| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 52792 | 2004-12-30 02:26:00 | Some Adaware program has installed itself on my computer | paragone (6714) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 308837 | 2004-12-30 04:43:00 | A suggested next step would be to see if you can use your system restore to go back a day or two. Failing that, then you will require the XP disk, and do what Johnboy suggested, start-run and enter SFC /SCANNOW |
pheonix (36) | ||
| 308838 | 2004-12-30 04:48:00 | Looks like you have also been Hijacked by about.blank Download aboutBuster www.spyware911.net Restart in safemode and run it. |
pheonix (36) | ||
| 308839 | 2004-12-30 04:50:00 | Ok, how do I do a system restore back? thanks guys! |
paragone (6714) | ||
| 308840 | 2004-12-30 05:02:00 | Start - run and paste this in the box... %SystemRoot%\System32\restore\rstrui.exe Easy to follow it from there. |
pheonix (36) | ||
| 308841 | 2004-12-30 05:02:00 | O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe Taskopen by the sounds of it is a backdoor trojan. Also look for hdut.exe/hdut.dll in C;/windows/system32 folder. If u find hdut.dll or hdut.exe delete them. And also try this www.simplysup.com update it then scan. Also select utilities/reset internet explorer home/start/search page settings, and also the option under it (reset windows hosts file). O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain this is also spyware. See if Wildtangent is in Add/remove program, if it is uninstall it, then under start / run type regsvr32 / u cdaEngine0400.dll Also go here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run Look for CDA Wildtangent, taskopen.exe delete BOTH entries in the right window. Then reboot |
Speedy Gonzales (78) | ||
| 308842 | 2004-12-30 16:13:00 | I can't do the system restore, becaue i get this error message . . . Windows cannot open this file: file: rstrui . exe To open this file, windows needs to know what program created it . Windows can go online to look it up or you can manually select from a list of programs on your computer . what do you want to do? |
paragone (6714) | ||
| 308843 | 2004-12-30 16:33:00 | YESSS!!! I restarted my computer in safe mode and it asked me if I wanted to do a system restore . I did it and now everything seems to be fine!!! I run the hijackfile again and this is how my log looks now . Is there anything I could take out? Logfile of HijackThis v1 . 99 . 0 Scan saved at 11:25:36 AM, on 12/30/2004 Platform: Windows XP SP1 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP1 (6 . 00 . 2800 . 1106) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe C:\WINDOWS\system32\LEXBCES . EXE C:\WINDOWS\system32\LEXPPS . EXE C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe C:\WINDOWS\System32\LXSUPMON . EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr . exe C:\WINDOWS\System32\DeltTray . exe C:\Program Files\ISTsvc\istsvc . exe C:\Program Files\Common Files\Symantec Shared\ccApp . exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate . exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK . EXE C:\Program Files\Messenger\msmsgs . exe C:\Program Files\Microsoft Office\Office10\WINWORD . EXE C:\HiJackThis\HijackThis . exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt . dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm . ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt . dll O4 - HKLM\ . . \Run: [WildTangent CDA] RUNDLL32 . exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400 . dll",cdaEngineMain O4 - HKLM\ . . \Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON . EXE RUN O4 - HKLM\ . . \Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr . exe O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [DeltTray] DeltTray . exe O4 - HKLM\ . . \Run: [IST Service] C:\Program Files\ISTsvc\istsvc . exe O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt . exe O4 - HKLM\ . . \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon . exe O4 - Global Startup: Adobe Gamma Loader . lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader . exe O4 - Global Startup: QuickBooks Update Agent . lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim . exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O17 - HKLM\System\CCS\Services\Tcpip\ . . \{FCA6497B-B75D-4BCD-9CD9-946058C0E8BD}: NameServer = 24 . 29 . 99 . 18,24 . 29 . 99 . 17 O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc . exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe O23 - Service: LexBce Server - Lexmark International, Inc . - C:\WINDOWS\system32\LEXBCES . EXE O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing . exe O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc . exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor . exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan . exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc . exe |
paragone (6714) | ||
| 308844 | 2004-12-30 20:12:00 | You still have spyware. istsvc.exe is istbar. Download this and run it securityresponse.symantec.com Also, Wildtangent is some kind of spyware. Follow the steps I gave previously to remove it. CDA / Wildtangent may also be under the following registry entries. Highlight it then delete it, then reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run and here HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run |
Speedy Gonzales (78) | ||
| 308845 | 2004-12-30 21:51:00 | Do as Speedy recommends, then try another Hijackthis log. Wild Tanget will try to introduce more spyware, so get rid of it. It would pay to also download , UPDATE and use Spybot S&D, www.majorgeeks.com Together with Ad-aware, they make a formidable cleaner of spyware, which is what you were filled up with. |
pheonix (36) | ||
| 308846 | 2004-12-30 23:59:00 | See if Wild Tangent is in Add/Remove programs in Control Panel and if so, uninstall it from there then run Adaware, Spybot, etc. | FoxyMX (5) | ||
| 1 2 3 4 5 | |||||