PDA

View Full Version : Smitfraud-C Toolbar888, Core and more



abadubs
2007-06-26, 08:50
Hi. I appreciate finding this site tonight as I try to fix my kids computer. It's been getting popups constantly for about a month and is extremely slow. While I'd like to know what started it all, right now I just want to fix it!

Windows XP, run adaware home edition and Spybot occasionally, just installed !Avast Antivirus (free version) and it's been going nuts.
Running Spybot S&D continuously states the Smitfraud infections, supposedly getting rid of all but 3 in the Core listing, however running it again will say the Toolbar one is there as well, again.. Not sure what value yayyxyv is but every time I try to delete it it wants to add itself and won't accept no for an answer.

I did the online antivirus scan suggested and the following is my log from that: 124 viruses found!!
Thank you in advance for looking at my problems.

crtdcghcn.jar-1a11bcd8-3709e9fa.zip>BaaaaBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
crtdcghcn.jar-1a11bcd8-3709e9fa.zip>VaaaaaaaBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
crtdcghcn.jar-1a11bcd8-3709e9fa.zip>Baaaaa.class Java/Shinwow.BJ infected C:\Documents and Settings\home\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\Documents and Settings\home\Local Settings\Temp\igxgyrxtpfeq\
n404-7[1].htm JS/MS05-014 infected C:\Documents and Settings\home\Local Settings\Temporary Internet Files\Content.IE5\2THAVQTC\
iss[1].gm Win32/Chisyne.BR infected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6P8RATCD\
msi[1].gs Win32/Chisyne.BR infected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6P8RATCD\
fmk[1].vc Win32/Matcash.AA infected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I12345O7\
ajbgcqom.dll Win32/Darksma.AZ infected C:\WINDOWS\system32\
dlowwafe.dll Win32/Vundo.DB infected C:\WINDOWS\system32\
fvatmqah.dll Win32/Vundo.DA infected C:\WINDOWS\system32\
gvbhemnk.dll Win32/Vundo.DB infected C:\WINDOWS\system32\
hflsglkh.dll Win32/Vundo.CR infected C:\WINDOWS\system32\
jlsttrrm.dll Win32/Vundo.DB infected C:\WINDOWS\system32\
nluacnni.dll Win32/Darksma.AZ infected C:\WINDOWS\system32\
oimvwnra.dll Win32/Vundo.DA infected C:\WINDOWS\system32\
otexsrbj.dll Win32/Darksma.AZ infected C:\WINDOWS\system32\
rtajohre.dll Win32/Vundo.DB infected C:\WINDOWS\system32\
vcgndmhb.dll Win32/Darksma.AZ infected C:\WINDOWS\system32\
vpxageip.dll Win32/Darksma!generic infected C:\WINDOWS\system32\
xxcwjdvu.dll Win32/Darksma.AZ infected C:\WINDOWS\system32\
yayyxyv.dll Win32/Chisyne!generic infected C:\WINDOWS\system32\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\aigos\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\alfchgsthyjt\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\bbbtmrqyewm\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\bhrh\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\bituioowxhhk\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\blacsftcs\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\bvxrya\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\cabsmrjnk\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\cawsncog\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\cffctuzdvp\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\cinfs\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\clblvzq\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\csihvjeaed\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ctrhuqofcg\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\dahcisxxe\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\dhel\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\dkdbce\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\dtjwhygd\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\eekphztqbsur\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ehiwsowt\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\eidd\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\erdexemclnq\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\fautiyryphbh\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\fbbtle\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\fbrdpb\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\fghknbnmcch\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\flptlwl\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\fofxt\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\fpvyefb\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\fzkifbkzbe\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\gaesbncmj\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\gcvsguc\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\gdxtn\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\gglucdsnaat\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ghwhnqqqeryp\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\gncdtflzmb\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\gpqgu\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\grix\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\gsgt\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\hcaj\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\hdeni\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\iimmgvk\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\inzdmylfcm\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\irpmnf\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\iruy\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\iuoihtxxrppb\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\iwcsinaqtpd\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\iwiry\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\jhdcqxpjkom\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\jopkksfnb\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\kjemrs\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\lcqq\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ldsyrbs\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\lhjlxexnhiv\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\likfi\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ljrueegxbnte\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\majgdjdrz\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\mjkjqxnyr\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\mpqzwht\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\nbrbqfisg\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\nqxcupp\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\nualdmwrv\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\nvxxoct\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\oknrrpeut\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ozyyzlymbbe\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\phojytnpvr\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\pifu\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\pwnbzjfuo\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\qhncmbdn\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\qyhhhgroqxk\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\rkhw\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\rnluxnd\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\rqkl\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\rujd\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ryhgrpz\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\sohujx\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\tdogzxhzekpb\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\tgbditamg\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\trttkvcu\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ueud\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\umivnmew\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\vtckohnvia\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\vudl\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\vyjaqz\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\wnhqwzt\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\wrogem\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\wyufinbl\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\wzxyzvw\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\xhxoc\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\xngebvrewyfg\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\xvpywz\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ybwch\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\yfxbm\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ygsohjvnbdbx\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ykroe\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ylrkiuq\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ypbjrplgfy\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\zhommuvrlp\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\zkda\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\zlbsgfc\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\zpfw\
edtlib.dll Win32/Malum.ACWN infected, no cure C:\WINDOWS\Temp\ztrrcxuf\

Shaba
2007-06-26, 20:02
Hi abadubs

Use this (http://downloads.malwareremoval.com/hijackthis_sfx.exe) link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, rename HijackThis.exe to scanner.exe and double click on the scanner.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.

Now post your HijackThis log into this topic.

abadubs
2007-06-26, 23:58
I tried to rename it but not sure it took. Here is the log-thank you

Logfile of HijackThis v1.99.1
Scan saved at 3:40:02 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\galkhcfh.exe
C:\WINDOWS\folding\FAH500-Console.exe
C:\WINDOWS\Config\service.exe
C:\WINDOWS\folding\FahCore_80.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\winrss.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\xope.exe
C:\Program Files\Scanner.exe\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funbrain.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.funbrain.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet2/nohack.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CEE7652-1EC2-49CC-B371-E252DB1D1D1c} - C:\WINDOWS\system32\prcebogu.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\sjbrycfa.dll
O2 - BHO: (no name) - {5B58DF28-6D73-4C07-B003-016976B39F16} - C:\WINDOWS\system32\geeby.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BE4E1890-3C18-4D15-9709-6C10218E3A0C} - C:\WINDOWS\system32\yayyxyv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [usif] C:\WINDOWS\system32\usif.exe
O4 - HKLM\..\Run: [bugmpkrciau] C:\WINDOWS\system32\bugmpkrciau.exe
O4 - HKLM\..\Run: [rm] C:\WINDOWS\system32\rm.exe
O4 - HKLM\..\Run: [jd] C:\WINDOWS\system32\jd.exe
O4 - HKLM\..\Run: [siqv] C:\WINDOWS\system32\siqv.exe
O4 - HKLM\..\Run: [ydrnbdygiy] C:\WINDOWS\system32\ydrnbdygiy.exe
O4 - HKLM\..\Run: [jkmxxbcqu] C:\WINDOWS\system32\jkmxxbcqu.exe
O4 - HKLM\..\Run: [jacvbdkwiye] C:\WINDOWS\system32\jacvbdkwiye.exe
O4 - HKLM\..\Run: [iza] C:\WINDOWS\system32\iza.exe
O4 - HKLM\..\Run: [rwlnollbyud] C:\WINDOWS\system32\rwlnollbyud.exe
O4 - HKLM\..\Run: [pzljfk] C:\WINDOWS\system32\pzljfk.exe
O4 - HKLM\..\Run: [anjodwltpx] C:\WINDOWS\system32\anjodwltpx.exe
O4 - HKLM\..\Run: [nok] C:\WINDOWS\system32\nok.exe
O4 - HKLM\..\Run: [xope] C:\WINDOWS\system32\xope.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vdse] C:\WINDOWS\system32\vdse.exe
O4 - HKLM\..\Run: [yhwi] C:\WINDOWS\system32\yhwi.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xuseolep.dll",realset
O4 - HKLM\..\RunServices: [usif] C:\WINDOWS\system32\usif.exe
O4 - HKLM\..\RunServices: [bugmpkrciau] C:\WINDOWS\system32\bugmpkrciau.exe
O4 - HKLM\..\RunServices: [rm] C:\WINDOWS\system32\rm.exe
O4 - HKLM\..\RunServices: [jd] C:\WINDOWS\system32\jd.exe
O4 - HKLM\..\RunServices: [siqv] C:\WINDOWS\system32\siqv.exe
O4 - HKLM\..\RunServices: [ydrnbdygiy] C:\WINDOWS\system32\ydrnbdygiy.exe
O4 - HKLM\..\RunServices: [jkmxxbcqu] C:\WINDOWS\system32\jkmxxbcqu.exe
O4 - HKLM\..\RunServices: [jacvbdkwiye] C:\WINDOWS\system32\jacvbdkwiye.exe
O4 - HKLM\..\RunServices: [iza] C:\WINDOWS\system32\iza.exe
O4 - HKLM\..\RunServices: [rwlnollbyud] C:\WINDOWS\system32\rwlnollbyud.exe
O4 - HKLM\..\RunServices: [pzljfk] C:\WINDOWS\system32\pzljfk.exe
O4 - HKLM\..\RunServices: [anjodwltpx] C:\WINDOWS\system32\anjodwltpx.exe
O4 - HKLM\..\RunServices: [nok] C:\WINDOWS\system32\nok.exe
O4 - HKLM\..\RunServices: [xope] C:\WINDOWS\system32\xope.exe
O4 - HKLM\..\RunServices: [vdse] C:\WINDOWS\system32\vdse.exe
O4 - HKLM\..\RunServices: [yhwi] C:\WINDOWS\system32\yhwi.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\home\Local Settings\Temp\{D3AE6787-D71C-4D47-9088-57713613BF6F}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\home\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayyxyv - C:\WINDOWS\SYSTEM32\yayyxyv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\galkhcfh.exe
O23 - Service: FAH@C:+WINDOWS+folding+FAH500-Console.exe - Stanford University - C:\WINDOWS\folding\FAH500-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (nouirimh0ydah) - Unknown owner - C:\WINDOWS\system32\xope.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe
O23 - Service: Windows Maintenance Monitor (wmoisvc) - Unknown owner - C:\WINDOWS\winrss.exe

Shaba
2007-06-27, 12:25
Hi

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)

When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

abadubs
2007-06-27, 23:20
Wow -thank you Shaba. I have passed on this info to my husband and he says we will have to f-disc it (whatever that means). It's possible there have been ebay/paypal transactions in the past, so I'll change the passwords on those, but that's the only banking type info ever put on that computer as it's mostly used by the kids. The only thing we need to find out is what happens with ds itunes account/downloads. Nothing else on the computer needs to be saved.

Running a deep Avast! scan on my own computer has presented a trojan (diner dash-flo on the go) and another virus, still running it. Maybe I should post about this computer as well even though the problems are not as bad. Junk mail is the biggest problem and somewhat slow for awhile.

If the f-disc will take care of the backdoor trojan, can the computer then be trusted with ebay and MySpace (young teen account)? We will read the links you sent. Thank you for your time!

abadubs
2007-06-28, 07:48
I can start a new thread if better for this, but the hijack this log is below for my own computer.

Question: the back door entry trojans on the kids computer is just the computer and not the IP address, correct? We have the same IP address I believe. I deleted the trojan and 3 viruses found by an Avast! deep scan.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:42 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\SiteAdvisor\5020\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\SiteAdvisor\5020\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HijackThis\scanner.exe
C:\Program Files\HijackThis\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\5020\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136867417625
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3209.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5020\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Shaba
2007-06-28, 12:06
Hi

Not sure what you mean by "f-disc". Do you mean fdisk?

"Question: the back door entry trojans on the kids computer is just the computer and not the IP address, correct?"

Yes.

Log from your computer looks fine to me.

abadubs
2007-06-28, 23:48
Super that my computer is good. Thanks alot.
Sure, since I don't know what I'm talking about, therefore don't know how it's spelled, fdisk must be it.

Shaba
2007-06-29, 11:35
Hi

Ok :)

Using fdisk you can make partitions and format them so if he means that, yes it will work.

Shaba
2007-07-06, 11:55
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.