Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my log please help [RESOLVED]


  • This topic is locked This topic is locked

#1
jerryrm

jerryrm

    Member

  • Member
  • PipPip
  • 31 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:26:42 PM, 7/5/2005
+ Report-Checksum: 7896E4A5

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BEB133E5-FD72-43b7-8AFF-681831CC72D9} -> Spyware.Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEB133E5-FD72-43b7-8AFF-681831CC72D9} -> Spyware.Hijacker.Generic : Cleaned with backup
HKU\S-1-5-21-1229272821-842925246-854245398-1004\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1229272821-842925246-854245398-1004\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1229272821-842925246-854245398-1004\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1229272821-842925246-854245398-1004\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-1229272821-842925246-854245398-1004\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-1229272821-842925246-854245398-1004\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-1229272821-842925246-854245398-1004\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
[3656] VM_02C70000 -> Adware.BetterInternet : Error during cleaning
C:\WINDOWS\system32\nnjdsxw.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\drv2cltr.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\WINDOWS\system32\rdsndin.exe -> Spyware.FindSpy : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll_tobedeleted -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\uixazw.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\WINDOWS\zhdnmnwnb.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\sasetup.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ISTSVC.EXE -> TrojanDownloader.IstBar.k : Cleaned with backup
:mozilla.6:C:\Documents and Settings\mcdolej\Application Data\Mozilla\Profiles\default\f2lbz20b.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.7:C:\Documents and Settings\mcdolej\Application Data\Mozilla\Profiles\default\f2lbz20b.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0054175.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0054216.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0054218.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0054228.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0054234.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0055223.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0055228.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0056223.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0056228.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0057223.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0058227.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0058229.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP310\A0058237.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP316\A0060593.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP316\A0060625.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP316\A0060629.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0058334.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0058335.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0058374.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0058376.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059346.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059348.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059352.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059363.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059370.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059372.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059402.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP312\A0059404.exe -> TrojanDownloader.Small.ajn : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP313\A0059414.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP313\A0059441.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP313\A0060370.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP313\A0060372.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP313\A0060394.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060750.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060796.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060798.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060808.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060816.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060819.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060823.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060824.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060825.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060826.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060849.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060851.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060869.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060871.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060875.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060910.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060914.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060918.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060919.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060920.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060921.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060928.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060930.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP319\A0060933.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060950.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060953.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060959.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060960.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060964.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060971.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060974.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060976.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060983.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060984.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060991.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP320\A0060993.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0061460.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0061462.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0061497.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0061499.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0061505.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062498.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062502.dll -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062510.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062667.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062692.exe -> Trojan.Starter : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062693.exe -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062694.dll -> Spyware.SBSoft : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0062695.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0063009.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0063010.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0063011.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0063012.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{8E3B3A85-BE7E-444C-8C23-C2B5AC40B31E}\RP322\A0063013.exe -> TrojanDownloader.IstBar.l : Cleaned with backup


Logfile of HijackThis v1.99.1
Scan saved at 4:46:17 PM, on 7/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0578DB05-D81E-B608-36C0-0D3959E4D1A9} - forces_elite.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [msag] browsebar.exe
O4 - HKLM\..\Run: [control64] runload32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwphdd] c:\windows\system32\vchbkah.exe r
O4 - HKLM\..\Run: [tvxtcf] c:\windows\system32\qhzuji.exe r
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy1\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [SYSTRAV] bhoserv.exe
O4 - HKCU\..\Run: [driver32] 34763.exe
O4 - HKCU\..\Run: [JAguAr] keybdll.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: KeyAccess.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = berea.edu
O17 - HKLM\Software\..\Telephony: DomainName = berea.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0B1B47D-AEFB-4858-92AB-D5869E116233}: NameServer = 69.50.176.196,195.225.176.110
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Informax\Vector NTI Suite 9\Ncbi.dll
O20 - AppInit_DLLs: KATRACK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: systemp - {F19F8B11-98A1-4D7C-9032-AAF5B32245D6} - systemp.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
LonnyRJones

LonnyRJones

    Malware Expert

  • Member
  • PipPipPip
  • 143 posts
Hi jerryrm
Did you run Ewido while in safe mode ? if not do so after the below fix's.

Start Hijackthis and place a check next to these items,
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {0578DB05-D81E-B608-36C0-0D3959E4D1A9} - forces_elite.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [msag] browsebar.exe
O4 - HKLM\..\Run: [control64] runload32.exe
O4 - HKLM\..\Run: [nwphdd] c:\windows\system32\vchbkah.exe r
O4 - HKLM\..\Run: [tvxtcf] c:\windows\system32\qhzuji.exe r
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [SYSTRAV] bhoserv.exe
O4 - HKCU\..\Run: [driver32] 34763.exe
O4 - HKCU\..\Run: [JAguAr] keybdll.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0B1B47D-AEFB-4858-92AB-D5869E116233}: NameServer = 69.50.176.196,195.225.176.110
O21 - SSODL: systemp - {F19F8B11-98A1-4D7C-9032-AAF5B32245D6} - systemp.dll (file missing)
====================================
Hit fix checked and close Hijackthis.

Go start run and type or better yet paste this in and hit enter or ok
sc delete SvcProc

Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a fresh hijackthis log and a silent runners log
Download Silent runners.Vbs post the log it creates please
http://www.silentrun..._scriptuse.html click yes to the suplimentry searchs
Wait until there is a All Done message !!, Then open and post the log next to it.
Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.
  • 0

#3
jerryrm

jerryrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you for helping me you folks are lovely, my hijacklog:


Logfile of HijackThis v1.99.1
Scan saved at 10:04:17 PM, on 7/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: KeyAccess.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = berea.edu
O17 - HKLM\Software\..\Telephony: DomainName = berea.edu
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Informax\Vector NTI Suite 9\Ncbi.dll
O20 - AppInit_DLLs: KATRACK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




the silent runner log:
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"PCTVOICE" = "pctspk.exe" [empty string]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{CB3E70F0-802D-11D3-81B5-00500419816C}" = "Pubmed Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Informax\Vector NTI Suite 9\PmShellEx.dll" ["InforMax, Inc."]
"{953D5FBF-0983-11D4-BE2A-0050DA5FCE6F}" = "BLASTSearch Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Informax\Vector NTI Suite 9\BlastShellEx.dll" ["InforMax, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "KATRACK.DLL" ["Sassafras Software Inc."]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csfqb.exe" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "mcdolej" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"KeyAccess" -> shortcut to: "C:\WINDOWS\keyacc32.exe -minimize" ["Sassafras Software Inc."]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"Norton AntiVirus - Scan my computer - mcdolej" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" [file not found]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" [file not found]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Atievxx.exe" [MS]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 64 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 36 seconds.
---------- (total run time: 218 seconds)
  • 0

#4
LonnyRJones

LonnyRJones

    Malware Expert

  • Member
  • PipPipPip
  • 143 posts
Thanks.

there is it
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csfqb.exe" [file not found]


Launch Notepad (not wordpad), and copy and paste the Bolded below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WareOut]
[-HKEY_CURRENT_USER\Software\WareOut]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"Disabled"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar]
[-HKEY_CURRENT_USER\Software\SearchToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"conc"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{08BEC6AA-49FC-4379-3587-4B21E286C19E}"=-




Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Restart your PC
Download pfind
http://www.bleepingc...files/pfind.php
extract the files to a folder of there own, a good place would be
C:\Pfind, open the folder and run pfind.bat, a text will open , post it.
  • 0

#5
jerryrm

jerryrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks again for your help,

Files found with this application may be legitimate.
Only remove files that you know are malware related.
Checking the C:\WINDOWS folder
C:\WINDOWS\iempg2.dll: UPX!
C:\WINDOWS\wiesasp.dll: UPX!
C:\WINDOWS\wiesasp2.dll: UPX!
C:\WINDOWS\sasent.dll: UPX!


Checking the C:\WINDOWS\SYSTEM32 folder


Checking all directories under the C:\WINDOWS\SYSTEM32\drivers folder


Checking the C:\Documents and Settings\All Users\Start Menu\programs\Startup\ folder



Checking the C:\Documents and Settings\All Users\Application Data folder



Checking the C:\Documents and Settings\mcdolej.STU-WASGOOD\Start Menu\programs\Startup\ folder



Checking the C:\Documents and Settings\mcdolej.STU-WASGOOD\Application Data folder
  • 0

#6
LonnyRJones

LonnyRJones

    Malware Expert

  • Member
  • PipPipPip
  • 143 posts
Delete these files if present.
C:\WINDOWS\system32\csfqb.exe
C:\WINDOWS\system32\cisvvc.exe
C:\WINDOWS\system32\drv2cltr.dll
C:\WINDOWS\system32\hybsys32.dll
C:\WINDOWS\system32\loadctr.exe
C:\WINDOWS\system32\rdsndin.exe
C:\WINDOWS\iempg2.dll
C:\WINDOWS\wiesasp.dll
C:\WINDOWS\wiesasp2.dll
C:\WINDOWS\sasent.dll


Are there any problems now ?
  • 0

#7
jerryrm

jerryrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The last four files were present on the computer.
  • 0

#8
LonnyRJones

LonnyRJones

    Malware Expert

  • Member
  • PipPipPip
  • 143 posts
Ok. Post back with a new Hijackthis log in a few days, in the meantime

Put in place a good hosts file
http://www.mvps.org/...p2002/hosts.htm
If you have any problems feel free to ask

See Recommended Minimal Security Settings:
http://www.mvps.org/...nted.htm#happen
  • 0

#9
jerryrm

jerryrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:11:53 PM, on 7/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: KeyAccess.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = berea.edu
O17 - HKLM\Software\..\Telephony: DomainName = berea.edu
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Informax\Vector NTI Suite 9\Ncbi.dll
O20 - AppInit_DLLs: KATRACK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#10
jerryrm

jerryrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
P.S. thank you for you effort in helping me with these problems.
  • 0

#11
LonnyRJones

LonnyRJones

    Malware Expert

  • Member
  • PipPipPip
  • 143 posts
Hello

Hows the PC acting ? any problems ?

Sun Java jre1.5.0_02 is an old build, dont trust its auto updater, turn it off and install the latest version >
Click JAVA software download over to the right: http://java.com/en/index.jsp

Check to be sure all media and chat programs are up to date also, basicly anything that uses the net should always be kept up to date.

Regards
  • 0

#12
jerryrm

jerryrm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
My pc takes a really bloody long time to finish "processing" when I get into windows (before I can actually use any of the programs) but this may just be norton and ewido slowing it down a bit. Other than that it seems to be doing well. Thank you again for your effort in guiding me through this process.
  • 0

#13
LonnyRJones

LonnyRJones

    Malware Expert

  • Member
  • PipPipPip
  • 143 posts
Im Glad we could help
Since the problems appear solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log send one of our or staff/helpers a PM or email and we will re-open it.
  • 0

#14
LonnyRJones

LonnyRJones

    Malware Expert

  • Member
  • PipPipPip
  • 143 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP