WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
SmitFraudFix log
Started by
j-dub
, May 02 2006 03:00 PM
-
This topic is locked
11 replies to this topic
#1
j-dub
-
- New Member
-
- 6 posts
New Member
Posted 02 May 2006 - 03:00 PM
Register to Remove
#2
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 02 May 2006 - 08:01 PM
Hello j-dub,
Did you follow the full fix?
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
#3
j-dub
-
- New Member
-
- 6 posts
New Member
Posted 02 May 2006 - 08:35 PM
No, per the instructions under selfhelp/how to remove spy falcon, etc...
http://forums.tomcoy...showtopic=61697
I installed SmitFraudfix and ewido, ran SmitFraudfix then submitted my log. I did however run SmitRem, suggested by another site and it removed the pop-ups installed by spy falcon. But my browser is still getting hijacked.
Thanks so much for your efforts.....
J-dub
http://forums.tomcoy...showtopic=61697
I installed SmitFraudfix and ewido, ran SmitFraudfix then submitted my log. I did however run SmitRem, suggested by another site and it removed the pop-ups installed by spy falcon. But my browser is still getting hijacked.
Thanks so much for your efforts.....
J-dub
#4
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 02 May 2006 - 08:36 PM
Please post:
Ewido log
A new HijackThis log
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#5
j-dub
-
- New Member
-
- 6 posts
New Member
Posted 02 May 2006 - 09:29 PM
First Ewido:
--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:39:57 PM, 5/2/2006
+ Report-Checksum: AB18750F
+ Scan result:
HKLM\SOFTWARE\Classes\MP.MediaPops -> Adware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Adware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Adware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Adware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Adware.Delfin : Cleaned with backup
C:\WINNT\system32\twain32.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
C:\WINNT\NDNuninstall4_94.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde1C.tmp/bdeinstallman3.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde20.tmp/bdeload.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde22.tmp/BDEplayer3.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde24.tmp/BDEengine3.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde29.tmp/BDEwrapper3.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde2B.tmp/BDESac24.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde2D.tmp/BDESac10.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\BDECache\bde36.tmp/bdeviewer.exe -> Trojan.Krepper.y : Cleaned with backup
C:\Documents and Settings\buck\Local Settings\Temp\upd34.tmp/ME.dll -> Adware.MediaPops : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@cz4.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@oxcash[2].txt -> TrackingCookie.Oxcash : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@oxcash[3].txt -> TrackingCookie.Oxcash : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@7search[1].txt -> TrackingCookie.7search : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\buck\Cookies\buck@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned with backup
::Report End
Then SmitfraudFix:
SmitFraudFix v2.37
Scan done at 20:40:23.60, Tue 05/02/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
C:\WINNT\system32\atmclk.exe FOUND !
C:\WINNT\system32\dcomcfg.exe FOUND !
C:\WINNT\system32\hp????.tmp FOUND !
C:\WINNT\system32\simpole.tlb FOUND !
C:\WINNT\system32\stdole3.tlb FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!! Attention, follow keys are not inevitably infected !!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
#6
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 03 May 2006 - 02:25 PM
Running the Clean
Reboot your computer in Safe Mode.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing
Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
Please post:
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing
Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
Please post:
- c:\rapport.txt
- A new HijackThis log
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#7
j-dub
-
- New Member
-
- 6 posts
New Member
Posted 03 May 2006 - 05:35 PM
Sweet! Worked great, thank you!
Here is the SmitFraudFix Log:
SmitFraudFix v2.37
Scan done at 16:10:28.91, Wed 05/03/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINNT\system32\atmclk.exe Deleted
C:\WINNT\system32\dcomcfg.exe Deleted
C:\WINNT\system32\hp????.tmp Deleted
C:\WINNT\system32\simpole.tlb Deleted
C:\WINNT\system32\stdole3.tlb Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
#8
j-dub
-
- New Member
-
- 6 posts
New Member
Posted 03 May 2006 - 05:37 PM
And the new HJ This log:
Logfile of HijackThis v1.99.1
Scan saved at 4:44:40 PM, on 5/3/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\navapsvc.exe
C:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
C:\PROGRA~1\NORTON~1\npssvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
C:\WINNT\Explorer.exe
C:\WINNT\System32\Smtray.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Documents and Settings\All Users\hp\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\twain_32\SiPix\SCDeluxe\DELUXECC.exe
C:\WINNT\twain_32\SiPix\SCDeluxe\UsbPnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\Documents and Settings\All Users\hp\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton Antivirus\navapw32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\NORTON~1\alertsvc.exe
C:\Program Files\Hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NORTON~1\npscheck.exe
O4 - HKLM\..\Run: [iamapp] "C:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Documents and Settings\All Users\hp\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DELUXECC] C:\WINNT\twain_32\SiPix\SCDeluxe\DELUXECC.exe
O4 - HKLM\..\Run: [DeluxeSgn] C:\WINNT\twain_32\SiPix\SCDeluxe\UsbPnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Norton Antivirus\navapw32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB9933A-4006-40A3-A33F-6DD564CCC090}: NameServer = 192.168.0.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\NORTON~1\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\NORTON~1\navapsvc.exe
O23 - Service: Norton Internet Security Family Edition Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
O23 - Service: NISUM - Symantec Corporation - C:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\NORTON~1\npssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Let me know if you see any thing else....
Regards,
James
#9
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 03 May 2006 - 05:40 PM
Looks good 
You need to visit windows and get all updates. You're 2 service packs behind.
1.Do one of the following:
In Windows 98/Me/2000, on the Windows desktop, double-click the My Computer icon.
In Windows XP, on the taskbar, click Start > My Computer.
2.Do one of the following:
In Windows 98, on the View menu, click Folder Options.
In Windows Me/2000/XP, on the Tools menu, click Folder Options.
On the View tab, check Hide file extensions for known file types.
3.Do one of the following:
In Windows 98, in the Advanced Settings box, under the "Hidden files" folder, unclick Show all files.
In Windows Me/2000/XP, check Hide protected operating system files. Then, under the "Hidden files" folder, unclick Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.
If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.
It is critical to have both a firewall and anti virus to protect your system.
Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.
Safe Surfing.
I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein
You need to visit windows and get all updates. You're 2 service packs behind.
1.Do one of the following:
In Windows 98/Me/2000, on the Windows desktop, double-click the My Computer icon.
In Windows XP, on the taskbar, click Start > My Computer.
2.Do one of the following:
In Windows 98, on the View menu, click Folder Options.
In Windows Me/2000/XP, on the Tools menu, click Folder Options.
On the View tab, check Hide file extensions for known file types.
3.Do one of the following:
In Windows 98, in the Advanced Settings box, under the "Hidden files" folder, unclick Show all files.
In Windows Me/2000/XP, check Hide protected operating system files. Then, under the "Hidden files" folder, unclick Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.
If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.
It is critical to have both a firewall and anti virus to protect your system.
Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.
Safe Surfing.
I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#10
j-dub
-
- New Member
-
- 6 posts
New Member
Posted 03 May 2006 - 05:54 PM
Yes this machine hasn't been running for a couple of years so thier's quite a bit of tweaking to do still.
Why do you recommend to hide system and hidden folders? Actually more so what part of the log told you that were exposed? 
#11
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 03 May 2006 - 06:07 PM
So you don't delete any of them.Why do you recommend to hide system and hidden folders?
Actually more so what part of the log told you that were exposed?
C:\WINNT\system32\atmclk.exe FOUND !
C:\WINNT\system32\dcomcfg.exe FOUND !
C:\WINNT\system32\hp????.tmp FOUND !
C:\WINNT\system32\simpole.tlb FOUND !
C:\WINNT\system32\stdole3.tlb FOUND !
C:\WINNT\system32\twain32.dll FOUND !
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#12
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 05 May 2006 - 01:11 PM
Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
