wido security suite - Process report
---------------------------------------------------------
+ Created on: 6:39:57 AM, 7/12/2005
+ Report-Checksum: 309C3BD
0: System Process
4: System Process
680: \SystemRoot\System32\smss.exe
728: System Process
752: \??\C:\WINDOWS\system32\winlogon.exe
796: C:\WINDOWS\system32\services.exe
808: C:\WINDOWS\system32\lsass.exe
964: C:\WINDOWS\system32\svchost.exe
1008: C:\WINDOWS\System32\svchost.exe
1108: c:\Program Files\ewido\security suite\ewidoctrl.exe
1148: System Process
1160: System Process
1232: C:\Program Files\ewido\security suite\SecuritySuite.exe
1276: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1312: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1460: C:\WINDOWS\system32\spoolsv.exe
1572: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1580: C:\Program Files\Spyware Doctor\swdoctor.exe
1652: C:\Program Files\Norton AntiVirus\navapsvc.exe
1732: C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
1904: C:\WINDOWS\Explorer.EXE
1920: C:\Program Files\Norton AntiVirus\SAVScan.exe
1960: C:\WINDOWS\System32\svchost.exe
1972: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2024: System Process
House call found Trojan NowareB but when I tried to delete it a message said it would be deleted on reboot.
Rebooted and ran Hijackthis
ogfile of HijackThis v1.99.1
Scan saved at 7:22:05 AM, on 7/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Me\Desktop\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [uhn] C:\WINDOWS\System32\uhn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.shar...ver/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - c:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - c:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Since starting tonight I have read that without SP1 or SP2 I can expect these problems. I was told by a friend that my system would act flacky if I installed the SP's. I quess it could not cause any bigger problems than what I have delt with tonight. Well anyways could you tell me by looking at the Hijackthis log if I've cleaned everything up before I install the SP's THANK YOU!