Jump to content


Photo

SpyBot locks up when fixing selected problems


  • This topic is locked This topic is locked
3 replies to this topic

#1 ThallidRanger

ThallidRanger

    Member

  • New Member
  • Pip
  • 1 posts

Posted 29 June 2004 - 05:45 PM

My browser is not really hijacked but I am having a problem removing spyware.

I have Ad-Aware, SW Blaster, Spybot:S&D, CWShredder and HT installed.

I ran Ad-Aware. I had like 200+ objects identified. Cleaned them all. Reran and am clean.

The problem comes when I run SpyBot. I check for problems and it outlines something like 20 problems, all red. I then click the fix selected problems and the process starts, but then locks up and task manager says not responding and I have to hit end task. It does not remove any of the spyware. I even tried clicking on only 1 item to remove and it still locks up.

Is the current version of SpyBot problematic or is something else going on? On the website I saw something about a problem with DSO Exploit and I have that on my scan so could that be the issue?


Also I ran CWShredder (Spybot found a "Cool WWW Search") and it noticed some files that are confusing me.

C:\WINNT\LIC98RMT.EXE
C:\WINNT\LIC98RMTD.EXE
C:\WINNT\DSTENG32.EXE

I did a google and a windows knowledge database search for these files. Nothing. Nada. So it makes me think they may be a random name for the CW spyware. Shrug.



Here is my HT log:


Logfile of HijackThis v1.97.7
Scan saved at 5:40:18 PM, on 06/29/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\UMCSTUB.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\TNGSD\BIN\SDSERV.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\TNGSD\BIN\TRIGGAG.EXE
C:\SxpInst\sxplog32.exe
C:\WINNT\system32\spmonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Nice Agent\ScreenAgent.exe
C:\TNGSD\BIN\triggusr.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\BRQIKMON.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.espn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\SxpInst\sxplog32.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AGNTREC] "C:\Program Files\Nice Agent\ScreenAgent.exe" -wait
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: SnagIt 6.lnk = C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O15 - Trusted Zone: ??????.com" target="_blank">http://ivrprdws2.cdc.??????.com
O15 - Trusted Zone: ??????.net" target="_blank">http://project.??????.net
O15 - Trusted Zone: http://*.plnapproject01
O15 - Trusted Zone: http://*.sos-webdev
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...q_h1930_40.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - ???.net/projectserver/objects/pjclient.cab" target="_blank">http://project.???.net/projectserver/objects/pjclient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8167.5708796296
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - ???.net/projectserver/objects/1033/pjcintl.cab" target="_blank">http://project.???.net/projectserver/ob...033/pjcintl.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3) - http://ccon.madonion...global/msc3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ???.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ???.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ???.com


EDIT - the question marks are my company's name...

Edited by ThallidRanger, 29 June 2004 - 05:53 PM.


#2 say_hey24

say_hey24

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 25 April 2005 - 04:24 PM

I am having the EXACT smae problem. I get a list of red evil-doers, but when I click "Fix Selected Problems" Spybot freezes and I get Not Responding in the task manager.

Did you get a fix for this?!?!?

Thanks!

#3 jw50

jw50

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 18,969 posts

Posted 01 May 2005 - 06:07 PM

Hi ThallidRanger, welcome to the forums.

Sorry it has taken so long to get back to you but we have been swamped.

Please run HijackThis and post a current log. I will be happy to take a look at it for you.
Posted Image

#4 jw50

jw50

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 18,969 posts

Posted 30 May 2005 - 12:19 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button