Someone out there please help!!! I'm having troubles surfing the net. How am I supposed to get any online shopping done? It does fine for awhile but then Norton blocks something and I can't get back on the net unless I turn off my computer. I saw everyone else posting this log so I figured I'd go ahead and submit it to save time. Any help would be much appreciated. Thank you! Rebecca Logfile of HijackThis v1.99.1 Scan saved at 12:37:18 PM, on 3/24/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Daily Weather Forecast\weather.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\system32\tbctray.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Messenger\msmsgs.exe C:\winstall.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Kiefer\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://andrewlinks.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: - {751B2436-05A6-45B5-9D2D-28ACBB5FE5AA} - C:\WINDOWS\lbbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: SuperBar - {A2523F9B-AE02-4233-9253-30FF2215241A} - C:\Program Files\SuperBar\SuperBar.Dll (file missing) O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126215832305 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: tbaspi - Voyetra Turtle Beach, Inc. - C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\TURTLE~1\AUDIOS~1\x10nets.exe
Hi, you have some infections. You have two firewalls running. Remove ZoneAlarm or disable Nortons firewall. Cleaning instructions: Move HijackThis to its own folder C:\HJT Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/ Download smitrem to your desktop > http://noahdfear.geekstogo.com/click counter/click.php?id=1 Doubleclick it and press Start, smitrem folder appears to the desktop. Go to Control Panel -> Add or remove programs ->Remove SuperBar if found Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode) Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://andrewlinks.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/... O2 - BHO: - {751B2436-05A6-45B5-9D2D-28ACBB5FE5AA} - C:\WINDOWS\lbbho.dll O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll O3 - Toolbar: SuperBar - {A2523F9B-AE02-4233-9253-30FF2215241A} - C:\Program Files\SuperBar\SuperBar.Dll (file missing) O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file) O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz Then go to the smitrem folder on your desktop, run RunThis.bat file and follow the instructions. Make your hidden files visible: ->On the Tools menu in Windows Explorer, click Folder Options. ->Click the View tab. ->Under Hidden files and folders, click Show hidden files and folders. Delete these folders if found: C:\Program Files\-->SuperBar C:\Program Files\-->Daily Weather Forecast Delete these files if found: C:\WINDOWS\-->lbbho.dll C:\WINDOWS\System32\-->wer8274.dll Empty the Recycle Bin Make your hidden files invisible again: ->On the Tools menu in Windows Explorer, click Folder Options. ->Click the View tab. ->Under Hidden files and folders, click Do not show hidden files and folders. Scan and clean your computer with Ewido and save the log file. Restart your computer normally. Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.
Thanks for your prompt attention to my dilemma. I'll get on this as soon as I can and reply back with a new log. Thanks again. Rebecca
I followed your directions exactly as you had said. As soon as I got on the net the first time to send this to you, Norton blocked a port intrusion? I think that's what it said. So......I had to restart and here I am. Well, for what that's worth, here are my logs. Thanks. Rebecca Logfile of HijackThis v1.99.1 Scan saved at 4:42:13 PM, on 3/24/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\system32\tbctray.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126215832305 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: tbaspi - Voyetra Turtle Beach, Inc. - C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\TURTLE~1\AUDIOS~1\x10nets.exe And here's the ewido log: ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:33:22 PM, 3/24/2006 + Report-Checksum: 330D0B8C + Scan result: :mozilla.6:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.7:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.8:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.9:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.11:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.12:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.17:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.19:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.53:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.54:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.56:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.57:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.58:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.60:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.62:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.63:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.64:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.65:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.66:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.67:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.72:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.73:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.74:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup :mozilla.75:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup :mozilla.76:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.77:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.80:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.81:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.82:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.83:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.84:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.91:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.93:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.94:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.95:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.96:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.99:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.100:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.101:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.102:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.104:C:\Documents and Settings\Kiefer\Application Data\Mozilla\Firefox\Profiles\syl7hnvd.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup C:\HJT\backups\backup-20060324-155121-421.dll -> Backdoor.Agent.en : Cleaned with backup C:\HJT\backups\backup-20060324-155121-553.dll -> Adware.Neon : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Adware.Neon : Cleaned with backup C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\lbbho.dll -> Adware.Neon : Cleaned with backup C:\WINDOWS\svchost.ex$ -> Logger.Tofger.aw : Cleaned with backup C:\WINDOWS\system32\in10b6.dll -> Dropper.Small.abe : Cleaned with backup C:\WINDOWS\system32\wer8274.dll.tcf -> Backdoor.Agent.en : Cleaned with backup C:\WINDOWS\system32\wer8274.dll1.tcf -> Backdoor.Agent.en : Cleaned with backup ::Report End
Ok, you are almost clean now, but I forgot something, WeatherBug can't be fully trusted. So go to Control Panel -> Add or remove programs -> Remove WeatherBug Fix this entry with HijackThis (if found) O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 Delete this folder if found: C:\PROGRA~1\-->AWS You had a keylogger on your computer (malware that logs your keystrokes) so I suggest that you immediately change all your online passwords. This is important because you said that you do shopping. If you don't change the passwords, someone could byu stuff with your account! That Norton blocking your internet access when it recognizes a portscan -> It is a part of Nortons protection: -> "When a hacker is attempting to probe your computer for vulnerabilities—such as by scanning its ports—and automatically blocks access for 30 minutes." It is just Norton protecting you from attacks. I don't have Norton so I am not sure if this can be changed from the settings. You had a trojans and backdoors on your computer so it is not suprising that someone/thing scans your ports. Your windows is outdated! It should be updated because now you have all kinds of vulnerabilities on your computer. Go to here and install all important updates -> http://windowsupdate.microsoft.com
i will be glad to help come join my forums page i will make anyone new that has some computer knowledge an op hksdatabase.com click the forumslink
@Curryjl - guess what, each of your posts so far have been crap & useless, i think you'll be leaving this site to go play on your own, on the site that you keep pimping
