OK here is what has been done so far...
Ran CW Shredder rebooted
Ran ADaware-quarantined and then deleted
Ran Spybot-found more reg keys and delted
Checked the reg keys manually-rebooted
Still unable to access ANY site that required a password like Hotmail. Cannot load hotmail page from the MSN messenger link either (get white blank page)
Brought over msconfig.exe and shut a few things down. It wasn't really messy.
Ran Giant-found a few more things and deleted.
Ran Winsock fix utility-removed 4 LSP-DSL ok.
Uninstalled NAV and installed PANDA, registered & updated, full scan-clean.
Computer now accesses some websites was not able to before and signed on. Still unable to get to hotmail (actually a msn.com passport that she reads via hotmail for webmail capabilities. Install account info on Outlook Express and access mail account, download all messages to clear box.
Rebooted.
Ran HijackThis and find everything as regognized in startup EXCEPT the BHO entry as R. Delete this. Rerun the analyze and these entries now appear. (Same as the other thread). Went to the analyze hijack and it says those new R entries are safe.
Still cannot reach some websites and cannot go from the MSN homepage which loadsz fine to the hotmail button whoch brings up a blank white.
I have the IEFIx utility in hand for the next trip over. Anyone able to share some sage wisdom before I slowly rip every hair off my head? Here is the hijak log:
Logfile of HijackThis v1.98.2
Scan saved at 4:01:40 PM, on 11/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv50.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator.HOME-D56F6B02A9\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [UpgConfVer] "C:\Program Files\Panda Software\Panda Platinum Internet Security\UpgConf.exe" /v:8.05.01
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{B58E59AB-DEE0-49A4-9B8F-98D4F8CEC5A7}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: PAVWAIT.DLL
Ran CW Shredder rebooted
Ran ADaware-quarantined and then deleted
Ran Spybot-found more reg keys and delted
Checked the reg keys manually-rebooted
Still unable to access ANY site that required a password like Hotmail. Cannot load hotmail page from the MSN messenger link either (get white blank page)
Brought over msconfig.exe and shut a few things down. It wasn't really messy.
Ran Giant-found a few more things and deleted.
Ran Winsock fix utility-removed 4 LSP-DSL ok.
Uninstalled NAV and installed PANDA, registered & updated, full scan-clean.
Computer now accesses some websites was not able to before and signed on. Still unable to get to hotmail (actually a msn.com passport that she reads via hotmail for webmail capabilities. Install account info on Outlook Express and access mail account, download all messages to clear box.
Rebooted.
Ran HijackThis and find everything as regognized in startup EXCEPT the BHO entry as R. Delete this. Rerun the analyze and these entries now appear. (Same as the other thread). Went to the analyze hijack and it says those new R entries are safe.
Still cannot reach some websites and cannot go from the MSN homepage which loadsz fine to the hotmail button whoch brings up a blank white.
I have the IEFIx utility in hand for the next trip over. Anyone able to share some sage wisdom before I slowly rip every hair off my head? Here is the hijak log:
Logfile of HijackThis v1.98.2
Scan saved at 4:01:40 PM, on 11/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv50.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator.HOME-D56F6B02A9\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [UpgConfVer] "C:\Program Files\Panda Software\Panda Platinum Internet Security\UpgConf.exe" /v:8.05.01
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{B58E59AB-DEE0-49A4-9B8F-98D4F8CEC5A7}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: PAVWAIT.DLL
