Jump to content


Photo

Please Help


  • Please log in to reply
14 replies to this topic

#1 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 20 July 2004 - 09:14 PM

Hi, I think that I may have a trojan.

THANKS IN AVVANCE

Logfile of HijackThis v1.97.7
Scan saved at 10:10:04 PM, on 7/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\PELMICED.EXE
C:\WINNT\system32\lxamsp32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Navnt\POPROXY.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\General\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POPROXY.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://lngmail.cndr.com/iNotes.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7864.7821643519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

:wave: :wave: :wave: :wave:

#2 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 20 July 2004 - 09:45 PM

First update HijackThis to Version # 1.98.0 Then rescan and post a fresh log

The following is the only problem you have but I would like to see a new log when updated.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

#3 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 21 July 2004 - 05:04 PM

THANKS !!

Here is the file. Since the last problem I have been using Mozilla Firefox exclusively with better results.

Logfile of HijackThis v1.98.0
Scan saved at 6:01:40 PM, on 7/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\PELMICED.EXE
C:\WINNT\system32\lxamsp32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Navnt\POPROXY.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\General\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POPROXY.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ComcastHSI - {177001D2-CA62-4734-8CA7-7715AA22F33C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {52EE2B81-EA49-43F6-92B1-3B18E3B1E38E} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {BD7820BC-9793-4AB1-9B43-4453F072A94D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://lngmail.cndr.com/iNotes.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#4 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 21 July 2004 - 05:35 PM

Your log is clean!

Just a lil' cleanup of some missing files,

O9 - Extra button: ComcastHSI - {177001D2-CA62-4734-8CA7-7715AA22F33C} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {52EE2B81-EA49-43F6-92B1-3B18E3B1E38E} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {BD7820BC-9793-4AB1-9B43-4453F072A94D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)

Good luck with Firefox :2tu:

#5 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 21 July 2004 - 06:56 PM

I have just finished running the Ewido Trojan removal program and it claims to have found the Downloader.Agent.P and successfully fixed it – but, I also had ~ 15 non readable files mostly in the Winnt/System32 area which concerns me. Two were supposedly on the main C directory, but I could not find either. The one just was just a question mark.

When I ran HJT – it came up with a message that I could not write down saying that it opened under a new name or the like because of a Trojan attacking it. The header just had some random yellow characters on the top where HJT would be, then ran normally.

Now when I open it, it freezes for ~ 10 seconds with red letters on the top and a 015 Trusted Zone Enumeration then runs OK – is this normal ?

I just ran HJT and deleted the 3 lines that you suggested – was that the correct action ?

THANKS !!!!!!!!!!!!!!!!!!!!!!
:bounce: :bounce:

#6 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 21 July 2004 - 06:59 PM

Sorry for the typo – it was not HJT but I believe CWShredder that had the random run and was attacked by the Trojan. I also just installed the Ewido program.

:scratchhead:

#7 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 21 July 2004 - 09:19 PM

I have just finished running the Ewido Trojan removal program and it claims to have found the Downloader.Agent.P and successfully fixed it – but, I also had ~ 15 non readable files mostly in the Winnt/System32 area which concerns me.  Two were supposedly on the main C directory, but I could not find either.  The one just was just a question mark.


I don't know much about Ewido Trojan Suite. Can you post a log from it?

When I ran HJT – it came up with a message that I could not write down saying that it opened under a new name or the like because of a Trojan attacking it.  The header just had some random yellow characters on the top where HJT would be, then ran normally.



Please update CWShredder, run it with all windows closed and post the results.

Now when I open it, it freezes for ~ 10 seconds with red letters on the top and a 015 Trusted Zone Enumeration then runs OK – is this normal ?


This is normal for the new version.

I just ran HJT and deleted the 3 lines that you suggested – was that the correct action ?


Great now could you post a fresh HJT log to be sure.

#8 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 21 July 2004 - 09:40 PM

I don't know much about Ewido Trojan Suite. Can you post a log from it?
No, I could not find one.

Please update CWShredder, run it with all windows closed and post the results.
I an running version that I just downloaded 1.59.1. In the past I have never been able to do an update it always comes back unavailable. The last time that I ran it, It told me that I have the CWS trojan CWS.Smartsearch.2 I have followed the directions from this site but has never found the trojan - I even used the mini tool and placed it in the correct directory.

Currently my system seems to be running better, but I would love to get ride of the CWS.

Sorry - here is the latest log. THANKS !!!!!!!1

Logfile of HijackThis v1.98.0
Scan saved at 10:31:39 PM, on 7/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\PELMICED.EXE
C:\WINNT\system32\lxamsp32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Navnt\POPROXY.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\lexpps.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\General\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POPROXY.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://lngmail.cndr.com/iNotes.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

#9 dolphins

dolphins

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 131 posts

Posted 22 July 2004 - 11:07 AM

Your log is clean.

Are you having any problems other than CWShredder not working?

#10 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 22 July 2004 - 11:19 PM

Are you having any problems other than CWShredder not working?

Answer: Well, it says that I have the CWS trojan CWS.Smartsearch.2 which I can not fix, but I currently do not have nay other symtems.

THANKS !!!



:unsure:

#11 needenalife

needenalife

    Member

  • Full Member
  • Pip
  • 42 posts

Posted 23 July 2004 - 12:45 AM

Try running these two things for me

Panda ActiveScan

And

http://vil.nai.com/vil/stinger/

The second program picks up SOME worms and trojans. Hopefully your problem is in those some

:)

let me know if those dont work

#12 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 25 July 2004 - 09:10 AM

Stinger ran OK, I will be sure to run it from time to time.

Panda did find a couple more virus's, I normally run Panda once a week - it always seems to find more then all of the other scans, I currently use Norton and will not renew.

THANKS for your help !!!

Off to the Jersey shore for a week of R & R.


:bounce: :bounce: :bounce:

#13 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 01 August 2004 - 05:54 PM

Back from da shore. As previously mentioned I WAS able to copy an Ewido log, I will attach it. It shows unreadable files, not sure if any of them are dangerous or if the SPAMMERS have hidden some of their crap there.

THANKS AGAIN….

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:32:08 PM, 8/1/2004
+ Report-Checksum: 5A899851

+ Date of database: 8/1/2004
+ Version of scan engine: v1.1

+ Duration: 50 min
+ Scanned Files: 61616
+ Speed: 20.15 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 16
+ Files that could not be cleaned: 0

+ Ignore extension: Yes
+ Binder: Yes
+ Crypter: Yes
+ Memory: No
+ Archives: No
+ Heuristic: No

+ Scanned items:
C:\

+ Scan result:
C:\WINNT\system32\config\software.LOG -> File could not be opened
C:\WINNT\system32\config\default.LOG -> File could not be opened
C:\WINNT\system32\config\SECURITY -> File could not be opened
C:\WINNT\system32\config\SECURITY.LOG -> File could not be opened
C:\WINNT\system32\config\SYSTEM.ALT -> File could not be opened
C:\WINNT\system32\config\SAM -> File could not be opened
C:\WINNT\system32\config\SAM.LOG -> File could not be opened
C:\WINNT\system32\config\SYSTEM -> File could not be opened
C:\WINNT\system32\config\SOFTWARE -> File could not be opened
C:\WINNT\system32\config\DEFAULT -> File could not be opened
C:\WINNT\? -> File could not be opened
C:\Documents and Settings\StevenM\NTUSER.DAT.LOG -> File could not be opened
C:\Documents and Settings\StevenM\NTUSER.DAT -> File could not be opened
C:\Documents and Settings\StevenM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat -> File could not be opened
C:\Documents and Settings\StevenM\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG -> File could not be opened
C:\pagefile.sys -> File could not be opened

#14 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 06 August 2004 - 06:31 PM

...

#15 dffr1

dffr1

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 14 August 2004 - 10:17 AM

...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button