Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Sorry, but I'm lost on this.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 26 November 2005 - 11:21 PM

Hi. I'm sorry but I am new to this, so I am unsure what if anything to delete from this log. Can you please help?
Thanks
:blink:

Logfile of HijackThis v1.99.1
Scan saved at 12:05:46 AM, on 11/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKTASK.EXE
C:\WINDOWS\Downloaded Program Files\fcnad.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dslstart.verizon.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\3.bin\IWONBAR.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\3.bin\IWONBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [OAKSTART] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKSTART.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [OAKTASK] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKTASK.EXE
O4 - HKLM\..\Run: [{6B7276FF-DEEA-4b9e-8307-93F1D2AB6277}] C:\WINDOWS\Downloaded Program Files\fcnad.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\Program Files\CompuServe 2000a\cstray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Documents and Settings\Me\My Documents\Tmas.exe
O4 - Global Startup: Turbo Surfer 2.0.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123635363606
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128137178423
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/c..._12_1,0,2,5.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.suppo...ts/SysQuery.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 27 November 2005 - 12:42 AM

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 27 November 2005 - 08:55 PM

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:49:56 PM, on 11/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKTASK.EXE
C:\WINDOWS\Downloaded Program Files\fcnad.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\compus~1\wcs2000.exe
C:\Documents and Settings\Me\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dslstart.verizon.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [OAKSTART] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKSTART.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [OAKTASK] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKTASK.EXE
O4 - HKLM\..\Run: [{6B7276FF-DEEA-4b9e-8307-93F1D2AB6277}] C:\WINDOWS\Downloaded Program Files\fcnad.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\Program Files\CompuServe 2000a\cstray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Documents and Settings\Me\My Documents\Tmas.exe
O4 - Global Startup: Turbo Surfer 2.0.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123635363606
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128137178423
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.suppo...ts/SysQuery.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ewido log on next post.................

#4 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 27 November 2005 - 08:59 PM

Ewido Log: ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:14:18 PM, 11/27/2005 + Report-Checksum: 74A17A57 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{10125C2E-6821-4070-B24E-2E992501AD55} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{10125C2E-6821-4070-B24E-2E992501AD55}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{277E1FE1-CF65-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{277E1FE1-CF65-11D3-B377-0800460222F0}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{58384780-211C-11d4-AEB7-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6D54A7C1-C379-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6D54A7C1-C379-11D3-B377-0800460222F0}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70522FA0-4656-11d5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70522FA0-4656-11d5-B0E9-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70522FA1-4656-11d5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70522FA1-4656-11d5-B0E9-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70522FA2-4656-11d5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70522FA2-4656-11d5-B0E9-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7631768F-511E-41d8-BADB-604B0034776B} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{CA0B9B6D-C2AF-11D3-B376-0800460222F0} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{CA0B9B6D-C2AF-11D3-B376-0800460222F0}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{CA0B9B71-C2AF-11D3-B376-0800460222F0} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{CA0B9B71-C2AF-11D3-B376-0800460222F0}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{10125C2D-6821-4070-B24E-2E992501AD55} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{10125C2D-6821-4070-B24E-2E992501AD55}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{10125C2F-6821-4070-B24E-2E992501AD55} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{10125C2F-6821-4070-B24E-2E992501AD55}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{277E1FE0-CF65-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{277E1FE0-CF65-11D3-B377-0800460222F0}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{6D54A7C0-C379-11D3-B377-0800460222F0} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{6D54A7C0-C379-11D3-B377-0800460222F0}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654581-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654581-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin\CLSID -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin\CurVer -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin.1 -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonProgressiveCounterPlugin.1\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin\CLSID -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin\CurVer -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin.1 -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonSlotPlugin.1\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin\CLSID -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin\CurVer -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin.1 -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\iWonPM.iWonTextPlugin.1\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown\CLSID -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown\CurVer -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown.1 -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeShutdown.1\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup\CLSID -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup\CurVer -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup.1 -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.iWonNetscapeStartup.1\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin\CLSID -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin\CurVer -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin.1 -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\IWonToolbar.SettingsPlugin.1\CLSID\\ -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{78429873-F771-11D3-AE1D-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{83654580-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\iWon -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\iWon\iWonBar -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\iWon\iWonSlots -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70522FA2-4656-11D5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CA0B9B71-C2AF-11D3-B376-0800460222F0} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup C:\Documents and Settings\Me\Cookies\me@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Me\Cookies\me@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Me\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Error during cleaning C:\Documents and Settings\Me\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Error during cleaning C:\Documents and Settings\Me\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup C:\Program Files\iWon\iWonBar\3.bin\IWON2NS.EXE -> Spyware.MyWay : Cleaned with backup C:\Program Files\iWon\iWonBar\3.bin\NPIWON0.DLL -> Spyware.MyWay : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP162\A0020208.EXE -> Spyware.MyWay : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP162\A0020209.DLL -> Spyware.MyWay : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP187\A0025009.dll -> Spyware.MegaSearch : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP221\A0035193.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP221\A0035201.exe -> Spyware.404Search.h : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP221\A0035203.exe -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP221\A0035205.exe -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP221\A0035207.dll -> Adware.BrilliantDigital : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036301.exe -> Spyware.404Search.h : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036302.DLL -> Spyware.MyWebSearch : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036303.DLL -> Spyware.MyWebSearch : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036306.exe -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036308.dll -> Adware.BrilliantDigital : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036309.exe -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036313.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036314.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036315.exe -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036317.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036318.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036319.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036320.exe -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036321.exe -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036322.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036323.DLL -> Spyware.P2PNetworking : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP222\A0036325.exe -> Spyware.P2PNetworking : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP223\A0036340.dll -> Spyware.Altnet : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP223\A0036359.DLL -> Spyware.MySearch : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP223\A0037359.dll -> Spyware.MySearch : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP223\A0037368.dll -> Spyware.404Search : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP224\A0039460.exe -> Spyware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP224\A0039464.exe -> Spyware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP224\A0039465.dll -> Spyware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP224\A0039466.dll -> Spyware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP224\A0039467.exe -> Spyware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP224\A0039478.exe/whAgent.exe -> Spyware.WebHancer : Error during cleaning C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\vzbb.dll -> Spyware.MegaSearch : Cleaned with backup C:\WINDOWS\Downloaded Program Files\vzbb.dll.old -> Spyware.MegaSearch : Cleaned with backup ::Report End

#5 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 27 November 2005 - 09:38 PM

Can you post a new hijackthis log please.

#6 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 27 November 2005 - 10:01 PM

HijackThis is post 3. Thank you.

#7 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 28 November 2005 - 08:31 PM

Yes I say that one, please reboot and post a new one, sorry.

#8 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 29 November 2005 - 08:10 PM

New log you requested.

Logfile of HijackThis v1.99.1
Scan saved at 9:08:16 PM, on 11/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKTASK.EXE
C:\WINDOWS\Downloaded Program Files\fcnad.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\compus~1\wcs2000.exe
C:\Documents and Settings\Me\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dslstart.verizon.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [OAKSTART] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKSTART.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [OAKTASK] C:\PROGRA~1\OAKTEC~1\OAKSIM~1\OAKTASK.EXE
O4 - HKLM\..\Run: [{6B7276FF-DEEA-4b9e-8307-93F1D2AB6277}] C:\WINDOWS\Downloaded Program Files\fcnad.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\Program Files\CompuServe 2000a\cstray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Turbo Surfer 2.0.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123635363606
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128137178423
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/c..._12_1,0,2,5.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.suppo...ts/SysQuery.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

:wall:

#9 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 29 November 2005 - 09:32 PM

Pleasew scan the file below and post the report generated.

Scan this file >>>>> C:\WINDOWS\Downloaded Program Files\fcnad.exe


Scan it herre >>>> http://virusscan.jotti.org/

#10 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 29 November 2005 - 10:16 PM

Scan results. Jotti's malware scan 2.99-TRANSITION_TO_3.00 File to upload & scan: Service Service load: 0% 100% File: fcnad.exe Status: OK MD5 2d372762f2ea09e38eb36ce6b138a1e4 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing

#11 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 30 November 2005 - 07:56 AM

Log looks ok how is it running?

#12 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 30 November 2005 - 02:08 PM

Seems to be running fine. Do I need to delete anything from hijack this log?

#13 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 30 November 2005 - 02:22 PM

You can remove this line.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

#14 Guest_dustynduke_*

Guest_dustynduke_*
  • Guests

Posted 30 November 2005 - 08:33 PM

Thank you for all of your help and information. :thumbup:

#15 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 30 November 2005 - 09:01 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users