Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - boastercoaster

Pages: [1]
1
Tech Clinic / Another victum of SmartSecurity
« on: May 10, 2005, 10:19:24 PM »
Thanks for the help.. Is this forum ran by donations??  Would you run any of the other things i ran to initially clean or just blaster and antisyware by microsaoft and the IE\Spyad?

2
Tech Clinic / Another victum of SmartSecurity
« on: May 10, 2005, 09:20:08 PM »
I updated the windows files does thi log look any differnet

Logfile of HijackThis v1.99.1
Scan saved at 10:11:09 PM, on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris Naramor\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://launch.yahoo.com
O15 - Trusted Zone: http://radio.music.yahoo.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

3
Tech Clinic / Another victum of SmartSecurity
« on: May 09, 2005, 10:13:16 PM »
How can i get the critical updates??

4
Tech Clinic / Another victum of SmartSecurity
« on: May 09, 2005, 09:53:09 PM »
I did exactly what u asked, disabled, then restarted and enabled.  Had I not, it wouldn't have retsored back to that point fromlast week right? My prior email a few days ago had that log from after that. Everything is enabled on startup files.



Logfile of HijackThis v1.99.1
Scan saved at 10:50:47 PM, on 5/9/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Chris Naramor\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted Zone: http://launch.yahoo.com
O15 - Trusted Zone: http://radio.music.yahoo.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

5
Tech Clinic / Another victum of SmartSecurity
« on: May 09, 2005, 05:23:16 PM »
I had to run a restore,  It got messed up. herre is logfile.  Should I run cleanup321, cwshredder,ewido?? any of these periodically or just the spywareblocker and beta.  I also have symantec antivirus coprorate edition.  I don't remeber that being in the tool bar til recently.


Logfile of HijackThis v1.99.1
Scan saved at 1:54:37 PM, on 4/30/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\crwk32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ntus.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chris Naramor\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {516B1C67-B52D-E97F-A80D-D6C5DBCBFE0A} - C:\WINDOWS\sdkbf.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [crwk32.exe] C:\WINDOWS\crwk32.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRA~1\CleanUp!\CleanUp.exe /WindowsRestart
O15 - Trusted Zone: http://launch.yahoo.com
O15 - Trusted Zone: http://radio.music.yahoo.com
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntus.exe

6
Tech Clinic / Another victum of SmartSecurity
« on: May 03, 2005, 06:00:23 PM »
I posted earlier, that  the background fixed a few minutes later. It is allright now and i can put and wallpaper i want.

7
Tech Clinic / Another victum of SmartSecurity
« on: May 02, 2005, 09:19:36 PM »
Another question, i get apop up that ask for me to"Help protect your PC scedule automatic updates.  Comes from the ower right toolbar.

And my old Anti spyware is gone and i know I put soem that you gave me.  Will they scan daily or do i need to run them.  My other one ran every night..

8
Tech Clinic / Another victum of SmartSecurity
« on: May 02, 2005, 09:01:24 PM »
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallpaper"=dword:00000000
"NoComponents"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoHTMLWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktopChanges"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000

9
Tech Clinic / Another victum of SmartSecurity
« on: May 01, 2005, 09:32:48 AM »
I thought I did post all the reports you asked for??  I don't have spybot.

10
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 09:46:53 PM »
Now it went back to Blue with icons.. Maybe it was from one of the reports i ran?

11
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 09:44:55 PM »
From blue to tan from prior post.  Should I turn Folder settting back to hidden aventually?

12
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 09:40:05 PM »
Logfile of HijackThis v1.99.1
Scan saved at 10:22:26 PM, on 4/30/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chris Naramor\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted Zone: http://launch.yahoo.com
O15 - Trusted Zone: http://radio.music.yahoo.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         9:54:26 PM, 4/30/2005
 + Report-Checksum:      802A6291

 + Date of database:      5/1/2005
 + Version of scan engine:   v3.0

 + Duration:            22 min
 + Scanned Files:         18540
 + Speed:            13.87 Files/Second
 + Infected files:         71
 + Removed files:         71
 + Files put in quarantine:      71
 + Files that could not be opened:   0
 + Files that could not be cleaned:   0

 + Binder:      Yes
 + Crypter:      Yes
 + Archives:      Yes

 + Scanned items:
   C:\
   G:\

 + Scan result:
   C:\dkload.exe -> TrojanDownloader.Small.vg -> Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\02B52AD6-8E82-4465-AEDB-B85688\6E7C4ABF-8205-439E-B443-F08C97 -> Spyware.Altnet.c -> Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\54A4A3AC-58BA-449A-9050-993E25\85C62CB7-30F5-4E2A-B256-2F0BD0 -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\7C562B22-B470-4DDE-86D0-761C98\832C5685-D0D8-4F7D-A0C4-B96DFF -> Spyware.Wintol.y -> Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\9B908EE8-46AE-4CAD-ABFA-0CA2BA\FA02292E-E9A3-4498-9503-919DE1 -> Spyware.Wintol.y -> Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\9B908EE8-46AE-4CAD-ABFA-0CA2BA\FA79F0E8-E607-424C-979C-E1CC14 -> TrojanDownloader.Wintool.f -> Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\D5499A1D-D033-4F17-A251-D9D5CB\BBEC677D-48B2-4F6E-B2A8-84A5F1 -> Spyware.Sahat.l -> Cleaned with backup
   C:\w.exe -> TrojanDownloader.Small.aod -> Cleaned with backup
   C:\WINDOWS\addrf.dll -> TrojanDownloader.Agent.lz -> Cleaned with backup
   C:\WINDOWS\apicl32.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\apiqq.dll -> TrojanDownloader.Agent.lz -> Cleaned with backup
   C:\WINDOWS\appmv32.dll -> TrojanDownloader.Agent.lz -> Cleaned with backup
   C:\WINDOWS\appxn32.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\d3rk32.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\diyju.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\dljhu.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\ehlhz.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\fmtvj.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\gzfuj.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\hgbyr.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\hrogb.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\hwofb.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\iszey.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\javavl.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\jdswr.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\mfcpd32.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\mfcqd32.dll -> TrojanDownloader.Agent.lz -> Cleaned with backup
   C:\WINDOWS\netiz.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\nifzc.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\npprw.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\ntbc.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\ntvl.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\nvcpf.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\pcbvk.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\qacak.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\qjbjq.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\rxlrt.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\sdkgo.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\sdkiz32.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\sdkln.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\sdklo32.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\system32\addif.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\system32\apilv32.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\system32\apixz32.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\system32\atlex32.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\system32\d3cp.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\system32\dqymi.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\eiikk.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\fetpy.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\fuguo.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\gxrfh.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\hoauc.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\iell.exe -> Trojan.Agent.bi -> Cleaned with backup
   C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\WINDOWS\system32\javaom32.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\system32\javaph.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\system32\jlcbg.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\mxjqn.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\netlp32.dll -> TrojanDownloader.Agent.lz -> Cleaned with backup
   C:\WINDOWS\system32\ntrf32.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
   C:\WINDOWS\system32\piygt.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\stqhe.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\sujgp.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\tibs.exe -> TrojanDownloader.Small.my -> Cleaned with backup
   C:\WINDOWS\system32\uvbjy.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\wuwkn.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\xzgnn.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\system32\zkylq.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\xfiib.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\yrjfl.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\WINDOWS\ysxzm.dll -> Spyware.Hijacker.Generic -> Cleaned with backup


::Report End
 **** Run Keys ****

RUN: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


 **** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


 **** IE Toolbars ****



 **** IE Extensions ****



 **** Hosts File Entries ****



 **** IE Settings ****

Default Page: http://www.google.com
Default Search: http://www.google.com

Scanned at: 9:24:57 PM   on: 4/30/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26

No ADS found on system
Removed 4 Random Key Entries
Removed! : C:\WINDOWS\cvajk.dat
Removed! : C:\WINDOWS\jolyz.dat
Removed! : C:\WINDOWS\mfhaz.dat
Removed! : C:\WINDOWS\zopke.dat
Removed! : C:\WINDOWS\System32\ceqcp.dat
Removed! : C:\WINDOWS\System32\idxlo.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


 »»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»
Scanning for file(s)...


Should there be more there?




As i was psting these reprts my desktop turned from blue tan and all the icons are gone..Says it cannot find the host files in the hijackthis
Host FileManager.

13
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 04:50:37 PM »
Thanks.. This will take a bit but I will try to follow exactly and get back with you.  Get back with me at your convenience aferwards.

14
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 04:02:11 PM »
»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»
Scanning for file(s)...
 
* result-> C:\WINDOWS\DESKTO~1.HTM
* result-> C:\WINDOWS\FHR~1.HTM
* result-> C:\WINDOWS\POPUP~1.HTM
 

Sorry took so long, pizza arrived.  I finally got it to work

15
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 03:09:07 PM »
That is exactly what i am doing.  But I still get the 2 windows.  How long does a scan usualyy take?

16
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 03:02:07 PM »
clninst.bat   C:'program files\Symantec_CLient_Security\Symatec antivirus

msdtcvtr.bat  c:\windows\system32\msdtc\trace



If I do a *.bat search these come up.  Don't know if that means anything.

17
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 02:53:20 PM »
Whe I hit run a window labeled C:Windows\system32\cmd.exe comes up and it says "XFind.com" is not recognized as an internal or external command, operable program or batch file.  Notedpad also opens with the scanning for files text.

18
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 02:37:41 PM »
Does this scan take a while? It has been 10 mins or so and it says scanning for files.

19
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 01:59:33 PM »
I did as you said and here is a new log

Logfile of HijackThis v1.99.1
Scan saved at 2:56:39 PM, on 4/30/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\crwk32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ntus.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chris Naramor\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pddtw.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pddtw.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pddtw.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pddtw.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pddtw.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pddtw.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pddtw.dll/sp.html#27130
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5EB8144B-6EF2-7346-72E4-ADB028205C5E} - C:\WINDOWS\system32\nethk32.dll
O2 - BHO: (no name) - {770CE589-D47C-9567-46F4-E4E08B3366BC} - C:\WINDOWS\ipxe.dll
O2 - BHO: (no name) - {E902A02C-DD59-5DE4-624F-8012F9AFA9B9} - C:\WINDOWS\apptr32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [crwk32.exe] C:\WINDOWS\crwk32.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Vaf] C:\WINDOWS\System32\Hac.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [Ocg] C:\WINDOWS\System32\Iki.exe
O4 - HKLM\..\Run: [Gqb] C:\WINDOWS\System32\Hdu.exe
O4 - HKLM\..\Run: [d3ii.exe] C:\WINDOWS\system32\d3ii.exe
O4 - HKLM\..\Run: [Cga] C:\WINDOWS\System32\Hos.exe
O4 - HKLM\..\Run: [atljw32.exe] C:\WINDOWS\system32\atljw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRA~1\CleanUp!\CleanUp.exe /WindowsRestart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O15 - Trusted Zone: http://launch.yahoo.com
O15 - Trusted Zone: http://radio.music.yahoo.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntus.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

20
Tech Clinic / Another victum of SmartSecurity
« on: April 30, 2005, 01:00:15 PM »
It seems you are the man to contact with this dumb redscreen smartsecurtity.  Here is my logfile.Logfile of HijackThis v1.99.1
Scan saved at 1:54:37 PM, on 4/30/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\crwk32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ntus.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chris Naramor\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hoauc.dll/sp.html#27130
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {516B1C67-B52D-E97F-A80D-D6C5DBCBFE0A} - C:\WINDOWS\sdkbf.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [crwk32.exe] C:\WINDOWS\crwk32.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRA~1\CleanUp!\CleanUp.exe /WindowsRestart
O15 - Trusted Zone: http://launch.yahoo.com
O15 - Trusted Zone: http://radio.music.yahoo.com
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntus.

Pages: [1]