|
|
|
I desperately NEED help!
|
|
|
sexywoman
Newbie
|
24. March 2006 @ 09:06 |
Link to this message
|
Someone out there please help!!! I'm having troubles surfing the net. How am I supposed to get any online shopping done? It does fine for awhile but then Norton blocks something and I can't get back on the net unless I turn off my computer. I saw everyone else posting this log so I figured I'd go ahead and submit it to save time. Any help would be much appreciated. Thank you! Rebecca
Logfile of HijackThis v1.99.1
Scan saved at 12:37:18 PM, on 3/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\tbctray.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kiefer\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://andrewlinks.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: - {751B2436-05A6-45B5-9D2D-28ACBB5FE5AA} - C:\WINDOWS\lbbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: SuperBar - {A2523F9B-AE02-4233-9253-30FF2215241A} - C:\Program Files\SuperBar\SuperBar.Dll (file missing)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tbaspi - Voyetra Turtle Beach, Inc. - C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\TURTLE~1\AUDIOS~1\x10nets.exe
|
|
Advertisement
|
|
|
|
Senior Member
|
24. March 2006 @ 10:40 |
Link to this message
|
Hi, you have some infections.
You have two firewalls running. Remove ZoneAlarm or disable Nortons firewall.
Cleaning instructions:
Move HijackThis to its own folder C:\HJT
Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/
Download smitrem to your desktop >
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Doubleclick it and press Start, smitrem folder appears to the desktop.
Go to Control Panel -> Add or remove programs ->Remove SuperBar if found
Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)
Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://andrewlinks.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/...
O2 - BHO: - {751B2436-05A6-45B5-9D2D-28ACBB5FE5AA} - C:\WINDOWS\lbbho.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll
O3 - Toolbar: SuperBar - {A2523F9B-AE02-4233-9253-30FF2215241A} - C:\Program Files\SuperBar\SuperBar.Dll (file missing)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
Then go to the smitrem folder on your desktop, run RunThis.bat file and follow the instructions.
Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.
Delete these folders if found:
C:\Program Files\-->SuperBar
C:\Program Files\-->Daily Weather Forecast
Delete these files if found:
C:\WINDOWS\-->lbbho.dll
C:\WINDOWS\System32\-->wer8274.dll
Empty the Recycle Bin
Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.
Scan and clean your computer with Ewido and save the log file.
Restart your computer normally.
Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 24. March 2006 @ 10:44
|
|
sexywoman
Newbie
|
24. March 2006 @ 11:21 |
Link to this message
|
|
Thanks for your prompt attention to my dilemma. I'll get on this as soon as I can and reply back with a new log. Thanks again. Rebecca
|
|
TheReturn
Suspended due to non-functional email address
|
24. March 2006 @ 11:35 |
Link to this message
|
|
Woow, it sound sexy Rebecca
THE RETURN
Specialist in mod, hack, crack, download, copy, install, fix, repair game consoles and computers.
Click on the picture below to get files, guides and tutorials for Xbox.
|
|
sexywoman
Newbie
|
24. March 2006 @ 12:56 |
Link to this message
|
I followed your directions exactly as you had said. As soon as I got on the net the first time to send this to you, Norton blocked a port intrusion? I think that's what it said. So......I had to restart and here I am. Well, for what that's worth, here are my logs. Thanks. Rebecca
Logfile of HijackThis v1.99.1
Scan saved at 4:42:13 PM, on 3/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\tbctray.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tbaspi - Voyetra Turtle Beach, Inc. - C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\TURTLE~1\AUDIOS~1\x10nets.exe
And here's the ewido log:
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 4:33:22 PM, 3/24/2006
+ Report-Checksum: 330D0B8C
+ Scan result:
:mozilla.6:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
C:\HJT\backups\backup-20060324-155121-421.dll -> Backdoor.Agent.en : Cleaned with backup
C:\HJT\backups\backup-20060324-155121-553.dll -> Adware.Neon : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Adware.Neon : Cleaned with backup
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\lbbho.dll -> Adware.Neon : Cleaned with backup
C:\WINDOWS\svchost.ex$ -> Logger.Tofger.aw : Cleaned with backup
C:\WINDOWS\system32\in10b6.dll -> Dropper.Small.abe : Cleaned with backup
C:\WINDOWS\system32\wer8274.dll.tcf -> Backdoor.Agent.en : Cleaned with backup
C:\WINDOWS\system32\wer8274.dll1.tcf -> Backdoor.Agent.en : Cleaned with backup
::Report End
|
Senior Member
|
24. March 2006 @ 19:50 |
Link to this message
|
Ok, you are almost clean now, but I forgot something, WeatherBug can't be fully trusted.
So go to Control Panel -> Add or remove programs -> Remove WeatherBug
Fix this entry with HijackThis (if found)
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
Delete this folder if found:
C:\PROGRA~1\-->AWS
You had a keylogger on your computer (malware that logs your keystrokes) so I suggest that you immediately change all your online passwords.
This is important because you said that you do shopping. If you don't change the passwords, someone could byu stuff with your account!
That Norton blocking your internet access when it recognizes a portscan -> It is a part of Nortons protection:
-> "When a hacker is attempting to probe your computer for vulnerabilities?such as by scanning its ports?and automatically blocks access for 30 minutes."
It is just Norton protecting you from attacks. I don't have Norton so I am not sure if this can be changed from the settings.
You had a trojans and backdoors on your computer so it is not suprising that someone/thing scans your ports.
Your windows is outdated! It should be updated because now you have all kinds of vulnerabilities on your computer.
Go to here and install all important updates -> http://windowsupdate.microsoft.com
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 25. March 2006 @ 01:03
|
|
Curryjl
Newbie
|
24. March 2006 @ 20:55 |
Link to this message
|
|
i will be glad to help come join my forums page i will make anyone new that has some computer knowledge an op
hksdatabase.com click the forumslink
{HK}Curry
|
|
Advertisement
|
|
|
Moderator
|
25. March 2006 @ 01:19 |
Link to this message
|
|
@Curryjl - guess what, each of your posts so far have been crap & useless, i think you'll be leaving this site to go play on your own, on the site that you keep pimping
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules *** |
|
