Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - happyeaglesfan

Pages: [1]
1
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 11:47:34 PM »
guestolo,
I was able to get the SmartSecurity to go away on my desk top. My Norton Firewall was preventing the updates from loading. I disabled the firewall for all the programs you had me run. Ran the programs and it disappeared. Thank you sooooo much for my help. I am very greatful. YOUR THE BEST.
I am posting a new Hijackthis log for you to check. If you want to check anything else please let me know.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:04 AM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\wwSecure.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\HJT\hijackthis.exe

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B89EE32-C3B8-4BD5-8A28-F73CA9183D4F}: NameServer = 151.204.0.85 151.201.0.38
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe

2
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 10:21:01 PM »
When in reg mode it automatically logs in for me.  When in safe mode I have been selecting administrator.  The other option is for owner in safe mode only.

Here is the log.




Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,de,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,de,02,\
  00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,de,02,\
  00,00,01,00,00,00

3
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 10:03:29 PM »
When you access your Web tab, What do you see under Web pages?
I see
New
Properties
Synchronize
Delete
check box that is unchecked for MY CURRENT HOME PAGE

To prevent the moving.....
check box that is unchecked for LOCK DESKTOP ITEMS




"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"KernelFaultCheck" = "C:\WINNT\system32\dumprep 0 -k" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online Included"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll" ["America Online, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PhotoDeluxe BE 1.1\FotoNation Explorer\camview.dll" ["FotoNation Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll" ["Yahoo! Inc."]
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shredding Utility"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINNT\System32\sspipes.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - Owner" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
  -> {CLSID}\(Default) = "Norton AntiVirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
  -> {CLSID}\(Default) = "&Yahoo! Companion"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
  -> {CLSID}\(Default) = "Norton Internet Security"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
  -> {CLSID}\(Default) = "Norton AntiVirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
  -> {CLSID}\(Default) = "Norton Internet Security"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
  -> {CLSID}\(Default) = "Norton AntiVirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\
  -> {CLSID}\(Default) = "Real.com"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\
(Default) = "MoneySide"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1537E842-0000-11D2-8059-111111111111}\
"ButtonText" = "MP3"
"MenuText" = "&WinMp3Locator"
"CLSIDExtension" = "{1537E842-0E00-11D2-8059-000000000000}"

{1537E842-0001-11D2-8059-111111111111}\
"ButtonText" = "Files"
"MenuText" = "&FileLocator"
"CLSIDExtension" = "{1537E842-0E01-11D2-8059-000000000000}"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM95\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" ["Yahoo! Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINNT\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
ISSvc, ISSVC, "C:\Program Files\Norton Internet Security\ISSVC.exe" ["Symantec Corporation"]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINNT\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINNT\wanmpsvc.exe"" ["America Online, Inc."]
Washer AutoComplete, wwSecSvc, "C:\WINNT\System32\wwSecure.exe" ["Webroot Software, Inc."]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

4
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 09:41:47 PM »
Here is the log file.

C:\Documents and Settings\Owner\Desktop\New Folder\rkfiles
 
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINNT\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
 
Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINNT\tsc.exe: UPX!
C:\WINNT\Unwash6.exe: UPX!
C:\WINNT\vsapi32.dll: UPX!t4
Finished
bye

5
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 09:00:30 PM »
C:\WINNT\System32\helper.exe  found c:\winnt\system32\help.exe
I did not find any of the files.  Only the above file that was close.  Help instead of helper?

6
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 08:50:58 PM »
This is the notepad from find.bat???

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»
Scanning for file(s)...

7
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 08:30:20 PM »
Still unable to change desktop.  Everything was unchecked.  This thing sucks.
Thanks


Logfile of HijackThis v1.99.1
Scan saved at 9:25:18 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\wwSecure.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\HJT\hijackthis.exe

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B89EE32-C3B8-4BD5-8A28-F73CA9183D4F}: NameServer = 151.204.0.85 151.201.0.38
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe

8
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 08:06:07 PM »
Here are the files.  Please help.  It is frustrating!


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Logfile of HijackThis v1.99.1
Scan saved at 9:02:38 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe

9
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 06:29:48 PM »
guestolo,
Still have the smart Security on the desktop.  I have done everything in your last post.  Will Post a new Hijackthis log shortly.  Having trouble doing updates for some software.  Please help...
Happyeaglesfan

10
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 26, 2005, 06:02:06 AM »
Desktop is still locked with Smart Security.  Not sure what to do next.  Here is the most recent hijackthis log.  

Okay. I was able to delete the folder C:\Program Files\vspvwwqw I had to move it and then delete it. It was the only way to get rid of it. I then Ran a new Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:27:45 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\wwSecure.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4BB975F-B6D3-421B-B9DA-D5B1C9040133}: NameServer = 204.186.0.201,204.186.0.203
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe


Happyeaglesfan

11
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 25, 2005, 07:20:04 PM »
Bump

12
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 25, 2005, 12:31:34 PM »
Okay.  I was able to delete the folder C:\Program Files\vspvwwqw  I had to move it and then delete it.  It was the only way to get rid of it.  I then Ran a new Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:27:45 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\wwSecure.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4BB975F-B6D3-421B-B9DA-D5B1C9040133}: NameServer = 204.186.0.201,204.186.0.203
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe

Thanks again for your help.
Happyeaglesfan

13
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 25, 2005, 12:23:20 PM »
Bump

14
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 25, 2005, 09:39:57 AM »
bump

15
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 24, 2005, 09:59:27 PM »
hijackthis logLogfile of HijackThis v1.99.1
Scan saved at 10:56:37 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\wwSecure.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [eQ0HTkUx] C:\PROGRA~1\vspvwwqw\ecgCAsBN.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0FE0390C-914A-40C3-AB9D-8436091359D7} - C:\WINNT\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0FE0390C-914A-40C3-AB9D-8436091359D7} - C:\WINNT\System32\wldr.dll (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted IP range: 64.62.171.156
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe

Scan Report---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         10:46:08 PM, 5/24/2005
 + Report-Checksum:      B2C0837A

 + Date of database:      5/25/2005
 + Version of scan engine:   v3.0

 + Duration:            28 min
 + Scanned Files:         69719
 + Speed:            40.41 Files/Second
 + Infected files:         123
 + Removed files:         119
 + Files put in quarantine:      119
 + Files that could not be opened:   0
 + Files that could not be cleaned:   4

 + Binder:      Yes
 + Crypter:      Yes
 + Archives:      Yes

 + Scanned items:
   C:\

 + Scan result:
   C:\!Submit\ecgCAsBN.exe -> Spyware.CommonName.i -> Cleaned with backup
   C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay.j -> Cleaned with backup
   C:\Program Files\vspvwwqw\cnml.exe -> Spyware.CommonName.l -> Error during cleaning
   C:\Program Files\vspvwwqw\ecgCAsBN.dll -> Spyware.CommonName.g -> Cleaned with backup
   C:\Program Files\vspvwwqw\GQgCF8BN.dll -> Spyware.CommonName.g -> Error during cleaning
   C:\Program Files\vspvwwqw\GQgCF8BN.exe -> Spyware.CommonName.i -> Error during cleaning
   C:\Program Files\vspvwwqw\NB8FCgQG.exe -> Spyware.CommonName.g -> Error during cleaning
   C:\Program Files\vspvwwqw\NBsACgce.exe -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP123\A0027216.exe -> Spyware.NewDotNet -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP123\A0027217.exe -> Spyware.NewDotNet -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP139\A0033772.exe -> Spyware.Small.ed -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP139\A0033775.exe -> Spyware.CommonName.i -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP42\A0009930.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0010722.srg -> Spyware.Exact -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0010724.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0010725.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011725.srg -> Spyware.Exact -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011727.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011728.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011736.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/exdl.exe -> Spyware.Exact -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/mqexdlm.srg -> Spyware.Exact -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011739.vxd/C:/WINNT/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011763.dll -> Spyware.Relevance.b -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011768.exe -> Spyware.WinAD.k -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011771.exe -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011772.exe -> Spyware.CommonName.i -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP45\A0011773.dll -> Spyware.BabeIE -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP58\A0015933.dll -> Trojan.TopAntiSpyware.h -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP58\A0015935.dll -> Trojan.TopAntiSpyware.h -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP58\A0015937.exe -> TrojanDropper.Small.oy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP58\A0015977.sys -> Backdoor.Haxdoor.az -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP58\A0015978.sys -> Backdoor.Haxdoor.az -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP59\A0016044.dll -> Spyware.PurityScan.ak -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP65\A0016098.exe -> Trojan.Agent.cl -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP65\A0016099.dll -> Trojan.Agent.cl -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016220.exe -> Spyware.Small.dm -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016221.exe -> Spyware.Small.dm -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016223.exe -> Spyware.Small.dm -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016241.exe -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016242.exe -> Spyware.CommonName.i -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016243.dll -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016246.exe -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016247.exe -> Spyware.CommonName.i -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016248.dll -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016250.exe -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016251.exe -> Spyware.CommonName.i -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016252.dll -> Spyware.CommonName.g -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016360.dll -> Trojan.Agent.cl -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP67\A0016362.exe -> Trojan.Agent.cl -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP74\A0017389.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP74\A0017394.exe -> Spyware.PurityScan.at -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018430.dll -> Spyware.Toolbar -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018431.dll -> Spyware.WebSearch.ae -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/exdl.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/mqexdlm.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018440.vxd/C:/WINNT/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018444.exe -> Spyware.PurityScan.bf -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018445.dll -> Spyware.PurityScan.ak -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018453.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018478.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018479.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018481.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018515.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP75\A0018517.exe -> Spyware.PurityScan.at -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP81\A0019579.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP81\A0019580.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/exdl.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/mqexdlm.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019621.vxd/C:/WINNT/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019623.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP82\A0019626.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP83\A0020279.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP83\A0020579.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021628.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/exdl.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/mqexdlm.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021631.vxd/C:/WINNT/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021634.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP84\A0021636.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP85\A0021675.exe -> Spyware.PurityScan.w -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP85\A0021676.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP90\A0024101.dll -> Spyware.PurityScan.ak -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP90\A0024102.exe -> Spyware.PurityScan.bf -> Cleaned with backup
   C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP91\A0024307.EXE -> Spyware.PurityScan.bf -> Cleaned with backup
   C:\WINNT\Akh.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\Bae.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\Dcf.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\dd.exe -> Trojan.Agent.cl -> Cleaned with backup
   C:\WINNT\Gfu.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\Hbl.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\NDNuninstall5_64.exe -> Spyware.NewDotNet -> Cleaned with backup
   C:\WINNT\NDNuninstall6_10.exe -> Spyware.NewDotNet -> Cleaned with backup
   C:\WINNT\NDNuninstall6_22.exe -> Spyware.NewDotNet -> Cleaned with backup
   C:\WINNT\NDNuninstall6_30.exe -> Spyware.NewDotNet -> Cleaned with backup
   C:\WINNT\Pne.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\Qjc.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\Sia.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\Sts.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\system32\563984.exe -> Spyware.Small.dm -> Cleaned with backup
   C:\WINNT\system32\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\WINNT\Tsu.html -> Spyware.Spywad.b -> Cleaned with backup
   C:\WINNT\Vnl.html -> Spyware.Spywad.b -> Cleaned with backup


::Report End

16
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 24, 2005, 09:25:59 PM »
I am working on the ewido security scan.  Then the hijackthis scan is next.  I did not find the files
C:\Program Files\Search Maid
C:\Program Files\Security IGuard
C:\Program Files\Virtual Maid
C:\Program Files\vspvwwqw
C:\WINNT\System32\Log Files
 
As soon as I get the hijackthis log fixed I will post it.
thank you

17
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 24, 2005, 08:13:59 PM »
guestolo
Here is my Hijackthis log file.  Sorry I did not get it out yesterday.  Had some other problems to tend with.  Right now I am only able to access the internet in safe mode.  Does this cause a problem for the log file?
Thanks for your help

Logfile of HijackThis v1.99.1
Scan saved at 9:11:41 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [eQ0HTkUx] C:\PROGRA~1\vspvwwqw\ecgCAsBN.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Microsoft AntiSpyware helper - {0FE0390C-914A-40C3-AB9D-8436091359D7} - C:\WINNT\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0FE0390C-914A-40C3-AB9D-8436091359D7} - C:\WINNT\System32\wldr.dll (file missing)
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe

18
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 23, 2005, 01:18:48 PM »
guestolo,
Just leaving work.  The computer with the problem is at home.  I do know how to do Hijackthis.  I will post it tonight.  About 9 pm Est.  Will that be okay.  I have seen you helped others with this same problem.  I have tried to follow it but not very successful.  Sorry that I have to go home to finish this.  I really am thankful for your help.
Thanks
GR

19
Tech Clinic / SmartSecurity Desktop Hijacked
« on: May 23, 2005, 12:43:17 PM »
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> I have this smart Security desktop ad on my computer and have been trying to remove it.  Antispyware, and other have been run.  I tried trendmicro free online scan.  I am unable to get rid of it.  I do not want to reinstall windows.  Is there anything that can get rid of it.  Any Options. or other who have the problem.
Thanks for time
G>R

Pages: [1]