Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Problem suspected


  • This topic is locked This topic is locked
6 replies to this topic

#1 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 23 December 2005 - 02:56 AM

I have installed norton Internet Security, and I regurally use spyboot ad ad AD-Aware.
All this sw do not found any problem but I suspect that some proble is stil present (Strange pop-up)
Please check my HJ log file

Logfile of HijackThis v1.99.1
Scan saved at 9.27.56, on 23/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPService.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WinProxy.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programmi\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download &All by FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mypixmania.com
O15 - Trusted Zone: http://www.bigass.sytes.net
O15 - Trusted Zone: http://www.119.tim.it
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://www.pixaco.it...edropupload.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://ispe.sdc.hp.c...SWebManager.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 192.168.0.1
O17 - HKLM\Software\..\Telephony: DomainName = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{92501430-315E-460C-8BB2-7DB9200D3DB3}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B90405-796F-4CF0-AE18-02599DF4E502}: NameServer = 85.37.17.10 151.99.125.1
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinProxy - Unknown owner - C:\PROGRA~1\OSITIS~1\WINPRO~1\WPService.exe

Thanks

    Advertisements

Register to Remove


#2 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 26 December 2005 - 07:02 AM

Welcome to the forum.

The log shows no malware but that doesn't mean the computer is clean.

UPDATE and run Spybot and AdAware again - also run CW-Shredder and Ewido Security Suite.
Please let me know of any thing that couldn't be fixed or cleaned.

-----------------------------

To start the clean-up process:

Download and run CW-Shredder - Hit the FIX button and let it run and fix what it finds.

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>
Next.....

Download and run SpyBot

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED entries.
Reboot..........

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Next...

Download and run AD-Aware

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Reboot....

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful")
5. Run Ewido Security Suite --- Do a "Complete System Scan"
Let it clean all files

Tutorial if needed

Reboot........

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Next....

Run at least one of these free online virus scans - make sure they are set to auto-clean.

http://housecall.tre.../start_corp.asp

http://www.pandasoft...n_principal.htm

http://www.bitdefend...can/licence.php

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Last...

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Reboot and post a fresh HJT log and we'll take another look, MrC


#3 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 27 December 2005 - 10:06 AM

Welcome to the forum.

The log shows no malware but that doesn't mean the computer is clean.

UPDATE and run Spybot and AdAware again - also run CW-Shredder and Ewido Security Suite.
Please let me know of any thing that couldn't be fixed or cleaned.

-----------------------------

To start the clean-up process:

Download and run CW-Shredder - Hit the FIX button and let it run and fix what it finds.

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>
Next.....

Download and run SpyBot

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED entries.
Reboot..........

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Next...

Download and run AD-Aware

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Reboot....

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful")
5. Run Ewido Security Suite --- Do a "Complete System Scan"
Let it clean all files

Tutorial if needed

Reboot........

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Next....

Run at least one of these free online virus scans - make sure they are set to auto-clean.

http://housecall.tre.../start_corp.asp

http://www.pandasoft...n_principal.htm

http://www.bitdefend...can/licence.php

<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Last...

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
<==><==><==><==><==><==><==><==><==><==><==><==><==><==><==><==>


Reboot and post a fresh HJT log and we'll take another look, MrC


I have done all.
This is the log resulting

Logfile of HijackThis v1.99.1
Scan saved at 16.55.49, on 27/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPService.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WinProxy.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documenti\HijackThis.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programmi\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download &All by FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mypixmania.com
O15 - Trusted Zone: http://www.bigass.sytes.net
O15 - Trusted Zone: http://www.119.tim.it
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://www.pixaco.it...edropupload.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://ispe.sdc.hp.c...SWebManager.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 192.168.0.1
O17 - HKLM\Software\..\Telephony: DomainName = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{92501430-315E-460C-8BB2-7DB9200D3DB3}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B90405-796F-4CF0-AE18-02599DF4E502}: NameServer = 85.37.17.10 151.99.125.1
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinProxy - Unknown owner - C:\PROGRA~1\OSITIS~1\WINPRO~1\WPService.exe

#4 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 27 December 2005 - 05:24 PM

How is it now?

To clean up a bit......

Close ALL programs down, leaving ONLY HijackThis running - Click Scan and.....
Place a check against the following items:

O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE <----resource hog - not needed

If you put these in your Internet Explorers Trusted Zone then leave them - if you didn't please fix them using HJT
O15 - Trusted Zone: http://www.mypixmania.com
O15 - Trusted Zone: http://www.bigass.sytes.net
O15 - Trusted Zone: http://www.119.tim.it

Click on Fix Checked and exit HijackThis.

Let me know, MrC


#5 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 28 December 2005 - 02:12 AM

At the moment seems good. No pop up or strange message. But if i run ad-avare or the other suggested anti spyware the always find something.. There is any active real time protection that you can suggest ? I have believed that Norton Internet could protect conveniently but now I am not so sure. Many Thanks

#6 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 28 December 2005 - 06:32 PM

But if i run ad-avare or the other suggested anti spyware the always find something..


What does it find? We can use another program to scan the computer if needed.



Here's my......
Preventive Maintenance:

------------------Must have or do:-----------------

Now that you're clean: <----Important Step!!!!
Delete your system restore files and create a new restore point:
(ME and XP users only)

XP system restore

ME system restore

Visit Windows Update and install all the lastest critical updates.

Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked.

SpywareBlaster Check for updates weekly.

SpywareGuard

IE-SPYAD
Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
IE-SPYAD

SpyBot has some protection benefits - use them.

Blocking Unwanted Parasites with a Hosts File

Need a free anti virus?
AVG*free
(check for updates - daily)

How about a firewall? The front door to your computer.
ZoneAlarm*free

Other free firewalls

Keep those temp files off your system use
CCleaner
Uncheck "Cookies" under "Internet Explorer".


Keep your Sun Java up-to-date

----------Free malware removal programs:----------

SpyBot
AD-Aware
CW-Shredder

Ewido trojan scanner<---VERY GOOD! (XP and 2K only)

Please consider using FireFox instead of Internet Explorer

Pop-up stoppers:
GoogleToolBar
Pop-upStopperFree

Disable Windows MessengerXP - 2K (stops pop-up ads -etc):
Disabling Messenger Service in Windows XP
How to Remove Windows Messenger on Windows XP
How to Remove Windows Messenger on Windows XP
Shoot The Messenger

Don't open e-mail attachments without first scanning them with an up-to-date
anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of.
Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization.

Let me know, MrC


#7 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 07 January 2006 - 07:03 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users