Tech Support Forum - View Single Post

RAZAN3 · 04-15-2005, 08:19 PM

Thank you for the welcome... and your time.

I have followed the instructions as best I could.

Note, that I could not get to the UK.Trendmicro, as my IE was not working at all, it stalls out when i make connection

I did run Virus scan, which was updated last monday...

In Safe Mode I disabled r_server

In Safe Mode I ran the HJT tool and killed userinit32.exe

I could not scan after this step, so I closed and reopened, and recheck the killed file was not present, I then reopened again to perform Scan and I deleted on 023 - Service line that was present on the list below.

I restarted in normal mode.

I had a folder under My doc's that was not showing a name, i deleted it, but it was my palm install folder, ???? FYI No big deal...

I rescanned and found many of the searchmiracle files 3 and marked them to be deleted.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:04:49 PM, on 4/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/mor...on/search.html
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://partminer.webex.com/client/v...ex/ieatgpc.cab
O23 - Service: CWShredder Service - Unknown owner - D:\CWShredder.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

End of KRC HijackThis Analyzer Log.
====================================================================

I hope to hear from you soon... I am on our LAN, so as to not infect it with my Laptop.

04-15-2005, 08:19 PM	#3 (permalink)
RAZAN3 Registered User Join Date: Apr 2005 Posts: 22 OS: XP Pro	Thank you for the welcome... and your time. I have followed the instructions as best I could. Note, that I could not get to the UK.Trendmicro, as my IE was not working at all, it stalls out when i make connection I did run Virus scan, which was updated last monday... In Safe Mode I disabled r_server In Safe Mode I ran the HJT tool and killed userinit32.exe I could not scan after this step, so I closed and reopened, and recheck the killed file was not present, I then reopened again to perform Scan and I deleted on 023 - Service line that was present on the list below. I restarted in normal mode. I had a folder under My doc's that was not showing a name, i deleted it, but it was my palm install folder, ???? FYI No big deal... I rescanned and found many of the searchmiracle files 3 and marked them to be deleted. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:04:49 PM, on 4/15/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300) Running processes: C:\WINNT\DvzCommon\DvzMsgr.exe C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/mor...on/search.html O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://partminer.webex.com/client/v...ex/ieatgpc.cab O23 - Service: CWShredder Service - Unknown owner - D:\CWShredder.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe End of KRC HijackThis Analyzer Log. ==================================================================== I hope to hear from you soon... I am on our LAN, so as to not infect it with my Laptop.