Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win xp boot time

Started by Wayne Puckett , Aug 06 2005 01:56 PM

  • Please log in to reply

#16
coachwife6
Posted 22 August 2005 - 06:37 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I've never seen a report look like that. Did you set it in wraparound in notepad?
  • 0

Advertisements

#17
Wayne Puckett
Posted 22 August 2005 - 11:14 AM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It was saved as url but posted on notepad
  • 0

#18
peterm
Posted 22 August 2005 - 11:17 AM

peterm

    Trusted Tech

  • Technician
  • 3,387 posts
try save as text
  • 0

#19
Wayne Puckett
Posted 22 August 2005 - 11:29 AM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok lets try this
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0057)http://housecall60.t...l/en/result.htm -->
<HTML><HEAD><TITLE>Trend Micro Housecall</TITLE>
<META http-equiv=Content-Type content="text/html; charset=utf-8"><LINK
href="Trend Micro Housecall_files/housecall.css" type=text/css
rel=stylesheet><LINK href="Trend Micro Housecall_files/hnss.css" type=text/css
rel=stylesheet>
<script language=JavaScript src="Trend Micro Housecall_files/string.js"
type=text/JavaScript></SCRIPT>

<script src="Trend Micro Housecall_files/hc.js"></SCRIPT>

<script src="Trend Micro Housecall_files/basic.js"></SCRIPT>

<script language=JavaScript id=data_src defer type=text/JavaScript></SCRIPT>

<script language=JavaScript type=text/JavaScript>
<!--

var theDoc = document;
var theWin = window;
var theBody = document.body;
var max_size = 500;
function MM_swapImgRestore() { //v3.0
var i,x,a=theDoc.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}

function MM_preloadImages() { //v3.0
var d=theDoc; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}

function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=theDoc; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; theDoc.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){theDoc.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}

function MM_goToURL() { //v3.0
var i, args=MM_goToURL.arguments; theDoc.MM_returnValue = false;
for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}

var virusShow = false;
var WTShow = false;
var SpywareShow = false;
var VAShow = false;

function switch2(st)
{
toggleDisplay(get(st));
//var sTemp = (theDoc.all(st).style.display == "none") ? STR_SHOW : STR_HIDE;
var sTemp;
if (theDoc.all(st).style.display == "none") {
sTemp = STR_SHOW
} else {
sTemp = STR_HIDE;

if ( st == "virus" ) {
if ( !virusShow ) {
virusShow = true;
printVirusResult();
}
} else if ( st == "T" ) {
if ( !WTShow ) {
WTShow = true;
printWTResult();
}
} else if ( st == "S" ) {
if ( !SpywareShow ) {
SpywareShow = true;
printSpywaresResult();
}
} else if ( st == "va" ) {
if ( !VAShow ) {
VAShow = true;
printVAResult();
}
}
}
theDoc.all("btn" + st).value = sTemp;
}

var CHECK_INFO = new Array();
var RISK_INFO = new Array();

CHECK_INFO['virus'] =
{ name:STR_VIRUS_SCAN, risk:RISK_FREE, desc:'', num:0, numInfected:0, selected:0 };

CHECK_INFO['wormtrojan'] =
{ name:STR_TROJAN_WORM_CHECK, risk:RISK_FREE, desc:'', num:0, selected:0 };

CHECK_INFO['spyware'] =
{ name:STR_SPYWARE_CHECK, risk:RISK_FREE, desc:'', num:0, selected:0 };

CHECK_INFO['vulnerability'] =
{ name:STR_MS_VULNERABILITY_CHECK, risk:RISK_FREE, desc:'', num:0, selected:0 };

RISK_INFO[RISK_FREE] = { image_url:'images/icon_free.gif', alt_msg:STR_RISK_FREE };
RISK_INFO[RISK_LOW] = { image_url:'images/icon_low.gif', alt_msg:STR_LOW_RISK };
RISK_INFO[RISK_MEDIUM] = { image_url:'images/icon_medium.gif', alt_msg:STR_MEDIUM_RISK };
RISK_INFO[RISK_HIGH] = { image_url:'images/icon_high.gif', alt_msg:STR_HIGH_RISK };

var BASE_URL_VIRUS =
'http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=';
var BASE_URL_WORMTROJAN =
'http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=';
var BASE_URL_SPYWARE =
'http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=';
var BASE_URL_VULNERABILITY =
'http://www.trendmicro.com/en/security/advisories/';

var num_virus_infected_files = 0;
var num_spyware_no_cookie = 0;
var num_spyware_is_cookie = 0;

function image_link(name) {
var risk = CHECK_INFO[name].risk;
var img;
img = theDoc.createElement("IMG");
img.src = RISK_INFO[risk].image_url;
img.alt = RISK_INFO[risk].alt_msg;
img.style.width = "24";
img.style.height = "24";
img.align = "absmiddle";
return img;
//var risk = CHECK_INFO[name].risk;
//return '<img src="' + RISK_INFO[risk].image_url + '" alt="' +
// RISK_INFO[risk].alt_msg + '" width="24" height="24" align="absmiddle">';
}

function process_summary() {
var mode = 0;
var flags = 0;
var total_threat = 0;
var num;
var risk;

mode = getCookie(HC_COOKIE_SCAN_MODE);

flags = getCookie(HC_COOKIE_SCAN_FLAGS);

if (flags & CVS) {
num = (typeof INFECTED_FILES != "undefined") ?
INFECTED_FILES.length : 0;
risk = getCookie('risk_virus');
CHECK_INFO['virus'].selected = true;
CHECK_INFO['virus'].num = num;
CHECK_INFO['virus'].numInfected = (typeof NumInfected != "undefined") ? NumInfected : 0;
CHECK_INFO['virus'].risk = (typeof risk == "number") ?
risk : (num > 0 ? RISK_HIGH : RISK_FREE);
CHECK_INFO['virus'].desc = (CHECK_INFO['virus'].num == 0) ? STR_NO_VIRUS_FOUND :
((CHECK_INFO['virus'].num > 1) ?
num + STR_MULTIPLE_VIRUSES_FOUND : STR_ONE_VIRUS_FOUND);
total_threat += CHECK_INFO['virus'].num;
}

if (flags & CVS) {
num = (typeof DETECTED_WORMS_TROJANS != "undefined") ?
DETECTED_WORMS_TROJANS.length : 0;
risk = getCookie('risk_wormtrojan');
CHECK_INFO['wormtrojan'].selected = true;
CHECK_INFO['wormtrojan'].num = num;
CHECK_INFO['wormtrojan'].risk = (typeof risk == "number") ?
risk : (num > 0 ? RISK_HIGH : RISK_FREE);
CHECK_INFO['wormtrojan'].desc = (CHECK_INFO['wormtrojan'].num == 0) ? STR_NO_WORMTROJAN_FOUND :
((CHECK_INFO['wormtrojan'].num > 1) ?
num + STR_MULTIPLE_WORMTROJANES_FOUND : STR_ONE_WORMTROJAN_FOUND);
total_threat += CHECK_INFO['wormtrojan'].num;
}

if (flags & CSS) {
num = (typeof DETECTED_SPYWARES != "undefined") ?
DETECTED_SPYWARES.length : 0;

for (z = 0; z < num; z++) {
CheckSpywareType(DETECTED_SPYWARES[z].name);
}

risk = getCookie('risk_spyware');
CHECK_INFO['spyware'].selected = true;
CHECK_INFO['spyware'].num = num;
CHECK_INFO['spyware'].risk = (typeof risk == "number") ?
risk : ((num_spyware_no_cookie != 0) ? RISK_MEDIUM : ((num_spyware_is_cookie != 0) ? RISK_LOW : RISK_FREE));


CHECK_INFO['spyware'].desc = (CHECK_INFO['spyware'].num == 0) ? STR_NO_SPYWARE_FOUND :
((CHECK_INFO['spyware'].num > 1) ?
num + STR_MULTIPLE_SPYWARES_FOUND : STR_ONE_SPYWARE_FOUND);
total_threat += CHECK_INFO['spyware'].num;
}

if (flags & CVA) {
num = (typeof DETECTED_VULNERABILITIES != "undefined") ?
DETECTED_VULNERABILITIES.length : 0;
risk = getCookie('risk_vulnerability');
CHECK_INFO['vulnerability'].selected = true;
CHECK_INFO['vulnerability'].risk = (typeof risk == "number") ?
risk : (num > 0 ? RISK_MEDIUM : RISK_FREE);

var highest = RISK_FREE;
if (typeof DETECTED_VULNERABILITIES != "undefined") {
for (var i = 0; i < DETECTED_VULNERABILITIES.length; i++) {
var level = DETECTED_VULNERABILITIES[i].risk;
if (level >= 0 && level <= 1) level = RISK_LOW;
else if (level >= 2 && level <= 3) level = RISK_MEDIUM;
else if (level >= 4 && level <= 5) level = RISK_HIGH;
else level = RISK_FREE;
if (level > highest) highest = level;
}
}

CHECK_INFO['vulnerability'].risk = highest;

CHECK_INFO['vulnerability'].num = num;
CHECK_INFO['vulnerability'].desc = (CHECK_INFO['vulnerability'].num == 0) ? STR_NO_VULN_FOUND :
((CHECK_INFO['vulnerability'].num > 1) ?
num + STR_MULTIPLE_VULNS_FOUND : STR_ONE_VULN_FOUND);
total_threat += CHECK_INFO['vulnerability'].num;
}
}


function onLoad()
{
var printable_result = false;
var result_path = getCookie(HC_COOKIE_RESULT_PATH);

if (theWin.blur)
theWin.focus();

//if (typeof theWin.opener != "undefined") {
if (theWin.parent.location.href.indexOf('result.htm') != -1) {
printable_result = true;
hide(get('button_virus'));
hide(get('button_S'));
hide(get('button_T'));
hide(get('button_va'));

theDoc.getElementById('td_virus_scan').innerText = " " + theDoc.getElementById('td_virus_scan').innerText;
theDoc.getElementById('td_Trojan').innerText = " " + theDoc.getElementById('td_Trojan').innerText;
theDoc.getElementById('td_spyware').innerText = " " + theDoc.getElementById('td_spyware').innerText;
theDoc.getElementById('td_Vulnerability').innerText = " " + theDoc.getElementById('td_Vulnerability').innerText;

}
//}

if (typeof result_path != "string")
result_path = TEMP_RESULT_PAGE_DEFAULT;
else
result_path = "file:///" + hcEscape(result_path);

theDoc.getElementById('data_src').src = result_path;

process_summary();

if (CHECK_INFO['virus'].selected) {
display(get('summary_virus'));
if (printable_result) display(get('virus'));
if (CHECK_INFO['virus'].num > 0)
display(get('details_virus'));
display(get('divider_1'));
}

if (CHECK_INFO['wormtrojan'].selected) {
display(get('summary_wormtrojan'));
if (printable_result) display(get('T'));
if (CHECK_INFO['wormtrojan'].num > 0)
display(get('details_wormtrojan'));
display(get('divider_2'));

}

if (CHECK_INFO['spyware'].selected) {
display(get('summary_spyware'));
if (printable_result) display(get('S'));
if (CHECK_INFO['spyware'].num > 0)
display(get('details_spyware'));
display(get('divider_3'));
}

if (CHECK_INFO['vulnerability'].selected) {
display(get('summary_vulnerability'));
if (printable_result) display(get('va'));
if (CHECK_INFO['vulnerability'].num > 0)
display(get('details_vulnerability'));
display(get('divider_4'));
}

outputData();
if (printable_result) {
printVirusResult();
printWTResult();
printSpywaresResult();
printVAResult();
}
}

function getCleanActionMsg(action) {
if (action == 0) {
return STR_ACTION_NOT_CLEANED;
} else if (action == 1) {
return STR_ACTION_CLEAN_SUCCESS;
} else if (action == 2) {
return STR_ACTION_CLEAN_FAILURE;
} else if (action == 3) {
return STR_ACTION_DELETE_SUCCESS;
} else if (action == 4) {
return STR_ACTION_DELETE_FAILURE;
} else if (action == 5) {
return STR_ACTION_IGNORE;
}
return STR_ACTION_UNKNOWN;
}

function getDCSActionMsg(action) {
if (action == 0) {
return STR_DCS_ACTION_NOT_CLEANED;
} else if (action == 1) {
return STR_DCS_ACTION_CLEAN_SUCCESS;
} else if (action == 2) {
return STR_DCS_ACTION_CLEAN_FAILURE;
} else if (action == 5) {
return STR_ACTION_IGNORE;
} else if (action == 7 || action == 9) {
return STR_DCS_ACTION_CLEAN_SUCCESS + ' (' + STR_TSC_ACTION_REBOOT + ')';
} else if (action == 8) {
return STR_DCS_ACTION_CLEAN_FAILURE + ' (' + STR_TSC_ACTION_REBOOT + ')';
}
return STR_TSC_ACTION_UNKNOWN;
}

function getSPYWActionMsg(action) {
if (action == 0) {
return STR_SPYW_ACTION_NOT_CLEANED;
} else if (action == 1) {
return STR_SPYW_ACTION_CLEAN_SUCCESS;
} else if (action == 2) {
return STR_SPYW_ACTION_CLEAN_FAILURE;
} else if (action == 5) {
return STR_ACTION_IGNORE;
} else if (action == 7 || action == 9) {
return STR_SPYW_ACTION_CLEAN_SUCCESS + ' (' + STR_TSC_ACTION_REBOOT + ')';
} else if (action == 8) {
return STR_SPYW_ACTION_CLEAN_FAILURE + ' (' + STR_TSC_ACTION_REBOOT + ')';
}
return STR_TSC_ACTION_UNKNOWN;
}

function GetWormsTrojansType(str) {
if (str.indexOf('WORM') != -1) {
return STR_WORM;
} else if (str.indexOf('TROJ') == 0) {
return STR_TROJ;
} else if (str.indexOf('PE') == 0) {
return STR_PE;
}
return STR_OTHERS;
}

function CheckSpywareType(str) {
if (str.indexOf('ADW') != -1) {
num_spyware_no_cookie++;
} else if (str.indexOf('COOKIE') == 0) {
num_spyware_is_cookie++;
} else if (str.indexOf('SPYW') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('BHO') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('BKDR') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('DIAL') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('HKTL') == 0) {
num_spyware_no_cookie++;
} else if (str.indexOf('RAP') == 0) {
num_spyware_no_cookie++;
}
}

function GetSpywaresType(str) {
if (str.indexOf('ADW') != -1) {
num_spyware_no_cookie++;
return STR_ADW;
} else if (str.indexOf('COOKIE') == 0) {
num_spyware_is_cookie++;
return STR_COOKIE;
} else if (str.indexOf('SPYW') == 0) {
num_spyware_no_cookie++;
return STR_SPYW;
} else if (str.indexOf('BHO') == 0) {
num_spyware_no_cookie++;
return STR_BHO;
} else if (str.indexOf('BKDR') == 0) {
num_spyware_no_cookie++;
return STR_BKDR;
} else if (str.indexOf('DIAL') == 0) {
num_spyware_no_cookie++;
return STR_DIAL;
} else if (str.indexOf('HKTL') == 0) {
num_spyware_no_cookie++;
return STR_HKTL;
} else if (str.indexOf('RAP') == 0) {
num_spyware_no_cookie++;
return STR_RAP;
}
num_spyware_no_cookie++;
return STR_OTHERS;
}

function getRiskLevelMsg(risk) {
switch (risk) {
case 1:
return STR_VA_RISK_LEVEL_LOW;
break;
case 2:
return STR_VA_RISK_LEVEL_MODERATE;
break;
case 3:
return STR_VA_RISK_LEVEL_IMPORTANT;
break;
case 4:
return STR_VA_RISK_LEVEL_CRITICAL;
break;
case 5:
return STR_VA_RISK_LEVEL_HIGHLY_CRIT;
break;
default:
return STR_VA_RISK_LEVEL_UNKNOWN;
break;
}
}

function outputData()
{
var object;

object = theDoc.getElementById('risk_virus');
object.insertBefore(image_link('virus'), null);
object = theDoc.getElementById('risk_wormtrojan');
object.insertBefore(image_link('wormtrojan'), null);
object = theDoc.getElementById('risk_spyware');
object.insertBefore(image_link('spyware'), null);
object = theDoc.getElementById('risk_vulnerability');
object.insertBefore(image_link('vulnerability'), null);

theDoc.getElementById('msg_virus').innerText =
CHECK_INFO['virus'].desc;
theDoc.getElementById('msg_wormtrojan').innerText =
CHECK_INFO['wormtrojan'].desc;
theDoc.getElementById('msg_spyware').innerText =
CHECK_INFO['spyware'].desc;
theDoc.getElementById('msg_vulnerability').innerText =
CHECK_INFO['vulnerability'].desc;

theDoc.getElementById('num_virus').innerText =
CHECK_INFO['virus'].num;
theDoc.getElementById('num_infected').innerText =
CHECK_INFO['virus'].numInfected;
if (CHECK_INFO['virus'].numInfected > max_size)
{
theDoc.getElementById('max_infected').innerText =
max_size;
theDoc.getElementById('num_infected2').innerText =
CHECK_INFO['virus'].numInfected;
theDoc.getElementById('limit_infected').style.display="";
}
theDoc.getElementById('num_wormtrojan').innerText =
CHECK_INFO['wormtrojan'].num;
if (CHECK_INFO['wormtrojan'].num > max_size)
{
theDoc.getElementById('max_wormtrojan').innerText =
max_size;
theDoc.getElementById('num_wormtrojan2').innerText =
CHECK_INFO['wormtrojan'].num;
theDoc.getElementById('limit_wormtrojan').style.display="";
}
theDoc.getElementById('num_spyware').innerText =
CHECK_INFO['spyware'].num;
if (CHECK_INFO['spyware'].num > max_size)
{
theDoc.getElementById('max_spyware').innerText =
max_size;
theDoc.getElementById('num_spyware2').innerText =
CHECK_INFO['spyware'].num;
theDoc.getElementById('limit_spyware').style.display="";
}
theDoc.getElementById('num_vulnerability').innerText =
CHECK_INFO['vulnerability'].num;
if (CHECK_INFO['vulnerability'].num > max_size)
{
theDoc.getElementById('max_vulnerability').innerText =
max_size;
theDoc.getElementById('num_vulnerability2').innerText =
CHECK_INFO['vulnerability'].num;
theDoc.getElementById('limit_vulnerability').style.display="";
}
}

function printVirusResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof INFECTED_FILES != "undefined") {
var details_virus_list_object;
var tableflag = false;
var size = max_size;
var numDropDown = 0;

details_virus_list_object = theDoc.getElementById('details_virus_list');
tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_virus_list_object.insertBefore(tbl, null);

for (i = 0; i < INFECTED_FILES.length ; i++) {
var virus_array = INFECTED_FILES[i].detected_viruses.split(';');
for (var j = 0; j < virus_array.length; j++) {
var virus_info = virus_array[j].split(':');
var url = BASE_URL_VIRUS + virus_info[0].replace("*", "");
var threatname = INFECTED_FILES[i].filename;

if (INFECTED_FILES[i].viruses_type == 1)
threatname = STR_DRIVE_BOOT_RECORD + threatname;
else if (INFECTED_FILES[i].viruses_type == 2)
threatname = STR_DRIVE_PARTITION_TABLE + threatname;

//zip file
if (INFECTED_FILES[i].fileinArch.length)
{
if (tableflag == false) {
//start of sub-table
tableflag = true;

//Add a row of zip file
tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr,null);

td = theDoc.createElement("TD");
td.style.wordBreak = "break-all";
td.style.width = "50%";
td.innerText = threatname;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
td.align = "center";
td.style.width = "30%";
tr.insertBefore(td,null);

td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td, null);
div = theDoc.createElement("DIV");
div.align="center";
td.insertBefore(div,null);
numDropDown++;
}

tr = theDoc.createElement("TR");
tr.valign="center";
tbody.insertBefore(tr,null);

td = theDoc.createElement("TD");
td.paddingLeft = "10px";
td.style.wordBreak = "break-all";
td.style.width = "50%";
buffer = "- ";

if ( INFECTED_FILES[i].fileinArch.length )
buffer += INFECTED_FILES[i].fileinArch;
else
buffer += "";
td.innerText = buffer;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
tr.insertBefore(td, null);
div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.width="30%";
a.innerText = virus_info[0];
div.insertBefore(a, null);
td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td,null);
div = theDoc.createElement("DIV");
div.align="center";
td.insertBefore(div,null);

if (tableflag == true &&
((i < INFECTED_FILES.length -1 && INFECTED_FILES[i].filename != INFECTED_FILES[i+1].filename) ||
(i == INFECTED_FILES.length - 1)))
{
//end of sub-table
tableflag = false;
}
} else {
//not zip file

tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr,null);
td = theDoc.createElement("TD");
td.style.wordBreak = "break-all";
td.style.width = "50%";
td.innerText = threatname;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
tr.insertBefore(td, null);
div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.width="30%";
a.innerText = virus_info[0];
div.insertBefore(a, null);
td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td,null);
div = theDoc.createElement("DIV");
div.align="center";
td.insertBefore(div,null);
numDropDown++;
}
}
if ( numDropDown == size )
i = INFECTED_FILES.length;
}
}
}

function printWTResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof DETECTED_WORMS_TROJANS != "undefined") {
var details_wormtrojan_list_object = theDoc.getElementById('details_wormtrojan_list');
var size = max_size;

tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_wormtrojan_list_object.insertBefore(tbl, null);
if ( DETECTED_WORMS_TROJANS.length < size)
size = DETECTED_WORMS_TROJANS.length;

for (i = 0; i < size; i++) {
var url = BASE_URL_WORMTROJAN + DETECTED_WORMS_TROJANS[i].name;
tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr, null);

td = theDoc.createElement("TD");
td.style.width = "30%";
tr.insertBefore(td, null);
a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.innerText = DETECTED_WORMS_TROJANS[i].name;
td.insertBefore(a, null);

td = theDoc.createElement("TD");
td.style.width = "50%";
tr.insertBefore(td,null);

div = theDoc.createElement("DIV");
div.align = "center";
div.innerText = GetWormsTrojansType(DETECTED_WORMS_TROJANS[i].name);
td.insertBefore(div, null);

td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td, null);

div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
}
}
}

function printSpywaresResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof DETECTED_SPYWARES != "undefined") {
var details_spyware_list_object = theDoc.getElementById('details_spyware_list');
var size = max_size;

tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_spyware_list_object.insertBefore(tbl, null);
if ( DETECTED_SPYWARES.length < size)
size = DETECTED_SPYWARES.length;

for (i = 0; i < size; i++) {
var url = BASE_URL_SPYWARE + DETECTED_SPYWARES[i].name;

tr = theDoc.createElement("TR");
tr.valign = "center";
tbody.insertBefore(tr, null);

td = theDoc.createElement("TD");
td.style.width = "30%";
tr.insertBefore(td);

a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.innerText = DETECTED_SPYWARES[i].name;
td.insertBefore(a, null);

td = theDoc.createElement("TD");
td.style.width = "50%";
tr.insertBefore(td, null);

div = theDoc.createElement("DIV");
div.align = "center";
div.innerText = GetSpywaresType(DETECTED_SPYWARES[i].name);
td.insertBefore(div, null);

td = theDoc.createElement("TD");
td.style.width = "20%";
tr.insertBefore(td, null);

div = theDoc.createElement("DIV");
div.align = "center";
td.insertBefore(div, null);
}
}
}

function printVAResult() {
var tbl, tbody, tr, td, div, a, buffer, i;

if (typeof DETECTED_VULNERABILITIES != "undefined") {
var details_vulnerability_list_object = theDoc.getElementById('details_vulnerability_list');
var size = max_size;

tbl = theDoc.createElement("TABLE");
tbl.cellpadding = "0";
tbl.cellspacing = "4";
tbl.style.width = "100%";
tbl.style.fontFamily = "Arial, Helvetica, sans-serif";
tbl.style.fontSize = "11px";
tbl.style.paddingTop = "1px";
tbl.style.paddingRight ="1px";
tbl.style.paddingBottom = "1px";
tbl.style.paddingLeft = "1px";
tbl.style.backgroundColor = "#E8E8E8";

tbody = theDoc.createElement("TBODY");
tbl.insertBefore(tbody,null);
details_vulnerability_list_object.insertBefore(tbl, null);
if ( DETECTED_VULNERABILITIES.length < size)
size = DETECTED_VULNERABILITIES.length;

for (i = 0; i < size; i++) {
var url = BASE_URL_VULNERABILITY + DETECTED_VULNERABILITIES[i].name + '.htm';

tr = theDoc.createElement("TR");
tbody.insertBefore(tr, null);

td = theDoc.createElement("TD");
td.valign = "top";
td.style.width = "15%";
td.innerText = getRiskLevelMsg(DETECTED_VULNERABILITIES[i].risk);
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
td.valign = "top";
td.innerText = DETECTED_VULNERABILITIES[i].desc;
tr.insertBefore(td, null);

td = theDoc.createElement("TD");
td.valign = "top";
td.align = "center";
td.style.width = "20%";
td.innerText = " ";
tr.insertBefore(td,null);

a = theDoc.createElement("A");
a.href = url;
a.target = "_blank";
a.innerText = DETECTED_VULNERABILITIES[i].name;
td.insertBefore(a,null);
}
}
}

//-->
</SCRIPT>

<META content="MSHTML 6.00.2900.2722" name=GENERATOR></HEAD>
<BODY oncontextmenu=window.event.returnValue=false leftMargin=0 topMargin=0
onload=onLoad() marginheight="0" marginwidth="0">
<TABLE class=table cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR id=summary_virus style="DISPLAY: none">
<TD class=contentbold id=td_virus_scan bgColor=#ffffff height=28>Virus
Scan</TD>
<TD class="" bgColor=#ffffff height=28>
<DIV id=risk_virus align=center></DIV></TD>
<TD class=content id=msg_virus bgColor=#ffffff height=28></TD>
<TD class="" height=28>
<DIV id=button_virus align=center><INPUT class=buybutton id=btnvirus style="WIDTH: 60px" onclick="switch2('virus')" type=button value=Show name=btnvirus>
</DIV></TD></TR>
<TR id=divider_1 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=virus style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_infected>0</SPAN> infected file(s) with <SPAN
id=num_virus>0</SPAN> virus(es) on your computer<SPAN
id=limit_infected style="DISPLAY: none">. Only <SPAN
id=max_infected>0</SPAN> out of <SPAN
id=num_infected2>0</SPAN> infected files are displayed</SPAN>.
<BR>
<TABLE class=data3 id=details_virus style="DISPLAY: none"
cellSpacing=4 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="50%"><STRONG>Detected File</STRONG></TD>
<TD width="30%">
<DIV align=center><B>Associated Virus Name</B></DIV></TD>
<TD width="20%">
<DIV align=center><B></B></DIV></TD></TR><!--
<tr>
<td>C:\download\doc\file.doc</td>
<td>XXX</td>
<td>Clean</td>
</tr>
<tr>
<td>C:\download\doc\file2.doc</td>
<td>XXX</td>
<td>Clean</td>
</tr>
-->
<TR>
<TD id=details_virus_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR id=summary_wormtrojan style="DISPLAY: none">
<TD class=contentbold id=td_Trojan bgColor=#ffffff height=28>Trojan/Worm
Check</TD>
<TD class="" width="6%" bgColor=#ffffff height=28>
<DIV id=risk_wormtrojan align=center></DIV></TD>
<TD class=content id=msg_wormtrojan width="37%" bgColor=#ffffff
height=28></TD>
<TD class="" height=28>
<DIV id=button_T align=center><INPUT class=buybutton id=btnT style="WIDTH: 60px" onclick="switch2('T')" type=button value=Show name=btnT>
</DIV></TD></TR>
<TR id=divider_2 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=T style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR>
<TD><STRONG>What we checked:</STRONG><BR>Malicious activity by
a Trojan horse program. Although a Trojan seems like a
harmless program, it contains malicious code and once
installed can cause damage to your computer. </TD></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_wormtrojan>0</SPAN> Trojan horse program(s) and worm(s)
on your computer<SPAN id=limit_wormtrojan
style="DISPLAY: none">. Only <SPAN id=max_wormtrojan>0</SPAN>
out of <SPAN id=num_wormtrojan2>0</SPAN> Trojan horse programs
and worms are displayed</SPAN>.<BR>
<TABLE class=data3 id=details_wormtrojan style="DISPLAY: none"
cellSpacing=4 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="30%"><STRONG>Trojan/Worm Name</STRONG></TD>
<TD width="50%">
<DIV align=center><STRONG>Trojan/Worm
Type</STRONG></DIV></TD>
<TD width="20%">
<DIV align=center><STRONG></STRONG></DIV></TD></TR><!--
<tr>
<td valign="top">XXX</td>
<td><a href="http://www.trendmicr...ROJ_IRCDREAM.A" target="_blank">http://www.trendmicr...REAM.A</a></td>
</tr>
-->
<TR>
<TD id=details_wormtrojan_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR id=summary_spyware style="DISPLAY: none">
<TD class=contentbold id=td_spyware width="43%" bgColor=#ffffff
height=28>Spyware Check</TD>
<TD class="" bgColor=#ffffff height=28>
<DIV id=risk_spyware align=center></DIV></TD>
<TD class=content id=msg_spyware bgColor=#ffffff height=28></TD>
<TD class="" width="14%" height=28>
<DIV id=button_S align=center><INPUT class=buybutton id=btnS style="WIDTH: 60px" onclick="switch2('S')" type=button value=Show name=btnS>
</DIV></TD></TR>
<TR id=divider_3 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=S style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR>
<TD><STRONG>What we checked:</STRONG><BR>Whether personal
information was tracked and reported by spyware. Spyware is
often installed secretly with legitimate programs downloaded
from the Internet. </TD></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_spyware>0</SPAN> spyware(s) on your computer<SPAN
id=limit_spyware style="DISPLAY: none">. Only <SPAN
id=max_spyware>0</SPAN> out of <SPAN id=num_spyware2>0</SPAN>
spywares are displayed</SPAN>. <BR>
<TABLE class=data3 id=details_spyware style="DISPLAY: none"
cellSpacing=4 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="30%"><STRONG>Spyware Name</STRONG></TD>
<TD width="50%">
<DIV align=center><STRONG>Spyware Type</STRONG></DIV></TD>
<TD width="20%">
<DIV align=center><STRONG></STRONG></DIV></TD></TR><!--
<tr>
<td valign="top">XXX</td>
<td><a href="http://www.trendmicr...ROJ_IRCDREAM.A" target="_blank">http://www.trendmicr...REAM.A</a></td>
</tr>
-->
<TR>
<TD id=details_spyware_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR id=summary_vulnerability style="DISPLAY: none">
<TD class=contentbold id=td_Vulnerability bgColor=#ffffff
height=28>Microsoft Vulnerability Check</TD>
<TD class="" bgColor=#ffffff height=28>
<DIV id=risk_vulnerability align=center></DIV></TD>
<TD class=content id=msg_vulnerability bgColor=#ffffff height=28></TD>
<TD class="" height=28>
<DIV id=button_va align=center><INPUT class=buybutton id=btnva style="WIDTH: 60px" onclick="switch2('va')" type=button value=Show name=btnva>
</DIV></TD></TR>
<TR id=divider_4 style="DISPLAY: none" bgColor=#cccccc>
<TD class=contentbold colSpan=4 height=1><IMG height=1
src="Trend Micro Housecall_files/1space.gif" width=1></TD></TR>
<TR>
<TD colSpan=4>
<TABLE id=va style="DISPLAY: none" cellSpacing=0 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD class=data2>
<TABLE class=data3 cellSpacing=0 cellPadding=5 width="100%">
<TBODY>
<TR>
<TD><STRONG>What we checked:</STRONG><BR>Microsoft known
security vulnerabilities. These are issues Microsoft has
identified and released Critical Updates to fix. </TD></TR>
<TR>
<TD><STRONG>Results:</STRONG><BR>We have detected <SPAN
id=num_vulnerability>0</SPAN> vulnerability/vulnerabilities on
your computer<SPAN id=limit_vulnerability
style="DISPLAY: none">. Only <SPAN
id=max_vulnerability>0</SPAN> out of <SPAN
id=num_vulnerability2>0</SPAN> vulnerabilities are
displayed</SPAN>. <BR>
<TABLE class=data3 id=details_vulnerability
style="DISPLAY: none" cellSpacing=4 cellPadding=0
width="100%">
<TBODY>
<TR>
<TD width="15%"><STRONG>Risk Level</STRONG></TD>
<TD><STRONG>Issue</STRONG></TD>
<TD align=middle width="20%"><STRONG>How to
Fix</STRONG></TD></TR>
<TR>
<TD id=details_vulnerability_list
colSpan=3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><!--
<tr>
<td colspan="4" class="contentbold"> </td>
</tr>
--></TBODY></TABLE></BODY></HTML>
  • 0

#20
Wayne Puckett
Posted 22 August 2005 - 11:43 AM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
When I first got here I took steps 1-5 this is first scan @ Panda


Incident Status Location

Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\local-user\Application Data\Sskcwrd.dll
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\local-user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-58cd69c1.zip[InstallerApplet.class]
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\local-user\My Documents\Nailfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\local-user\My Documents\Nailfix.zip[Process.exe]
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Possible Virus. No disinfected C:\Program Files\Archive\archive.exe
Adware:adware/quicksearch No disinfected C:\WINDOWS\Downloaded Program Files\install.inf
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe
  • 0

#21
peterm
Posted 22 August 2005 - 12:00 PM

peterm

    Trusted Tech

  • Technician
  • 3,387 posts
Please go to Start > control panel> Administrative Tools Double click on the Icon
double click on event viewer click on system This should give a list on the right.
Do any have a red cross? we are looking for ones around the time you turned your computer on
  • 0

#22
Wayne Puckett
Posted 22 August 2005 - 12:08 PM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Peterm No red x on any - Application - Serurity & System
  • 0

#23
peterm
Posted 22 August 2005 - 12:32 PM

peterm

    Trusted Tech

  • Technician
  • 3,387 posts
not the answer I wanted I will get someone to read the log you posted
  • 0

#24
coachwife6
Posted 22 August 2005 - 12:54 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Get rid of these files and folders.

C:\Documents and Settings\local-user\Application Data\Sskcwrd.dll
C:\Documents and Settings\local-user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-58cd69c1.zip[InstallerApplet.class]
C:\Documents and Settings\local-user\My Documents\Nailfix\<<this folder
C:\Program Files\Aprps\<,entire folder
C:\Program Files\Archive\archive.exe
C:\WINDOWS\Downloaded Program Files\install.inf
C:\WINDOWS\etb\xml\images\casino.bmp
C:\WINDOWS\etb\xml\images\dating.bmp
C:\WINDOWS\etb\xml\images\drugs.bmp
C:\WINDOWS\etb\xml\images\fav.bmp
C:\WINDOWS\etb\xml\images\virus.bmp
C:\WINDOWS\system32\tsuninst.exe

Run Ewido again if you have it. If not, please post a new hijack this log, so we can do the nail fix. :tazz:
  • 0

#25
Wayne Puckett
Posted 23 August 2005 - 10:53 AM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:51:46 AM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Documents and Settings\local-user\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#26
coachwife6
Posted 24 August 2005 - 09:33 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You did great. How is it running? Do another panda scan and then I'll let peterm look at ya.
  • 0

#27
Wayne Puckett
Posted 25 August 2005 - 10:42 AM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Well system still slow to boot up. New panda scan


Incident Status Location

Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\LOCAL-USER\FAVORITES\Casino & Carrers
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\LOCAL-USER\FAVORITES\Health
Adware:adware/wupd No disinfected Windows Registry
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Adware:adware/apropos No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\!Submit\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\!Submit\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\!Submit\fav.bmp
Adware:Adware/Apropos No disinfected C:\!Submit\ProxyStub.dll
Spyware:Spyware/ISTBar No disinfected C:\!Submit\tsuninst.exe
Spyware:Spyware/BargainBuddy No disinfected C:\!Submit\virus.bmp
  • 0

#28
coachwife6
Posted 25 August 2005 - 06:23 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Please download CleanUp! - Download - HomePage
Install and run. Click on the button labeled CleanUp!.

When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.


If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#29
Wayne Puckett
Posted 25 August 2005 - 06:24 PM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello Peterm I went back an looked at event manager. looked at each file Application - Serurity & System and I have red X's on things in Application an system. Sorry I did'nt look far enough first time did not look at each file. What to do now?
  • 0

#30
Wayne Puckett
Posted 25 August 2005 - 06:37 PM

Wayne Puckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello Coach Wife 6, I have done this(steps1-5) before I posted. I have Ad Aware SE personal verison 1.06r1 and definitions file se1R63 24.08 2005 I think this is the latest verison. I have and use Cleanup! I deleted the files from first panda scan with killbox that you said. It appears they rewrite themsleves :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 2:56:14 PM, on 8/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\local-user\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

:)

Edited by Wayne Puckett, 25 August 2005 - 10:14 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP