plam125
asked on
Symantec won't live UPDATE (host can't be found)
I have a computer that isn't even lettling me go to the internet...CPU usage is 90-100% all the time...I installed Symantec Anti Virus Corp Edit and it found over 700 adware/trojan horse/errorsafe/etc viruses...But it's still not letting me LIVE UPDATE - big red X then No host found...But it's working a little better now (60-70%) CPU usage only now...
I tried the follwoing:
1. Deleting the hosts file (c:\windows\system32\drive rs\etc\hos t
2. added back a good copy from another computer
3. Can even get the www.symantec.com
4. everytime I tried to go to "trendmicro.com" or symantec.com it just gives me a and website can't be found...But when I ping it from dos prompt it gives me 127.0.0.1 for symantec...
I think if I can only live update I should be able to get the computer back to normal...Also every website I go to there's atleast 3 pop ups that I get...
Also every new browser that I open up the cookies are all allow in the internet tools option...
Thanks
plam125
I tried the follwoing:
1. Deleting the hosts file (c:\windows\system32\drive
2. added back a good copy from another computer
3. Can even get the www.symantec.com
4. everytime I tried to go to "trendmicro.com" or symantec.com it just gives me a and website can't be found...But when I ping it from dos prompt it gives me 127.0.0.1 for symantec...
I think if I can only live update I should be able to get the computer back to normal...Also every website I go to there's atleast 3 pop ups that I get...
Also every new browser that I open up the cookies are all allow in the internet tools option...
Thanks
plam125
Hi,
I suggest doing a full scan using superantispyware :
www.superantispyware.com
There are some spyware that antiviruses won't detect
Regards,
I suggest doing a full scan using superantispyware :
www.superantispyware.com
There are some spyware that antiviruses won't detect
Regards,
Download Host expert and restore to Microsoft Host Files, after doing so make the files un-rewritable.
Download Ccleaner from http://www.filehippo.com/download_ccleaner/ .
run cleaner and fix all the issues found after you scan with Ccleaner.
Make sure you have nothing loaded on your Startup Items such as unknown files/programs.
Download MSG cleaner from the following link, after you extract it run and tick "Enable task manager.." check box and click on Analyze.
http://upload-il.com/file/61637/MsnCleaner-eng.zip.html
Then download Combofix and run it, You will have dos box and you might be prompted to run a cleaning process, you will have to press 1 to continue and finish the cleaning process.
here's the link..
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Make sure you don't have any unknown toolbars and if there is try to uninstall them... Change the home page to any safe website that you know.
Now I'm sure after using Hostsxpert you will be able to go to any website and update your Symantec anti virus.
Good luck
Download Ccleaner from http://www.filehippo.com/download_ccleaner/ .
run cleaner and fix all the issues found after you scan with Ccleaner.
Make sure you have nothing loaded on your Startup Items such as unknown files/programs.
Download MSG cleaner from the following link, after you extract it run and tick "Enable task manager.." check box and click on Analyze.
http://upload-il.com/file/61637/MsnCleaner-eng.zip.html
Then download Combofix and run it, You will have dos box and you might be prompted to run a cleaning process, you will have to press 1 to continue and finish the cleaning process.
here's the link..
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Make sure you don't have any unknown toolbars and if there is try to uninstall them... Change the home page to any safe website that you know.
Now I'm sure after using Hostsxpert you will be able to go to any website and update your Symantec anti virus.
Good luck
ASKER
IndiGenus:
Here's the log from HJT..Its foreign to me:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:20 AM, on 10/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuaucl t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra y.exe
C:\Program Files\Java\jre1.5.0_03\bin \jusched.e xe
C:\WINDOWS\System32\taskmg r.exe
C:\WINDOWS\SoftwareDistrib ution\Down load\eb5ff 0ae9fdaa24 285c492499 7a7aa90\up date\updat e.exe
C:\WINDOWS\System32\wuaucl t.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = http://www.tjem.com/searchbar.html
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://products.webroot.com/disp0201.php?pc=64150&rc=1&ps=R&oc=5&mjv=3&mnv=2&bld=146&kc=ppa_obqi^^^^etl`avdf&cd=&dcc=&drc=&mo=&sid=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System 32\Userini t.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-0 5D28BCF79F 5} - C:\HP\EXPLOREBAR\HPTOOLKT. DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Common\ycomp5 _0_2_6.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B 5B5E98D167 C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219. exe 61A847B5BBF72810329B385473 F001F0B3E3 5B6638993F 4661AA4EBD 86D67C5638 9B284534F3 10F3D1DC7E 4638E8323A 15806F97BD E4417E70CE 7C0726B954 E1C2832210 339226033A AC
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra y.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin \jusched.e xe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\iipgq bux.dll",s itypnow
O4 - HKLM\..\RunServices: [Ati Control Panel] atiphexx.exe
O4 - HKLM\..\RunServices: [8F7BBF0F] C:\WINDOWS\System32\viehqs xpto.exe
O4 - HKLM\..\RunServices: [`^]`LWI`WITL] C:\WINDOWS\System32\seatht k.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [Ati Control Panel] atiphexx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Ati Control Panel] atiphexx.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_03\bin \npjpi150_ 03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_03\bin \npjpi150_ 03.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-0 05004D0F1F A} - C:\Program Files\MarketBrowser\lmt\Ma rketBrowse r_Launch.x py
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-0 05004D0F1F A} - C:\Program Files\MarketBrowser\lmt\Ma rketBrowse r_Launch.x py
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0819. dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0819. dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B 5B5E98D167 C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B 5B5E98D167 C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1 2A255F085E 1} - C:\Program Files\PartyGaming\PartyPok er\RunApp. exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1 2A255F085E 1} - C:\Program Files\PartyGaming\PartyPok er\RunApp. exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112037319795
O16 - DPF: {8C875948-9C60-4381-9248-0 DF180542D5 3} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6 0DB54C1000 0} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O21 - SSODL: mtklefa - {A0339443-7AC2-4064-4DA1-2 9967D9620F 3} - C:\WINDOWS\System32\sriwx3 2.dll (file missing)
O21 - SSODL: E0BCBJED - {6CD3628F-7212-4452-1269-4 40C5C1A4AF C} - C:\WINDOWS\System32\Mfmdoe 32.dll (file missing)
O21 - SSODL: mtklefap - {4AE79E0C-AAFA-43DF-68A8-1 4FF2EEC524 1} - C:\WINDOWS\System32\oefzn3 2.dll (file missing)
O21 - SSODL: mtklef - {6F735DB2-8EA7-469F-DC86-0 2D2F89DF0B 1} - C:\WINDOWS\System32\muvw32 .dll (file missing)
O21 - SSODL: mtkle - {C7E92A44-476D-4ADA-21AE-7 9C04720319 7} - C:\WINDOWS\System32\jvrbns 32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU P~1\LUCOMS ~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3 2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm 12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8970 bytes
Here's the log from HJT..Its foreign to me:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:20 AM, on 10/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spools
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\Program Files\Java\jre1.5.0_03\bin
C:\WINDOWS\System32\taskmg
C:\WINDOWS\SoftwareDistrib
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\System
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-0
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\iipgq
O4 - HKLM\..\RunServices: [Ati Control Panel] atiphexx.exe
O4 - HKLM\..\RunServices: [8F7BBF0F] C:\WINDOWS\System32\viehqs
O4 - HKLM\..\RunServices: [`^]`LWI`WITL] C:\WINDOWS\System32\seatht
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [Ati Control Panel] atiphexx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Ati Control Panel] atiphexx.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-0
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {8C875948-9C60-4381-9248-0
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O21 - SSODL: mtklefa - {A0339443-7AC2-4064-4DA1-2
O21 - SSODL: E0BCBJED - {6CD3628F-7212-4452-1269-4
O21 - SSODL: mtklefap - {4AE79E0C-AAFA-43DF-68A8-1
O21 - SSODL: mtklef - {6F735DB2-8EA7-469F-DC86-0
O21 - SSODL: mtkle - {C7E92A44-476D-4ADA-21AE-7
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8970 bytes
ASKER
yasserd:
It won't download...just keeps spinning
It won't download...just keeps spinning
Please try the Combofix first plam125.
and then download hostsxpert from.
http://www.majorgeeks.com/Hoster_d4626.html
This should reset your windows host files which there might be changed by a spyware...
Restore to Microsoft original FIle.
and then download hostsxpert from.
http://www.majorgeeks.com/Hoster_d4626.html
This should reset your windows host files which there might be changed by a spyware...
Restore to Microsoft original FIle.
best advice, re-install the operating system. you can clean your system from viruses, but spywares, forget it. unless you delete every entry from the registry. for that, you'd have to search for them which will take you more time than installing a fresh copy.
ViruScan
ViruScan
My apologies plam125, for some reason I wasn't subscribed to this thread and didn't get email notification.
I agree with moh10ly: 100% here on running combofix. CF will do quite a bit of work here and we should then be able to clean up with a CF script and scanning/removal.
Just my opinion.
I agree with moh10ly: 100% here on running combofix. CF will do quite a bit of work here and we should then be able to clean up with a CF script and scanning/removal.
Just my opinion.
Hi Palm,
This is the direct link:
http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe
This is the direct link:
http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe
ASKER
Thanks for all your help...I just told my friend the best thing was to re-install the OS and start over...So that is what I did...Thanks everyone...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I suggest that you download, run, and post a HijackThis log from the link below.
NOTE: Do not fix anything with HJT at this point, just post the text from the log.
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php