« previous next »
Pages: [1]   Go Down

Author Topic: My logs, or rather my fathers...  (Read 3568 times)

0 Members and 1 Guest are viewing this topic.

Offline R3D

  • Full Member
  • ***
  • Posts: 119
  • "Just once or twice is good for your soul", DE
My logs, or rather my fathers...
« on: August 20, 2006, 04:54:24 AM »
This is a new popup that I can't find in HJT.  I even found reference to random files that are supposed to be generated, but do not see them in HJT or in services running...

Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 9:22:03 PM, on 8/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\HQManager\hqdecsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINNT\system32\ctfmon.exe
C:\FDIW\UpdtChk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Dell\Software\Admin\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = javascript:resizeTo(1024,768);moveTo(0,0);document.location.href='http://www.msn.com/'
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Merriam-Webster Collegiate BHO - {8C918A35-0240-4685-B486-23B226536056} - C:\WINNT\_MWCTB.DLL
O3 - Toolbar: Merriam-Webster Collegiate Toolbar - {E9903977-FFCE-4827-A9D7-A325A0F87F18} - C:\WINNT\_MWCTB.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Collegiate &Dictionary - res://C:\WINNT\_MWCTB.DLL/23/219
O8 - Extra context menu item: Collegiate &Encyclopedia - res://C:\WINNT\_MWCTB.DLL/23/236
O8 - Extra context menu item: Collegiate &Thesaurus - res://C:\WINNT\_MWCTB.DLL/23/220
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: S&panish-English Dictionary - res://C:\WINNT\_MWCTB.DLL/23/237
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINNT\System32\shdocvw.dll (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXTwain61.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXDialog61.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.aebn.net/ws/DownloadCoach/dc5/files/objectCubeInstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125498711593
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgX61.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/msxml4.cab
O16 - DPF: {D4E3D5D9-9959-482D-9D5A-C74880E7FB74} (Merriam-Webster Unabridged Toolbar) - http://www.merriam-webstercollegiate.com/toolbar/install/webinstall.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: High Quality Decompress Service (HQDecompressService) - xxxcodec.com - C:\Program Files\Common Files\HQManager\hqdecsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

Please PM me as well if you have an answer or steps to take...

More info from other post located here:  http://www.landzdown.com/index.php?topic=10175.0
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: My logs, or rather my fathers...
« Reply #1 on: August 20, 2006, 03:16:34 PM »
Hi, R3D.  I took your log out of "quotes" to make it easier to read.

Please confirm that remote desktop is intentionally turned on for your Dad's machine. 

A. Please download/update the following files:B.  Restart your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe Mode.
  • Login on your usual account.
If you need further assistance with Safe Mode, see Symantec


C. Run CCleaner:
  • Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
  • A pop up box will appear advising this process will permanently delete files from your system.
  • To protect logon cookies that you wish to retain, under Options > Cookies.  Select and using the arrow move those cookies to the "Cookies to keep" column.
  • Then select the following items
    • In the Windows Tab:
      • Clean all entries in the "Internet Explorer" section.
      • Clean all the entries in the "Windows Explorer" section.
      • Clean all entries in the "System" section except Windows Log Files.
    • In the Applications Tab:
      • Clean all in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Please UNcheck "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)
    • Click the "Run Cleaner" button and it will scan and clean your system.
    • Click exit. 
    D.  Open the SmitfraudFix folder
    • Double-click smitfraudfix.cmd file to start the tool.
    • Select option #2 - Clean by typing 2 and press Enter.
      Warning : running option #2 on a uninfected computer will remove your Desktop background.
    • Wait for the tool to complete and disk cleanup to finish.
    • You will be prompted : "Registry cleaning - Do you want to clean the registry?"
      • Answer Yes by typing Y
      • Hit Enter.

    • The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.
      • Answer Yes to the question "Replace infected file?" by typing Y
      • Hit Enter.
      • A reboot may be needed to finish the cleaning process.  If your computer does not restart automatically please do it yourself manually.
      • Restart in Safe Mode as instructed above.
      • The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
      E. Restart in Normal Mode and double-click the HijackThis icon on your desktop.  Choose "Do a system scan and save logfile". 


      G.  Post a reply with the following logs:
      • C:\rapport.txt
      • ewido log
      • HijackThis log
      Logged
      ,  

      Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

      Remember - A day without laughter is a day wasted.
      May the wind sing to you and the sun rise in your heart.

      Offline R3D

      • Full Member
      • ***
      • Posts: 119
      • "Just once or twice is good for your soul", DE
      Re: My logs, or rather my fathers...
      « Reply #2 on: August 20, 2006, 06:31:40 PM »
      Thank you  Corrine, how is everryone these days?  I had my daughter up for the summer, and it was a lot of fun, but now I have to find a decent job again, lol...

      Anyways, here are the logs required:

      ________________________________________________
      HJT logs Aug. 20th 2006

      Logfile of HijackThis v1.99.1
      Scan saved at 11:26:26 AM, on 8/20/2006
      Platform: Windows 2000 SP4 (WinNT 5.00.2195)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\Ati2evxx.exe
      C:\WINNT\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\WINNT\system32\LEXBCES.EXE
      C:\WINNT\system32\spoolsv.exe
      C:\WINNT\system32\LEXPPS.EXE
      C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
      C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\WINNT\System32\svchost.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\WINNT\system32\Ati2evxx.exe
      C:\WINNT\system32\hidserv.exe
      C:\WINNT\Explorer.EXE
      C:\Program Files\Common Files\HQManager\hqdecsvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINNT\system32\MSTask.exe
      C:\WINNT\system32\stisvc.exe
      C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
      C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
      C:\WINNT\System32\WBEM\WinMgmt.exe
      C:\WINNT\system32\svchost.exe
      C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
      C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
      C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
      C:\Program Files\Netropa\Onscreen Display\OSD.exe
      C:\program files\support.com\bin\tgcmd.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\WINNT\system32\ctfmon.exe
      C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
      C:\FDIW\UpdtChk.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Dell\Software\Admin\HiJackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = javascript:resizeTo(1024,768);moveTo(0,0);document.location.href='http://www.msn.com/'
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Merriam-Webster Collegiate BHO - {8C918A35-0240-4685-B486-23B226536056} - C:\WINNT\_MWCTB.DLL
      O3 - Toolbar: Merriam-Webster Collegiate Toolbar - {E9903977-FFCE-4827-A9D7-A325A0F87F18} - C:\WINNT\_MWCTB.DLL
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
      O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
      O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
      O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
      O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
      O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
      O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
      O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Collegiate &Dictionary - res://C:\WINNT\_MWCTB.DLL/23/219
      O8 - Extra context menu item: Collegiate &Encyclopedia - res://C:\WINNT\_MWCTB.DLL/23/236
      O8 - Extra context menu item: Collegiate &Thesaurus - res://C:\WINNT\_MWCTB.DLL/23/220
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: S&panish-English Dictionary - res://C:\WINNT\_MWCTB.DLL/23/237
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINNT\System32\shdocvw.dll (HKCU)
      O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
      O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXTwain61.cab
      O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXDialog61.cab
      O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.aebn.net/ws/DownloadCoach/dc5/files/objectCubeInstall.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125498711593
      O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgX61.cab
      O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/msxml4.cab
      O16 - DPF: {D4E3D5D9-9959-482D-9D5A-C74880E7FB74} (Merriam-Webster Unabridged Toolbar) - http://www.merriam-webstercollegiate.com/toolbar/install/webinstall.cab
      O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: High Quality Decompress Service (HQDecompressService) - xxxcodec.com - C:\Program Files\Common Files\HQManager\hqdecsvc.exe
      O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

      _________________________________________________________
      SmitFraudFix logs Aug. 20th 2006

      SmitFraudFix v2.81

      Scan done at 10:20:15.26, Sun 08/20/2006
      Run from C:\Documents and Settings\David Nelson\Desktop\Smitfraudfix\SmitfraudFix
      OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
      Fix ran in safe mode

      »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Killing process


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
       
      Registry Cleaning done.
       
      »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» End

      ______________________________________________________________
      Ewido found nothing

      Ran everything in order, but you didn't say when to run the Ewido tool, so I ran it after both ccleaner and smitfraudfix tools, but it found nothing (in safe mode also).  Let me know if you need anything more, or if this system seems clean now...

      Thank you very much!

      Erik
      Logged

      Online Corrine

      • The Mystical Rose
      • Administrator
      • Hero Member
      • *****
      • Posts: 11530
      • "Stronger than the past, united in our goal."
        • Security Garden
      Re: My logs, or rather my fathers...
      « Reply #3 on: August 20, 2006, 10:31:54 PM »
      Good to know you & your daughter had fun.  I certainly hope things are on the upswing for you. :rose:

      As to whether the system is clean, well, Unless CCleaner did the job, there's really no change since neither ewido nor SmitRemFix found anything.  Its possible the System Integrity Scan Wizard was in the temp files.  If the popup has stopped, then that was the case.  Otherwise, we'll need to look deeper.

      BTW, I meant to mention you can remove the following with HJT:

      R3 - Default URLSearchHook is missing

      Let us know if the popup returns.
      Logged
      ,  

      Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

      Remember - A day without laughter is a day wasted.
      May the wind sing to you and the sun rise in your heart.

      Offline R3D

      • Full Member
      • ***
      • Posts: 119
      • "Just once or twice is good for your soul", DE
      Re: My logs, or rather my fathers...
      « Reply #4 on: August 21, 2006, 02:44:29 AM »
      For the limited time the system was still here, the popups did not come back.  My father had to take it back to the Bay Area and use it for work, so I hope it is better now.  I did tell him to let me know if he sees those popups again and to bring it back and I would see what I could do, if needed.

      Thank you very much!   :flowers:
      Logged

      Offline R3D

      • Full Member
      • ***
      • Posts: 119
      • "Just once or twice is good for your soul", DE
      Re: My logs, or rather my fathers...
      « Reply #5 on: August 24, 2006, 06:41:22 AM »
      Ok, The scans did not remove the problem, and it returned for my father on his system.  So, I ran the stuff again in safe mode and this time, I removed some stuff in HJT.  Things I knew were supposed to already have been removed, like Weather bug junk, some other tools that were useless, and VNC tools which  removed awhile ago.  I also removed anything that had no reference to a file or anything, actually, I'll just post the log and show what I removed...
      _______________________________
      HJT logs Aug. 23rd 2006

      Logfile of HijackThis v1.99.1
      Scan saved at 11:01:54 PM, on 8/23/2006
      Platform: Windows 2000 SP4 (WinNT 5.00.2195)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\System32\WBEM\WinMgmt.exe
      C:\WINNT\explorer.exe
      C:\Dell\Software\Admin\Special Cleaner Tools\HiJackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Merriam-Webster Collegiate BHO - {8C918A35-0240-4685-B486-23B226536056} - C:\WINNT\_MWCTB.DLL
      O3 - Toolbar: Merriam-Webster Collegiate Toolbar - {E9903977-FFCE-4827-A9D7-A325A0F87F18} - C:\WINNT\_MWCTB.DLL
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
      O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
      O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
      O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
      O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
      O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
      O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
      O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Collegiate &Dictionary - res://C:\WINNT\_MWCTB.DLL/23/219
      O8 - Extra context menu item: Collegiate &Encyclopedia - res://C:\WINNT\_MWCTB.DLL/23/236
      O8 - Extra context menu item: Collegiate &Thesaurus - res://C:\WINNT\_MWCTB.DLL/23/220
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: S&panish-English Dictionary - res://C:\WINNT\_MWCTB.DLL/23/237
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINNT\System32\shdocvw.dll (HKCU)
      O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
      O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXTwain61.cab
      O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXDialog61.cab
      O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.aebn.net/ws/DownloadCoach/dc5/files/objectCubeInstall.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125498711593
      O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgX61.cab
      O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/msxml4.cab
      O16 - DPF: {D4E3D5D9-9959-482D-9D5A-C74880E7FB74} (Merriam-Webster Unabridged Toolbar) - http://www.merriam-webstercollegiate.com/toolbar/install/webinstall.cab
      O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: High Quality Decompress Service (HQDecompressService) - xxxcodec.com - C:\Program Files\Common Files\HQManager\hqdecsvc.exe
      O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

      ______________________________________

      The other scanners did not find anything in particular, and I ran them with tighter constraints as well...

      Let me know if you see anything I missed that is not bold and should be gone.  I have not gotten a popup yet, so I think all is well, so far...   8)

      Cheers!   :Hammys pint:
      Logged

      Online Corrine

      • The Mystical Rose
      • Administrator
      • Hero Member
      • *****
      • Posts: 11530
      • "Stronger than the past, united in our goal."
        • Security Garden
      Re: My logs, or rather my fathers...
      « Reply #6 on: August 24, 2006, 11:11:51 AM »
      Did you do the removal with HJT in safe mode?  Otherwise, if in normal mode, Ad-Watch would need to be disabled.  (http://www.landzdown.com/index.php?topic=422.0)
      Logged
      ,  

      Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

      Remember - A day without laughter is a day wasted.
      May the wind sing to you and the sun rise in your heart.

      Offline R3D

      • Full Member
      • ***
      • Posts: 119
      • "Just once or twice is good for your soul", DE
      Re: My logs, or rather my fathers...
      « Reply #7 on: August 24, 2006, 04:52:14 PM »
      Yes, I did the removal in safe mode and I three is still something on the system.  I am getting redirects for regular web pages and I am sure eventually I will get the popup again.  Anything I should change on HJT to scan more thoroughly?   :?
      Logged

      Offline R3D

      • Full Member
      • ***
      • Posts: 119
      • "Just once or twice is good for your soul", DE
      Re: My logs, or rather my fathers...
      « Reply #8 on: August 24, 2006, 05:26:38 PM »
      Sorry for the double post, but I noticed a service that is running called HQService or hqdecsvc.exe", and after searching for it, I found another person that is having similar troubles and this was the only service on his system that was out of the ordinary as well.  I thought it might be a normal service, but then I decided to do a little research.  I am going to stop the service and see if this helps.  Keep an eye out for this one, as it is not caught by any of the spyware tools yet....   :shock: 

      Can I submit this file to someone?   :confused:
      Logged

      Offline R3D

      • Full Member
      • ***
      • Posts: 119
      • "Just once or twice is good for your soul", DE
      Re: My logs, or rather my fathers...
      « Reply #9 on: August 24, 2006, 06:07:09 PM »
      UPDATE:

      also noticed a "Support.com" Folder in the "Program Files" folder.  This may have propagated the malware...  Removed it...   :thumbsup:
      Logged

      Online Corrine

      • The Mystical Rose
      • Administrator
      • Hero Member
      • *****
      • Posts: 11530
      • "Stronger than the past, united in our goal."
        • Security Garden
      Re: My logs, or rather my fathers...
      « Reply #10 on: August 24, 2006, 11:29:37 PM »
      Let's see what ComboFixs shows:

      1. Download this file - combofix.exe
      2. Double click combofix.exe & follow the prompts.
      3. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window while it is running as that may cause it to stall.
      Logged
      ,  

      Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

      Remember - A day without laughter is a day wasted.
      May the wind sing to you and the sun rise in your heart.
      Pages: [1]   Go Up
      « previous next »