disabled and cannot be turned on again. I?ve tried to search for virus but none are found.
What should I do?
Is http://service1.syma...=&osv=&osv_lvl= the only solution?
Cheers
Andreas
"Microsoft visual C++ Runtime library
Runtime Error!
Program c:\program files\ common files\ symantec shared\ccEvtMgr.exe
R605
- Pure virtual funtion call"
All the functions in Norton Antivirus/Firewall are disabled and cannot be turned on again. I?ve tried to search for virus but none are found.
What should I do?
Is http://service1.syma...=&osv=&osv_lvl= the only solution?
Cheers
Andreas
#9
ignoreland
-
- Member
-
- 8 posts
New Member
Posted 28 April 2004 - 01:33 AM
Now my log shows this:
Logfile of HijackThis v1.97.7
Scan saved at 03:16:33, on 2004-04-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\D-Tools\daemon.exe
C:\Program\PANICW~1\POP-UP~1\PSFree.exe
C:\Program\Trillian\trillian.exe
C:\Program\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Outlook Express\msimn.exe
C:\WINDOWS\system32\rundll32.exe
H:\LuDC\HiJack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia....0.0.0.6;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunServices: [Microsoft Update Process] wmipcvse.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &SearchIt Toolbar search - res://C:\Program\IEToolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: e-kort (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083086254437
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8089.3739351852
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
Logfile of HijackThis v1.97.7
Scan saved at 03:16:33, on 2004-04-28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\D-Tools\daemon.exe
C:\Program\PANICW~1\POP-UP~1\PSFree.exe
C:\Program\Trillian\trillian.exe
C:\Program\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Outlook Express\msimn.exe
C:\WINDOWS\system32\rundll32.exe
H:\LuDC\HiJack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia....0.0.0.6;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunServices: [Microsoft Update Process] wmipcvse.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &SearchIt Toolbar search - res://C:\Program\IEToolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: e-kort (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083086254437
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8089.3739351852
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
#10
AIRider
-
- Member
-
- 8 posts
New Member
Posted 28 April 2004 - 01:39 AM
it seems we're all getting infected by the same thing ... I see 5 topics with the same error message with norton ....
:angry:
:angry:
#11
CalamityJane
-
- Charter Members
-
- 5,268 posts
Global Board Mom
Posted 28 April 2004 - 12:13 PM
QUOTE (ignoreland @ Apr 27 2004, 07:16 PM)
Is http://service1.syma...=&osv=&osv_lvl= the only solution?
Edited to add: We are starting to see quite a rash of these now and it appears to be possibly a new Gaobot/Agobot worm that disables Norton.
Please go here and do an AV scan at one (preferably two) of the following:
Panda's Active Scan
http://www.pandasoft...n_principal.htm
Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com
RAV Antivirus Online Scan
http://www.ravantivirus.com/scan/
eTrust AV web scanner (Computer Associates)
http://www3.ca.com/v.../virusscan.aspx
2. Yes, it is ok to fix those items found by Spybot
Report back and let us know how you make out and if anything was found.
If so, scan again with HijackThis and post a new log please.
Edited by CalamityJane, 28 April 2004 - 01:48 PM.
#12
ignoreland
-
- Member
-
- 8 posts
New Member
Posted 28 April 2004 - 03:14 PM
Hi!
I did scan for virus and found one at Trend Micro (PC-cillin) - Free on-line Scan. Removed it but could still not open Norton's product. It was the file that changed my HOSTS file.
Went to this site:
http://service1.syma...nav&svy=&csm=no
I followed their hints and it worked!
So I guess that after removing any found virus, you should try the above URL.
Thanks for all your help!
Cheers
Andreas
I did scan for virus and found one at Trend Micro (PC-cillin) - Free on-line Scan. Removed it but could still not open Norton's product. It was the file that changed my HOSTS file.
Went to this site:
http://service1.syma...nav&svy=&csm=no
I followed their hints and it worked!
So I guess that after removing any found virus, you should try the above URL.
Thanks for all your help!
Cheers
Andreas
#13
CalamityJane
-
- Charter Members
-
- 5,268 posts
Global Board Mom
Posted 28 April 2004 - 07:18 PM
Thanks a lot Andreas for the link and feedback.
We'll share it with any others similarly affected :)
We'll share it with any others similarly affected :)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
