Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


might have sdbot

Started by Guest_phs_* , Apr 28 2006 04:30 AM

  • This topic is locked This topic is locked
6 replies to this topic

#1 Guest_phs_*

Guest_phs_*
  • Guests

Posted 28 April 2006 - 04:30 AM

cant figure this one out
after i turn my anti-virus and firewalls off i get pop-up and my computer wants to shut off all on it's own.
think i migh thave a sdbit---found a syncroad the other day and got rid of it I hope?
here is my HJT post and I have all the other programs installed so if you need any other log let me know.


Logfile of HijackThis v1.99.1
Scan saved at 5:34:52 AM, on 4/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\DOCUME~1\ALLUSE~1.HOM\LOCALS~1\TEMP\_VWUPSRV.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SM1BG.EXE
E:\program files\qttask.exe
E:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\ZoneAlarm\zlclient.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
E:\Program Files\Lexmark X125\LEX125SU.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\SpywareGuard\sgbhp.exe
E:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
E:\Program Files\PeoplePC Accelerated\PeoplePC.exe
E:\HJT\hijackthis_1\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SM1BG] E:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] E:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "E:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - E:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - E:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139474939235
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0716976C-1C1E-45B0-9A7A-BA6F1320A80C}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C09CB1FD-ECA9-418D-9F5C-4BEDCB3E3719}: NameServer = 205.171.3.65 205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{0716976C-1C1E-45B0-9A7A-BA6F1320A80C}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0716976C-1C1E-45B0-9A7A-BA6F1320A80C}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - E:\WINDOWS\lsa.exe (file missing)
O23 - Service: MsLX32 - Unknown owner - E:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\DOCUME~1\ALLUSE~1.HOM\LOCALS~1\TEMP\_VWUPSRV.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: MsLX32 - Unknown owner - E:\WINDOWS\MsLX32.exe (file missing)

Good luck with this one
been working on it for 3 days now
check out
E:\program files\qttask.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\qttask.exe" -atboottime
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - E:\WINDOWS\lsa.exe (file missing)
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\DOCUME~1\ALLUSE~1.HOM\LOCALS~1\TEMP\_VWUPSRV.EXE
O23 - Service: MsLX32 - Unknown owner - E:\WINDOWS\MsLX32.exe (file missing)


Thanks for any help!
Paul

    Advertisements

Register to Remove

#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 28 April 2006 - 06:55 AM

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - E:\WINDOWS\lsa.exe (file missing)
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\DOCUME~1\ALLUSE~1.HOM\LOCALS~1\TEMP\_VWUPSRV.EXE
O23 - Service: MsLX32 - Unknown owner - E:\WINDOWS\MsLX32.exe (file missing)

These 2 are ok

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\DOCUME~1\ALLUSE~1.HOM\LOCALS~1\TEMP\_VWUPSRV.EXE

Which means these 2 are not

O23 - Service: lsa driver service (lsaDriver) - Unknown owner - E:\WINDOWS\lsa.exe (file missing)
O23 - Service: MsLX32 - Unknown owner - E:\WINDOWS\MsLX32.exe (file missing)[/quote]


So Please follow these steps

Click on Start > Run

In the box, type in services.msc then hit <enter> (or click OK)

In the Name column, look for MsLX32

<Double-click> it.

Now, click Stop to stop that rogue process.

In the Startup type box, change it to Disabled, then click Apply then OK.

Then do the same for lsa driver service

NEXT

1. Please download Stinger and save it to your desktop

2. Double-click on the stinger.exe file and open the tool

3. Choose your entire hard drive to scan.

4. Choose Scan Now

5. Stinger will fix anything that it finds

6. Click the File menu and select Save report to file

7. Post the log file results here in this thread.

NEXT

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Edited by Siggyx, 28 April 2006 - 06:56 AM.

#3 Guest_phs_*

Guest_phs_*
  • Guests

Posted 30 April 2006 - 09:33 PM

Sorry I was out of town yesterday
Here is the HJT log as well as the stinger log and the Ewido log run in safe mode

Logfile of HijackThis v1.99.1
Scan saved at 11:22:05 PM, on 4/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Program Files\ewido anti-malware\ewidoguard.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\DOCUME~1\ALLUSE~1.HOM\LOCALS~1\TEMP\_VWUPSRV.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\SM1BG.EXE
E:\program files\qttask.exe
E:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\ZoneAlarm\zlclient.exe
E:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Lexmark X125\LEX125SU.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\SpywareGuard\sgbhp.exe
E:\HJT\hijackthis_1\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SM1BG] E:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] E:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "E:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139474939235
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0716976C-1C1E-45B0-9A7A-BA6F1320A80C}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0716976C-1C1E-45B0-9A7A-BA6F1320A80C}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0716976C-1C1E-45B0-9A7A-BA6F1320A80C}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - E:\WINDOWS\lsa.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\DOCUME~1\ALLUSE~1.HOM\LOCALS~1\TEMP\_VWUPSRV.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

Stinger log

McAfee AVERT Stinger Version 2.6.0. built on Apr 5 2006

Copyright © 2005 Networks Associates Technology, Inc. All Rights Reserved.

Virus data file v1000 created on Feb 2 2006.

Ready to scan for 55 viruses, trojans and variants.



Scan initiated on Sat Apr 29 02:46:49 2006

C:\WINDOWS\system32\o

Found the W32/Sdbot.worm!ftp virus !!!

C:\WINDOWS\system32\o has been deleted.

e:\WINDOWS\system32\i

Found the W32/Sdbot.worm!ftp virus !!!

e:\WINDOWS\system32\i has been deleted.

Number of clean files: 344624

Number of infected files: 2

Number of files deleted: 2


Ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:51:08 PM, 4/30/2006
+ Report-Checksum: 1021966E

+ Scan result:

E:\Documents and Settings\All Users.HOME-P0XN8QNVLI\Cookies\all users@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
E:\Documents and Settings\All Users.HOME-P0XN8QNVLI\Cookies\all users@com[1].txt -> TrackingCookie.Com : Cleaned with backup
E:\Documents and Settings\All Users.HOME-P0XN8QNVLI\Cookies\all users@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
E:\Documents and Settings\All Users.HOME-P0XN8QNVLI\Cookies\all users@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
E:\Documents and Settings\All Users.HOME-P0XN8QNVLI\Cookies\all users@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
E:\Documents and Settings\All Users.HOME-P0XN8QNVLI\Cookies\all users@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
E:\Documents and Settings\All Users.HOME-P0XN8QNVLI\Cookies\all users@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@e-2dj6wfkyqmcjsdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
E:\Documents and Settings\rena\Cookies\rena@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
E:\WINDOWS\system32\config\systemprofile\Cookies\all users@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup


::Report End

If you need anymore scans just let me know and again thanks for all your help!

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 30 April 2006 - 09:51 PM

Looks ok how is it running?

#5 Guest_phs_*

Guest_phs_*
  • Guests

Posted 30 April 2006 - 11:39 PM

Seems to be doing fine I turned of my firewall and no regfix pop ups so I guess all is good do I need to uninstall the Ewido Malware Program? Again thanks for all your help

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 30 April 2006 - 11:50 PM

Yes you can unistall ewdio now.

#7 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 30 April 2006 - 11:50 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·