[bitter1]

Hi there,
Looking for some help removing remains of either of these trojans. I run Norton system works and had within days updated the virus definitions, but both these trojans got through. I followed Symantec removal proceedures for the alemod first and with some help from these forums and Killbox, amoung other programs, I think I had the alemod fixed. Then the cachecache/psguard one came forward and I've trying to kill it or whatevers left of the alemod one for the last week. I get a popup window asking to be allowed to connect to a website on the internet. If I go online, the bites sent to received is astronomical and it keeps running on and dump info off my computer. I disconnect the internet connection and the window keeps popping up every 5 seconds asking to reconnect. I've followed several adminstrators advice from related forums and downloaded and ran about ten anti viruse/spyware programs in startup mode and as recommended in the"do this first before posting Hijack this log", all to no avail. Beast keeps coming back. Also, after I run antivirus programs in order, then re boot to windows and finding the virus still there, go back to safety mode, when I re-run Ad-aware it keeps finding cool web search in two locations, windows\system32\wbem\wbemess.log and in the reg key. Any help with a fix and a review of this Hijack log would be greatly appreciated. Log below. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 8:14:05 PM, on 11/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\sm56hlpr.exe
E:\DragToDisc\DrgToDsc.exe
E:\AudioCentral\RxMon.exe
C:\WINDOWS\System32\ngkp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
E:\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rasautou.exe
C:\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ihot.com:3128
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Windows ASN Services] ngkp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows ASN Services] ngkp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: [bleep].cmd
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111545783364
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O20 - Winlogon Notify: wingjc32 - C:\WINDOWS\SYSTEM32\wingjc32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Advertisements]

Welcome bitter1 to Geeks to Go!

I have a minor problem with your log
We use a filter to not allow some words. One of those words is in your log. It's here as [bleep]. Please look in your log (on your computer) to see what it's real name is. Then see if you can find it on your computer.
Replace the full path in Killbox where I say [bleep].


Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!


Please download noahdfear's smitRem.exe©. Save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.

***

Launch ewido, there should be an icon on your desktop double-click it.

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\System32\ngkp.exe
[bleep].cmd <= replace this with the full path to the file.

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [Windows ASN Services] ngkp.exe

O4 - HKLM\..\RunServices: [Windows ASN Services] ngkp.exe

O4 - Global Startup: [bleep].cmd

O20 - Winlogon Notify: wingjc32 - C:\WINDOWS\SYSTEM32\wingjc32.dll

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows
You will need to allow the popups for this site!

Run the Free use Panda Active Scan.

• Click on Scan your PC. A new browser window will open with Panda ActiveScan. If this is the first time you scan your PC, you'll have to download the ActiveX controls (8 MB).
• A new window will open
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When the download is complete, click on My computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.

Edited by g2i2r4, 10 November 2005 - 10:54 AM.

[g2i2r4]

Welcome bitter1 to Geeks to Go!

I have a minor problem with your log
We use a filter to not allow some words. One of those words is in your log. It's here as [bleep]. Please look in your log (on your computer) to see what it's real name is. Then see if you can find it on your computer.
Replace the full path in Killbox where I say [bleep].


Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!


Please download noahdfear's smitRem.exe©. Save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.

***

Launch ewido, there should be an icon on your desktop double-click it.

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\System32\ngkp.exe
[bleep].cmd <= replace this with the full path to the file.

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [Windows ASN Services] ngkp.exe

O4 - HKLM\..\RunServices: [Windows ASN Services] ngkp.exe

O4 - Global Startup: [bleep].cmd

O20 - Winlogon Notify: wingjc32 - C:\WINDOWS\SYSTEM32\wingjc32.dll

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows
You will need to allow the popups for this site!

Run the Free use Panda Active Scan.

• Click on Scan your PC. A new browser window will open with Panda ActiveScan. If this is the first time you scan your PC, you'll have to download the ActiveX controls (8 MB).
• A new window will open
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When the download is complete, click on My computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.

Edited by g2i2r4, 10 November 2005 - 10:54 AM.

[bitter1]

g2i2r4,
You da man or you da woman or you da letters and numbers but you awesome. I'm logged on to this forum with my computer and it's not popin up anything and the bites sent to received is back to normal. No run away bites being sent.
I tried to follow all your guidelines and everything ran good except panda scan. I ran it 4-5 times and it would hang up every time at C:\windows\system32\ntdll.dll. I don't know why. I tried killing individually each of the security products I've got running in the background and retry but it kept dying in the same spot. Here are the rest of the logs. Let me know if I need to do anything further or what I might try for the panda to run. Thanks again.

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:44:01 PM, 11/10/2005
+ Report-Checksum: F933ED5C

+ Scan result:

No infected objects found.


::Report End
Logfile of HijackThis v1.99.1
Scan saved at 6:00:22 PM, on 11/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\DragToDisc\DrgToDsc.exe
E:\AudioCentral\RxMon.exe
E:\AudioCentral\Playlist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\MICROS~1\Office10\OUTLOOK.EXE
C:\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\End user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ihot.com:3128
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111545783364
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4319893B-9514-433C-94AB-09FA666099C6}: NameServer = 69.19.189.116 66.81.0.252
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


smitRem © log file
version 2.7

by noahdfear

The current date is: Thu 11/10/2005
The current time is: 12:28:28.83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!

[g2i2r4]

I'm glad to hear things are getting better. Looks good sofar.

See if you can run Panda for local disk C: please.

Edited by g2i2r4, 11 November 2005 - 09:19 AM.

[bitter1]

g2i2r4,
Panda ran in the "check drives" mode. Below is the log. I saw this C:\i before and wondered about it. What do you think I should do?
Thanks.
Less bitter 1



Incident Status Location

Virus:W32/Sasser.ftp Disinfected C:\WINDOWS\SYSTEM32\cmd.ftp
Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\SYSTEM32\c.bat
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\SYSTEM32\i
Virus:W32/Lentin.E Disinfected Archive Folders\Deleted Items\Fw: Draga Kristina\Draga Kristina.bmp.pif
Virus:W32/Lentin.E Disinfected Archive Folders\Deleted Items\Fw: Draga Kristina\Draga Kristina.mp3
Virus:W32/Lentin.E Disinfected Archive Folders\Deleted Items\Fw: make ur friend happy :-)\checkfriends.scr
Virus:W32/Magistr.B Disinfected Archive Folders\Deleted Items\After reviewing your information,.\inform.bat
Virus:W32/Sobig.B Disinfected Archive Folders\Deleted Items\Your details\your_details.pif
Virus:W32/Sobig.E Disinfected Archive Folders\Deleted Items\Re: Application\your_details.zip[details.pif]
Virus:W32/Sobig.E Disinfected Archive Folders\Deleted Items\Re: Movie\your_details.zip[details.pif]
Virus:W32/Zafi.B.worm Disinfected Archive Folders\Deleted Items\Check this out kid!!!\jennifer the wild girl xxx07.jpg.pif
Virus:W32/Zafi.B.worm Disinfected Archive Folders\Deleted Items\PDFER901\Surprise.pif
Virus:Trj/Downloader.DLE Disinfected C:\all.exe
Adware:Adware/Startpage.AJF No disinfected C:\!KillBox\shdochop.dll

[g2i2r4]

Panda cleaned what it could find. So that's good now.

From what I see there's a lot of infected mail. Be very carefull what you do and what you open. If you don't know the sender, be extra carefull.

Is the computer running ok?
If so, shall I post you some tips for the future and close this topic?