Thread: Spyware please help
View Single Post
Old 05-31-2005, 07:54 AM   #1 (permalink)
tinusvr
Registered User
 
Join Date: Apr 2005
Posts: 9
OS: NT200


Spyware please help
Please help me to get rid of the spyware on my PC.

I created the log file with the Highjack This Analyzer.

Thank you for your help.


====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:52:33 AM, on 5/31/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\ccsrvc.exe
C:\Program Files\IP VPN Remote Services\cvpnd.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\BOSSDE\DEClntNT.EXE
C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\WINNT\System32\RASLOGON.EXE
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINNT\system\astcg.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vs7jit.exe
C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\vs7jit.exe
C:\HighJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ffbunet.bpweb.bp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.maxifiles.com/toolbar/sid...d=%AffiliateID
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fabrics1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = f1aussm001.fabrics1.com:8002
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.bp.com;*.fabrics1.com;*.*.bp.com;*.*.*.bp.com;*.amoco.com;172.26.*.*;<local>
R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll
O2 - BHO: (no name) - {31001E19-CDF4-AF30-9AD2-9C90C8004650} - C:\WINNT\cdmweb\fuisdkrlqj.dll
O4 - HKLM\..\Run: [IBMPMSVC] C:\WINNT\System32\ibmpmsvc.exe -helper
O4 - HKLM\..\Run: [iRAS Logon Tool Current User Settings] C:\Program Files\BP\iRAS\ACU.exe
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [RASLogon] %SystemRoot%\System32\RASLOGON.EXE
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [PS1] C:\WINNT\system32\ps1.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteotd32.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [wyhvhc] C:\WINNT\system32\wyhvhc.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O4 - Global Startup: Cisco Systems IP VPN Remote Services.lnk = C:\Program Files\IP VPN Remote Services\vpngui.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .dmn: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL
O12 - Plugin for .dmo: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL
O12 - Plugin for .dmu: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL
O14 - IERESET.INF: START_PAGE_URL=http://ffbunet.fabrics1.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {6BF35011-3AE5-44D3-A8BB-73ED462A0BC0} (EZUploader Control) - http://www.ezprints.com/software/ezuploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fabrics1.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fabrics1.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fabrics1.com
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINNT\System32\ccsrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\IP VPN Remote Services\cvpnd.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\CWShreder\CWShredder.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: BOSS DiagWin Client (DEClntService) - Unknown owner - C:\BOSSDE\DEClntNT.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Impact Server - 3C Software, Inc. - C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe


End of KRC HijackThis Analyzer Log.
====================================================================
tinusvr is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here