1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

intell32 again; tried previous removal procedure - no luck:

Discussion in 'Malware and Virus Removal Archive' started by Ingeniero1, 2005/09/22.

Page 2 of 2
  1. 2005/09/27
    Ingeniero1 Contributing Member

    Ingeniero1 Inactive Thread Starter

    Joined:
    2004/05/27
    Messages:
    173
    Likes Received:
    0
    OK!
    That seemed to work.
    Disable System Restore is NOT CHECKED anymore, and I was able to create a restore point (I think...) Should I verify this? (How?)
    Thanks!
    Alex
     
    Ingeniero1,
    #21
  2. 2005/09/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You should now have a new C:\_RESTORE directory, as well as the C:\oldrest directory. You should also have a new 04-HKLM\\run entry in a HJT scan named System State. Go through the steps for using System Restore to see if there are any restore points available. The one you just made should be there. You could of course, create another and see if you are then offered both as restore points. Provided all is well, delete the C:\oldrest directory, then run a new Panda ActiveScan.
     
    noahdfear,
    #22


  3. to hide this advert.

  4. 2005/09/28
    Ingeniero1 Contributing Member

    Ingeniero1 Inactive Thread Starter

    Joined:
    2004/05/27
    Messages:
    173
    Likes Received:
    0
    Hi Dave,

    YES> You should now have a new C:\_RESTORE directory
    YES> as well as the C:\oldrest directory.
    NOT SURE> You should also have a new 04-HKLM\\run entry in a HJT scan named System State (see HJT log, below)
    DONE> Go through the steps for using System Restore to see if there are any restore points available.
    YES> The one you just made should be there. You could of course, create another and see if you are then offered both as restore points. Provided all is well,
    DONE> delete the C:\oldrest directory,
    DONE> then run a new Panda ActiveScan. (but it got stuck at RECYCLE\OLDRES... It was 92MB! So I stopped Panda, deleted the OLDRES and ran Panda again.)

    Report:
    Incident Status Location

    Adware:adware/psguard No disinfected C:\WINDOWS\Application Data\Shudder Global Limited
    Adware:adware/searchexe No disinfected Windows Registry
    Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\pxgx7kzvl2.dll
    Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\SYSTEM\temperror32.dat
    Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\3sy5thb0lc9nj.dll
    Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\dcl8jd75r4ii.dll
    Adware:Adware/Startpage.LJ No disinfected C:\WINDOWS\SVCHOST.EXE
    Adware:Adware/SuperSpider No disinfected C:\Recycled\Q678340.exe
    Adware:Adware/CWS.Aboutblank No disinfected C:\HJT\backups\backup-20040810-221418-810.dll
    Virus:Trj/Subsearch.G Disinfected C:\HJT\backups\backup-20040811-163421-433.dll
    Adware:Adware/EliteBar No disinfected C:\HJT\backups\backup-20050403-195456-370.dll
    Adware:Adware/SearchExe No disinfected C:\HJT\backups\backup-20050807-071724-558.dll
    Adware:Adware/SearchExe No disinfected C:\HJT\backups\backup-20050807-072011-653.dll
    Adware:Adware/HuntBar No disinfected C:\NULL
    Virus:Trj/Subsearch.G Disinfected C:\_RESTORE\TEMP\A0000077.CPY
    Virus:Bck/Webber.P Disinfected C:\_RESTORE\TEMP\A0000078.CPY
    Virus:Trj/Subsearch.G Disinfected C:\_RESTORE\TEMP\A0000084.CPY

    HJT Log:
    Logfile of HijackThis v1.99.1
    Scan saved at 7:49:56 PM, on 9/28/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\RUSH 24-7 MEDIA CENTER\RUSH 24-7 MEDIA CENTER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\HJT\HIJACKTHIS.EXE

    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE "
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunOnce: [Panda_cleaner_47618] C:\WINDOWS\SYSTEM\ACTIVESCAN\pavdr.exe 47618
    O4 - HKLM\..\RunOnce: [Panda_cleaner_29704] C:\WINDOWS\SYSTEM\ACTIVESCAN\pavdr.exe 29704
    O4 - HKLM\..\RunOnce: [Panda_cleaner_113440] C:\WINDOWS\SYSTEM\ACTIVESCAN\pavdr.exe 113440
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [The Rush Limbaugh Show] C:\PROGRAM FILES\RUSH 24-7 MEDIA CENTER\RUSH 24-7 MEDIA CENTER.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

    ======================
    Thanks
    Alex
     
    Ingeniero1,
    #23
  5. 2005/09/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Alex,

    Yes, the run entry for System Restore is now showing in HJT.

    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe



    Please apply the following commands from a command window in safe mode.


    attrib -r -h -s C:\WINDOWS\SYSTEM\pxgx7kzvl2.dll
    deltree /y C:\WINDOWS\SYSTEM\pxgx7kzvl2.dll
    attrib -r -h -s C:\WINDOWS\SYSTEM\temperror32.dat
    deltree /y C:\WINDOWS\SYSTEM\temperror32.dat
    attrib -r -h -s C:\WINDOWS\SYSTEM\3sy5thb0lc9nj.dll
    deltree /y C:\WINDOWS\SYSTEM\3sy5thb0lc9nj.dll
    attrib -r -h -s C:\WINDOWS\SYSTEM\dcl8jd75r4ii.dll
    deltree /y C:\WINDOWS\SYSTEM\dcl8jd75r4ii.dll
    attrib -r -h -s C:\WINDOWS\SVCHOST.EXE
    deltree /y C:\WINDOWS\SVCHOST.EXE
    attrib -r -h -s C:\WINDOWS\Application Data\*.*
    deltree /y C:\WINDOWS\Application Data\*.*
    deltree /y C:\WINDOWS\Application Data
    attrib -r -h -s C:\NULL\*.*
    deltree /y C:\WINDOWS\NULL\*.*
    deltree /y C:\WINDOWS\NULL

    If there are folders named SE, DownloadWare or SED in C:\Program Files, delete them.

    When back in normal mode, please download LQfix.exe and save it to your desktop.
    • Double-Click LQfix.exe and click Next > Next > Install.
    • Leave the default settings, if you change them, the fix will Fail!
    • Now make sure the "Launch LQfix" box is checked.
    • Click the Finish button, after clicking the Finish button the fix will start.
    • Follow the on-screen prompts.
    • Your system will now reboot afterwards.
    • Please be patient after the reboot, there is a script running in the background that needs to complete.


    Open Ad-aware, check for updates and do a scan in 'full system scan' mode. Fix all it finds.

    Open HijackThis to the List of backups, then click Delete All. Click Yes on the warning and close.

    Turn off System Restore. Empty the recycle bin. Reboot and re-enable System Restore, making sure a new restore point is created.

    Run another Panda scan and post the report, as well as a new Hijackthis log.
     
    noahdfear,
    #24
  6. 2005/09/29
    Ingeniero1 Contributing Member

    Ingeniero1 Inactive Thread Starter

    Joined:
    2004/05/27
    Messages:
    173
    Likes Received:
    0
    Hi Dave,
    I was able to do everything you suggested except for:
    attrib -r -h -s C:\WINDOWS\Application Data\*.* <parameter value not allowed>
    attrib -r -h -s C:\NULL\*.* <path not found>

    Yet, upon deleting them (deltree) I did not get any error messages, just back to the DOS prompt.

    • The three folders you mentioned were not anywhere to be found.
    • Ad-Aware found and 'fixed' 1 object.

    Panda Scan:
    Incident Status Location

    Adware:adware/psguard No disinfected C:\WINDOWS\Application Data\Shudder Global Limited
    Adware:adware/searchexe No disinfected Windows Registry
    Adware:Adware/Startpage.LJ No disinfected C:\WINDOWS\SVCHOST.EXE
    Adware:Adware/SuperSpider No disinfected C:\Recycled\Q678340.exe
    Adware:Adware/HuntBar No disinfected C:\NULL

    HJT Log:
    Logfile of HijackThis v1.99.1
    Scan saved at 9:31:42 PM, on 9/29/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\RUSH 24-7 MEDIA CENTER\RUSH 24-7 MEDIA CENTER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\HJT\HIJACKTHIS.EXE

    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE "
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [The Rush Limbaugh Show] C:\PROGRAM FILES\RUSH 24-7 MEDIA CENTER\RUSH 24-7 MEDIA CENTER.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
    =======================
    Next?

    Thanks!

    Alex
     
    Ingeniero1,
    #25
  7. 2005/09/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Start the computer with the boot disk, type C: , hit enter, then type the following commands at the C:> prompt.


    attrib -r -s -h C:\WINDOWS\Applic~1\Shudde~1\*.*
    attrib -r -s -h C:\WINDOWS\Applic~1\Shudde~1
    attrib -r -s -h C:\WINDOWS\SVCHOST.EXE
    attrib -r -s -h C:\NULL
    attrib -r -s -h C:\Recycled\*.*
    deltree /y C:\WINDOWS\Applic~1\Shudde~1\*.*
    deltree /y C:\WINDOWS\Applic~1\Shudde~1
    deltree /y C:\WINDOWS\SVCHOST.EXE
    deltree /y C:\NULL
    deltree /y C:\Recycled\*.*

    Reboot into normal mode and run another Panda Scan.

    How is the computer running?
     
    noahdfear,
    #26
  8. 2005/09/30
    Ingeniero1 Contributing Member

    Ingeniero1 Inactive Thread Starter

    Joined:
    2004/05/27
    Messages:
    173
    Likes Received:
    0
    Dave,
    Everything went OK, except it did not find ...Shudde~1\*.*, but appeared to delete it OK.
    The computer has been running fine.

    Panda report:
    =======================
    Incident Status Location

    Adware:adware/searchexe No disinfected Windows Registry
    ========================

    HJT Log:
    ========================
    Logfile of HijackThis v1.99.1
    Scan saved at 10:42:58 PM, on 9/30/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\RUSH 24-7 MEDIA CENTER\RUSH 24-7 MEDIA CENTER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\HJT\HIJACKTHIS.EXE

    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE "
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [The Rush Limbaugh Show] C:\PROGRAM FILES\RUSH 24-7 MEDIA CENTER\RUSH 24-7 MEDIA CENTER.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

    ============================

    Thanks

    Alex
     
    Ingeniero1,
    #27
  9. 2005/10/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good, Alex. :)

    In post 9 you mentioned Antivirus and in post 10 I recommended AV, firewall, SpywareBlaster, IESpyad, Spybot and Ad-aware. Did you ever do any of those? I don't see AV or firewall running in your log.

    If you'd like to persue getting rid of the registry traces of the searchexe adware found by Panda, download "Registry Search Tool" (RegSrch.vbs) from here
    http://www.billsway.com/vbspage/
    start it and paste in searchexe, wait for it to complete the search, click ok at the prompt. Then when wordpad opens, copy that back here please.
     
    noahdfear,
    #28
  10. 2005/10/01
    Ingeniero1 Contributing Member

    Ingeniero1 Inactive Thread Starter

    Joined:
    2004/05/27
    Messages:
    173
    Likes Received:
    0
    First of all - Dave, Thanks for everything!

    I do have (or thought I did anyway, as I run them frequently) Ad-Aware, Spybot, CWShredder, and StartDreck, which someone here recommended a while ago. But they don't appear to protect me very well, which is why as asked for recommendations. (Perhaps I don't have them installed correctly?)

    Now that we have this problem fixed I will pursue your recommendation. Should all of those be used concurrently?

    Thanks

    Alex
     
    Ingeniero1,
    #29
  11. 2005/10/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    CWShredder is only for the removal of CoolWebSearch infections, and should always be up-to-date if needed, yet it's not recommended to use unless you do have a CWS infection.

    Startdreck is a diagnosis tool only.

    SpywareBlaster needs only be installed, updated and all protections enabled. Check for updates occasionally and enable all again when there are updates.

    IESpyad only needs run once, but is also updated occasionally.

    You're most welcome, Alex. Glad I could help. :)
     
    noahdfear,
    #30
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...