Solved: Spy Axe Removal Instructions?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
I've seen some posts here about removing Spy Axe but it seems like everybody's case might be a little bit different. What should I do and/or what information do you need?

Keep in mind; I have no idea how to obtain my Hijack Log.
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
Logfile of HijackThis v1.99.1
Scan saved at 9:05:28 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Beakey\Local Settings\Temporary Internet Files\Content.IE5\0LC5MFG1\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4q.cc/chuck/
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9896.tmp (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RebateNation0] "C:\Program Files\Rebate_Nation\RebateNation0.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095975144796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning
  • Go to Start>>Control Panel>>Add or Remove Program
  • Uninstall any of the following programs that appear in the list:

    SpyAxe
    Rebate Nation

  • Save smitRem to your Desktop and run smitRem.exe
  • Download and install Ewido Security Suite
  • During the installation, uncheck the following under Additional Options:

    Install background guard
    Install scan via context menu
  • Run Ewido and click OK when prompted to update the program
  • On the left side of the screen, click update>>Start
  • When the update is finished, exit Ewido
  • Open the smitRem folder and run RunThis.bat. Follow the onscreen prompts
  • Run Ewido Security Suite
  • Click scanner>>Complete System Scan
  • Click OK when prompted to clean the problems found
  • When the scan is finished, click Save Report and save a copy of this log to your Desktop
  • Exit Ewido
  • Go to Start>>Control Panel>>Internet Options>>Programs
  • Click Reset Web Settings>>Apply>>OK
  • Go to Start>>Control Panel>>Display>>Desktop
  • Click Customize Desktop>>Web
  • If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK
  • Restart your computer
  • Post the contents of C:\smitfiles.txt
  • Post the contents of the Ewido Security Suite report that you saved to your Desktop earlier
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
Quick note: Ewido has not prompted me to update (I'm still at that step, don't want to go further if everything's not in order).

Should I still go further or is something wrong?
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
Here is the Kaspersky Online Scanner Report and C:\smitfiles.txt

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 30, 2005 03:00:26
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/12/2005
Kaspersky Anti-Virus database records: 158048
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 51055
Number of viruses found: 26
Number of infected objects: 178
Number of suspicious objects: 3
Duration of the scan process: 2547 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Beakey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv677.jar-6b09289f-2bb993a4.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Beakey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv677.jar-6b09289f-2bb993a4.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton AntiVirus\Quarantine\007E3BAA.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\00D405B1.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\01236A32.cla Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\01AE15E0.cla Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\04B94ABE.cla Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\04E326E8.htm Infected: Trojan-Clicker.HTML.IFrame.b
C:\Program Files\Norton AntiVirus\Quarantine\04FA4CCE.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\05044AC4.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\050774C0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\050774C0.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\050774C0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\050774C0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\050774C0.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\050A1EBC.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\050A1EBC.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\050E48B9.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\051172B5.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\051746AE.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\051E1AA7.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\08D10D9E.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\08D4379A.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\08D4379A.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\08D4379A.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\08D4379A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\08D4379A.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\08DE358F.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\08E50988.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\08EF077D.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\09214492.cla Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\09E02A73.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0F5B6D6A.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\0F8B1C8A.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\100E52F2.cla Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\10AB5BDF.htm Infected: Trojan-Downloader.JS.Psyme.ap
C:\Program Files\Norton AntiVirus\Quarantine\10C87E2C.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\11B07AC0.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\11C14CAE.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\131A0ADA.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\131A0ADA.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\131A0ADA.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\131A0ADA.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\131A0ADA.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\131A0ADA.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\13205ED2.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\132408CF.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\132408CF.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\132A5CC8.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\13E30CB9.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\13E30CB9.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\13E30CB9.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\13E30CB9.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\163943EA.gif Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\186B7D56.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\197C11A5.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\197C11A5.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\197C11A5.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\197C11A5.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\1D0E4471.cla Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\223A5AC3.cla Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\223A5AC3.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\223A5AC3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\223A5AC3.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\223A5AC3.zip Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\22861D0F.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\23307F55.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\23437B40.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\293373E1.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\295F4A9D.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\29724688.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2B5F72B2.htm Infected: Trojan-Clicker.HTML.IFrame.b
C:\Program Files\Norton AntiVirus\Quarantine\2B736E9D.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2B80168E.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2B80168E.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2B80168E.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2B80168E.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2B80168E.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2B876A87.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2B876A87.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2B876A87.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2B876A87.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2B876A87.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2B876A87.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\2B8A1484.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2B8D3E80.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2B90687C.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\2C512627.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2C536884.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2CF644ED.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2CF96EEA.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2D0616DB.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2D1A12C6.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2D2A64B4.cla Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\2D2D0EB0.cla Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\315F55E0.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\315F55E0.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\315F55E0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\315F55E0.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\315F55E0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\315F55E0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\315F55E0.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\316629D9.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\316953D5.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\316953D5.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\338A1BC3.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\35D86548.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\365D7FB4.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\3A1C1663.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3A1C1663.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3A1C1663.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3A1C1663.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3A1C1663.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3A1C1663.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3A226A5B.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\3A293E54.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3BDF5F41.cla Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\3BDF5F41.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\3BDF5F41.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\3BDF5F41.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\3BDF5F41.zip Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\3DEC4350.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\3E7D341D.cla Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\43936EC7.cla Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\45E14FE3.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4BD5305D.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4CE95423.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5C683DDF.cla Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\5E750FD8.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5E750FD8.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\602F1711.htm Infected: Trojan-Dropper.VBS.Inor.cz
C:\Program Files\Norton AntiVirus\Quarantine\60463CF8.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\60463CF8.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\60463CF8.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\60463CF8.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\61D16A9E.cla Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\68BE2FB5.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\68C159B1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\68C159B1.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\68C159B1.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\68C159B1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\68C159B1.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\68C403AE.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\68C72DAA.cla Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\68CB57A7.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\68CE01A3.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\69266F42.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\69266F42.zip/Jvb.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\69266F42.zip/MyFunction.class Infected: Trojan-Dropper.Java.Small.c
C:\Program Files\Norton AntiVirus\Quarantine\69266F42.zip/MainApp.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\69266F42.zip Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\6DB94ECC.cla Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\6EB46556.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\713A3608.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\714433FD.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\714433FD.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\714433FD.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\714433FD.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d
C:\Program Files\Norton AntiVirus\Quarantine\714433FD.zip Infected: Trojan-Downloader.Java.OpenStream.d
C:\Program Files\Norton AntiVirus\Quarantine\71475DF9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\71475DF9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\71475DF9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\71475DF9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\71475DF9.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\71B07C89.reg Infected: Trojan.WinREG.StartPage
C:\Program Files\Norton AntiVirus\Quarantine\74007C01.cla Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\748C2FB8.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\76A6676F.cla Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\772B53AE.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\772B53AE.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\7D8E1DEF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7DC72B02.cla Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\7DC72B02.zip/a.class Infected: Trojan.Java.ClassLoader.b
C:\Program Files\Norton AntiVirus\Quarantine\7DC72B02.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\7DC72B02.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\7DC72B02.zip Infected: Trojan.Java.ClassLoader.u
C:\Program Files\Norton AntiVirus\Quarantine\7E180A28.htm Infected: Exploit.HTML.Mht
C:\System Volume Information\_restore{BA08E10A-25E9-49AA-99DA-D2463A8E73C9}\RP325\A0053084.dll Infected: not-virus:Hoax.Win32.Renos.ak
C:\System Volume Information\_restore{BA08E10A-25E9-49AA-99DA-D2463A8E73C9}\RP325\A0053091.exe Infected: Trojan-Downloader.Win32.Zlob.dn
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP0\A0000022.dll Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP0\A0000022.dll:ldhmz:$DATA Infected: Trojan-Downloader.Win32.Agent.ap

Scan process completed.



smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 12/29/2005
The current time is: 21:47:45.42

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

wbeconm.dll
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]c.org
Killing PID 732 'explorer.exe'
Killing PID 732 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
Here is the Ewido Security Suite report and the HijackThis log.
I'm going to bed and will check this thread sometime Friday morning.
You have been amazingly helpful so far and I thank you so much.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:56:02 AM, 12/30/2005
+ Report-Checksum: 26FC30A1

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKU\S-1-5-21-1454471165-602162358-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1454471165-602162358-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
C:\Documents and Settings\Beakey\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Beakey\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Beakey\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Beakey\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Beakey\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Beakey\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Beakey\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\ckz1048f\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 3:08:32 AM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Beakey\Local Settings\Temporary Internet Files\Content.IE5\SXGRIN4J\HijackThis[1].exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RebateNation0] "C:\Program Files\Rebate_Nation\RebateNation0.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095975144796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
One last thing before we go further:
Kaspersky On-Line Scanner found a total of 207 faults, between viruses, infections, and suspicious objects.
I don't see an area on that program that lets me delete them.
Should I delete them now or will something in my next steps take care of this?
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
Anybody around that knows where to go from here?
It seems to be better but I can tell I'm not done.
 
Joined
Jul 8, 2002
Messages
14,681
Run HijackThis and click Do a system scan only. Put a checkmark next to these entries and click Fix Checked:
O4 - HKLM\..\Run: [RebateNation0] "C:\Program Files\Rebate_Nation\RebateNation0.exe"
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot

Delete this folder:
C:\Program Files\Rebate_Nation

Delete this file:
C:\Windows\system32\rk.exe

Clear your Java Cache: http://fxtrade.oanda.com/help/clear_cache.shtml

Disable system restore, then restart your computer and enable system restore: http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Post one more HijackThis log, and let me know if you're still having problems.
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
Everything seems to be okay now but here's my new HijackThis Log.
----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:23:51 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Beakey\Local Settings\Temporary Internet Files\Content.IE5\9J8OYE91\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4q.cc/chuck/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095975144796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Jul 8, 2002
Messages
14,681
Just uninstall ClockSync if it appears in Start>>Control Panel>>Add or Remove Programs

Then fix these in HJT:
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm

And delete the folder C:\Program Files\ClockSync\

And everything should be fixed (y)
 

Beakey

Thread Starter
Joined
Dec 29, 2005
Messages
53
Thank you so much, man. You're awesome!

I didn't have the folder C:\Program Files\ClockSync\ but everything seems to be good so far.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top