Jump to content


Photo

sandboxer winfield 2


  • This topic is locked This topic is locked
3 replies to this topic

#1 sandrad2

sandrad2

    Member

  • New Member
  • Pip
  • 1 posts

Posted 15 May 2004 - 07:40 PM

This post refers to:

http://www.spywarein...view=getnewpost


Info about ndserv.exe that you asked for:
date created: Tuesday, March 20, 2001, 12:49:45 PM
mfg. by: Open Software Associates Ltd.
I do not know what it does.

I believe that I have followed your instructions. Since I have had the browser open for this post, sandboxer has not popped up. Things are looking good. Thank you for your assistance. Why are you willing to seve in this forum? I will make a $50 contribution.

Latest Logfile of HijackThis is below:

Logfile of HijackThis v1.97.7
Scan saved at 6:26:27 PM, on 5/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\netDeploy\Launcher\ndserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Hewlett-Packard\BrioAgent\WMIProviders\HPAlertWMI.exe
C:\PROGRA~1\APIKeys\DFOT43W.EXE
C:\Program Files\MouseWarePro\MWProEng.exe
C:\Program Files\Hewlett-Packard\BrioAgent\BMATrayIcon.exe
C:\Program Files\Motive\motmon.exe
C:\PROGRA~1\HPIS\bin\mpbtn.exe
C:\PROGRA~1\HPIS\bin\mad.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\APIKeys\KBOSDCtl.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\APIKeys\HKeyCnt.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Creative\SB Wireless Music\Media Server\SBWMsvr.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Free Downloads Accelerator\fdaagent.exe
C:\WINNT\system32\Jrnx8.exe
C:\WINNT\system32\Jrnx8.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar99.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKeys\DFOT43W.EXE
O4 - HKLM\..\Run: [MWProEng] C:\Program Files\MouseWarePro\MWProEng.exe
O4 - HKLM\..\Run: [HP Tray Icon WMI] C:\Program Files\Hewlett-Packard\BrioAgent\BMATrayIcon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [HP Instant Support] C:\PROGRA~1\HPIS\bin\mpbtn.exe
O4 - HKLM\..\Run: [MotiveBootKey] C:\PROGRA~1\HPIS\bin\mad.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Sony Handheld\Configtool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\system32\IEHost34.exe
O4 - HKLM\..\Run: [4AAT8EM425DZH3] C:\WINNT\system32\HacI5Y.exe
O4 - HKCU\..\Run: [SB Wireless Music] C:\Program Files\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://public.ansi.o...rces/msddsc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37980.626724537
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.micr...N-US/msorun.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://mickey.xcalib...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab


Info about ndserv.exe that you asked for:
date created: Tuesday, March 20, 2001, 12:49:45 PM
mfg. by: Open Software Associates Ltd.
I do not know what it does.

I believe that I have followed your instructions. Since I have had the browser open for this post, sandboxer has not popped up. Things are looking good. Thank you for your assistance. Why are you willing to seve in this forum? I will make a $50 contribution.

Thank you again.

#2 The Last Samurai

The Last Samurai

    Member

  • Helper
  • Pip
  • 27 posts

Posted 15 May 2004 - 09:00 PM

I believe you mean this post:

http://www.spywarein...=0

The link you gave is a dud.

There is still things left in your log that has to be rid of, so follow my instructions closely.

You still have the peper trojan. Rerun the unistaller. Double click on 'uninst.exe', let it run and terminate. Repeat this step again to make sure the uninstaller does its job. You must be online to have this work and do not block any attempts for the program to connect to the internet by any firewall you may have.

Okay, once again, please make sure that all your windows are closed, especially browser windows like this one, before proceeding, then have HJT remove the following entries by checking off the boxes next to them, and click on "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm

O4 - HKLM\..\Run: [Bakra] C:\WINNT\system32\IEHost34.exe


Okay, now reboot your computer into Safe mode (tap the F8 key repeatedly when your computer boots up) and delete the following file if present:

C:\WINNT\system32\IEHost34.exe <-file

Be sure to make Windows Show Hidden Files to be extra sure these folders are no longer present.

Once done, rehide your system files, reboot once more, and post a new log.



As for the ndserv.exe, can you zip up a copy of this folder:

C:\Program Files\netDeploy\ <-folder

then can you please submit it to this email addy? When submitting, please be sure to provide a link to this thread. Make Windows Show Hidden Files so you can find it.
Donations in support of this support of this Web Site are always appreciated

How to prevent browser hijacks

Alternatives to Internet Explorer:

Mozilla Firefox-I'm telling ya, it's way more secure than IE!

Anti-crapware software:

HijackThis
CWShredder-Designed specifically to deal with the CoolWebSearch Trojan and its cronies
Spybot 1.3
Ad-Aware 6-Make certain that it's set to do a full scan!
AVG Anti-Virus Software-or
Trend Micro Online Virus Scan-In case you can't get AVG and are infected!
Sygate Personal Firewall


He who controls the past, commands the future; he who controls the future, conquers the past - (Variation from the book, 1984)

#3 The Last Samurai

The Last Samurai

    Member

  • Helper
  • Pip
  • 27 posts

Posted 15 May 2004 - 09:02 PM

Why are you willing to seve in this forum?

As for that question, maybe it's because I enjoy helping others get rid of crapware on their computers. To me it's fun analyzing and troubleshooting problems
Donations in support of this support of this Web Site are always appreciated

How to prevent browser hijacks

Alternatives to Internet Explorer:

Mozilla Firefox-I'm telling ya, it's way more secure than IE!

Anti-crapware software:

HijackThis
CWShredder-Designed specifically to deal with the CoolWebSearch Trojan and its cronies
Spybot 1.3
Ad-Aware 6-Make certain that it's set to do a full scan!
AVG Anti-Virus Software-or
Trend Micro Online Virus Scan-In case you can't get AVG and are infected!
Sygate Personal Firewall


He who controls the past, commands the future; he who controls the future, conquers the past - (Variation from the book, 1984)

#4 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 30 September 2004 - 01:13 PM

Due to time passed without a response - I am closing this thread.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button