Smitfraud-C infection

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

1 2 3 >

Smitfraud-C infection

Options

hulud View Member Profile	Dec 22 2006, 05:25 PM Post #1
Member Posts: 268 OS: Windows XP Professional	spybot finds and cannot remove smitfraud-c from my system. i have gone through all of the steps HERE and i am still showing malware infections. i have a hijackthis log below: Logfile of HijackThis v1.99.1 Scan saved at 3:22:47 PM, on 12/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\LogMeIn\LogMeInSystray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Liam\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...site.cab?112547 1782656 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) This post has been edited by hulud: Dec 22 2006, 05:26 PM

Flrman1 View Member Profile	Dec 22 2006, 05:50 PM Post #2
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	Please repost your Hijack This log. This one is too mixed up to read because of Word Wrap. When the log is open in notepad, go to Format and uncheck Word Wrap then repost the log. * Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here. I'd like to see the Spybot scan log as well. Run another scan with Spybot and save the log to post here in your next reply.

hulud View Member Profile	Dec 22 2006, 08:31 PM Post #3
Member Posts: 268 OS: Windows XP Professional	Logfile of HijackThis v1.99.1 Scan saved at 3:22:47 PM, on 12/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\LogMeIn\LogMeInSystray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Liam\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125471782656 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

hulud View Member Profile	Dec 22 2006, 08:32 PM Post #4
Member Posts: 268 OS: Windows XP Professional	Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 7.0.8 AVG Anti-Spyware 7.5 AVG Free Edition Belarc Advisor 7.0 CDex extraction audio Citrix ICA Client CleanUp! Comcast High-Speed Internet Install Wizard CursorXP DAEMON Tools DivX DivX Player EA SPORTS™ Cricket 07 File-Saver FM Modifier 2.1 Football Manager 2007 GetDataBack for NTFS Google Gmail Notifier HijackThis 1.99.1 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) HP Deskjet 3900 series IconPackager Image Grabber II J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 LogMeIn Microsoft .NET Framework 1.1 Microsoft Bootvis Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Mozilla Firefox (2.0) MP3 WAV Converter 3.15 MWSnap 3 Nero 6 Ultra Edition NVIDIA Display Driver Panda ActiveScan PeerGuardian 2.0 PIXresizer 1.0.7 QuickTime RealPlayer Samsung USB Driver (MCCI 4.16) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917537) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) SmartFTP Client 2.0 SmartFTP Client 2.0 Setup Files (remove only) Spybot - Search & Destroy 1.4 Total Recorder 5.2 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinPatrol WinRAR archiver WinZip Wisecroft Ripper running spybot right now

hulud View Member Profile	Dec 22 2006, 08:52 PM Post #5
Member Posts: 268 OS: Windows XP Professional	Spybot Log --- Search result list --- Smitfraud-C.: Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc Smitfraud-C.: Library (File, fixing failed) C:\WINDOWS\system32\rpcc.dll Smitfraud-C.: Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-09-26 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2006-02-06 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2006-02-20 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-12-22 Includes\Cookies.sbi () 2006-12-08 Includes\Dialer.sbi () 2006-12-22 Includes\DialerC.sbi () 2006-11-24 Includes\Hijackers.sbi () 2006-12-22 Includes\HijackersC.sbi () 2006-10-27 Includes\Keyloggers.sbi () 2006-12-22 Includes\KeyloggersC.sbi () 2004-11-29 Includes\LSP.sbi () 2006-12-22 Includes\Malware.sbi () 2006-12-22 Includes\MalwareC.sbi () 2006-10-20 Includes\PUPS.sbi () 2006-12-22 Includes\PUPSC.sbi () 2006-12-22 Includes\Revision.sbi () 2006-12-08 Includes\Security.sbi () 2006-12-22 Includes\SecurityC.sbi () 2006-10-13 Includes\Spybots.sbi () 2006-12-22 Includes\SpybotsC.sbi () 2005-02-17 Includes\Tracks.uti 2006-12-08 Includes\Trojans.sbi () 2006-12-22 Includes\TrojansC.sbi (*) --- System information --- Windows XP (Build: 2600) Service Pack 2 / DataAccess: Microsoft Data Access Components KB870669 / DataAccess: Patch Available For XMLHTTP Vulnerability / DataAccess: Patch Available For XMLHTTP Vulnerability / DataAccess: Security Update for Microsoft Data Access Components / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information] / Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information] / Windows Media Player: Windows Media Update 320920 / Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565) / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734) / Windows XP / SP2: Windows XP Service Pack 2 / Windows XP / SP3: Windows XP Hotfix - KB873339 / Windows XP / SP3: Windows XP Hotfix - KB885835 / Windows XP / SP3: Windows XP Hotfix - KB885836 / Windows XP / SP3: Windows XP Hotfix - KB885884 / Windows XP / SP3: Windows XP Hotfix - KB886185 / Windows XP / SP3: Windows XP Hotfix - KB888302 / Windows XP / SP3: Security Update for Windows XP (KB890046) / Windows XP / SP3: Windows XP Hotfix - KB890859 / Windows XP / SP3: Windows XP Hotfix - KB891781 / Windows XP / SP3: Security Update for Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB894391) / Windows XP / SP3: Security Update for Windows XP (KB896358) / Windows XP / SP3: Security Update for Windows XP (KB896423) / Windows XP / SP3: Security Update for Windows XP (KB896424) / Windows XP / SP3: Security Update for Windows XP (KB896428) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Security Update for Windows XP (KB899587) / Windows XP / SP3: Security Update for Windows XP (KB899589) / Windows XP / SP3: Security Update for Windows XP (KB899591) / Windows XP / SP3: Update for Windows XP (KB900485) / Windows XP / SP3: Security Update for Windows XP (KB900725) / Windows XP / SP3: Security Update for Windows XP (KB901017) / Windows XP / SP3: Security Update for Windows XP (KB901214) / Windows XP / SP3: Security Update for Windows XP (KB902400) / Windows XP / SP3: Security Update for Windows XP (KB904706) / Windows XP / SP3: Update for Windows XP (KB904942) / Windows XP / SP3: Security Update for Windows XP (KB905414) / Windows XP / SP3: Security Update for Windows XP (KB905749) / Windows XP / SP3: Security Update for Windows XP (KB908519) / Windows XP / SP3: Update for Windows XP (KB908531) / Windows XP / SP3: Update for Windows XP (KB910437) / Windows XP / SP3: Update for Windows XP (KB911280) / Windows XP / SP3: Security Update for Windows XP (KB911562) / Windows XP / SP3: Security Update for Windows XP (KB911567) / Windows XP / SP3: Security Update for Windows XP (KB911927) / Windows XP / SP3: Security Update for Windows XP (KB912919) / Windows XP / SP3: Security Update for Windows XP (KB913580) / Windows XP / SP3: Security Update for Windows XP (KB914388) / Windows XP / SP3: Security Update for Windows XP (KB914389) / Windows XP / SP3: Hotfix for Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Update for Windows XP (KB916595) / Windows XP / SP3: Security Update for Windows XP (KB917159) / Windows XP / SP3: Security Update for Windows XP (KB917344) / Windows XP / SP3: Security Update for Windows XP (KB917422) / Windows XP / SP3: Security Update for Windows XP (KB917537) / Windows XP / SP3: Security Update for Windows XP (KB917953) / Windows XP / SP3: Security Update for Windows XP (KB918439) / Windows XP / SP3: Security Update for Windows XP (KB918899) / Windows XP / SP3: Security Update for Windows XP (KB919007) / Windows XP / SP3: Security Update for Windows XP (KB920213) / Windows XP / SP3: Security Update for Windows XP (KB920214) / Windows XP / SP3: Security Update for Windows XP (KB920670) / Windows XP / SP3: Security Update for Windows XP (KB920683) / Windows XP / SP3: Security Update for Windows XP (KB920685) / Windows XP / SP3: Update for Windows XP (KB920872) / Windows XP / SP3: Security Update for Windows XP (KB921398) / Windows XP / SP3: Security Update for Windows XP (KB921883) / Windows XP / SP3: Update for Windows XP (KB922582) / Windows XP / SP3: Security Update for Windows XP (KB922616) / Windows XP / SP3: Security Update for Windows XP (KB922819) / Windows XP / SP3: Security Update for Windows XP (KB923191) / Windows XP / SP3: Security Update for Windows XP (KB923414) / Windows XP / SP3: Security Update for Windows XP (KB923980) / Windows XP / SP3: Security Update for Windows XP (KB924191) / Windows XP / SP3: Security Update for Windows XP (KB924270) / Windows XP / SP3: Security Update for Windows XP (KB924496) / Windows XP / SP3: Security Update for Windows XP (KB925486) / Windows XP / SP3: Security Update for Windows XP (KB926255) --- Startup entries list --- Located: HK_LM:Run, !AVG Anti-Spyware command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe size: 6266880 MD5: 01d90ae5dccbce0c7b52874fec35a608 Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2} command: C:\Program Files\Google\Gmail Notifier\gnotify.exe file: C:\Program Files\Google\Gmail Notifier\gnotify.exe size: 479232 MD5: 3df7ac30a381c57d0c70eaefee3c4ef2 Located: HK_LM:Run, AVG7_CC command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe size: 406016 MD5: ed0163acdb2834ac8f53b3265671fb1a Located: HK_LM:Run, GrooveMonitor command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31016 MD5: 38d198a2dd54a67120040566a38103ba Located: HK_LM:Run, LogMeIn GUI command: "C:\Program Files\LogMeIn\LogMeInSystray.exe" file: C:\Program Files\LogMeIn\LogMeInSystray.exe size: 303864 MD5: 368076b22a367bf0e162c482f96a2352 Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup file: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE size: 33280 MD5: da285490bbd8a1d0ce6623577d5ba1ff Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit file: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE size: 33280 MD5: da285490bbd8a1d0ce6623577d5ba1ff Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\qttask.exe" -atboottime file: C:\Program Files\QuickTime\qttask.exe size: 282624 MD5: fa7eb9aff3d726a6bf0494bee7e378f6 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" file: C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe size: 49263 MD5: 409c45da1cfbc3fc19eec7cbfe9b2786 Located: HK_CU:Run, ctfmon.exe command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996a38c0b0cf151c2140ae29fc8 Located: HK_CU:Run, CursorXP command: C:\Program Files\CursorXP\CursorXP.exe file: C:\Program Files\CursorXP\CursorXP.exe size: 125440 MD5: eb7232057799d26b2c37548cad04e95b Located: Startup (common), Adobe Reader Speed Launch.lnk command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe size: 29696 MD5: 43362b96870ce8649f4f2ec893da93f0 Located: System.ini, crypt32chain command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll command: cscdll.dll file: cscdll.dll Located: System.ini, rpcc command: C:\WINDOWS\system32\rpcc.dll file: C:\WINDOWS\system32\rpcc.dll size: 0 MD5: d41d8cd98f00b204e9800998ecf8427e ??? Located: System.ini, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: System.ini, Schedule command: wlnotify.dll file: wlnotify.dll Located: System.ini, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn command: WlNotify.dll file: WlNotify.dll Located: System.ini, termsrv command: wlnotify.dll file: wlnotify.dll Located: System.ini, wlballoon command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- {465E08E7-F005-4389-980F-1D8764B3486C} () BHO name: CLSID name: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) BHO name: CLSID name: Groove GFS Browser Helper Path: C:\PROGRA~1\MICROS~2\Office12\ Long name: GrooveShellExtensions.dll Short name: GRA8E1~1.DLL Date (created): 10/27/2006 12:48:42 AM Date (last access): 12/22/2006 6:31:02 PM Date (last write): 10/27/2006 12:48:42 AM Filesize: 2210608 Attributes: archive MD5: 786DD1892B553EFE5A004AC39775C851 CRC32: AAD965C9 Version: 12.0.4518.1014 --- ActiveX list --- --- Process list --- PID: 0 ( 0) [System] PID: 488 ( 4) \SystemRoot\System32\smss.exe PID: 536 ( 488) \??\C:\WINDOWS\system32\csrss.exe PID: 560 ( 488) \??\C:\WINDOWS\SYSTEM32\winlogon.exe PID: 604 ( 560) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 616 ( 560) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 764 ( 604) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 856 ( 604) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 920 ( 604) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1008 ( 604) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1108 ( 604) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1132 ( 560) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1308 ( 604) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PID: 1436 ( 604) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe size: 204800 MD5: E8FBDCC8D618D1BB84B828F247A6244B PID: 1452 ( 604) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe size: 343552 MD5: DD4DB777D2BA1E475F75015B90557795 PID: 1496 ( 604) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe size: 49664 MD5: 30A14F65DB477DC00A64A5A24E96919C PID: 1516 ( 604) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe size: 323072 MD5: 4BB306AE21B59085D49CCA16EA7DAD18 PID: 1576 ( 604) C:\WINDOWS\System32\nvsvc32.exe size: 81920 MD5: 5ED834603C36414B579979B3A9C90F54 PID: 356 ( 216) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 1364 ( 604) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 2272 ( 356) C:\WINDOWS\system32\devldr32.exe size: 24064 MD5: E96B10537EB5024273480554BFFFE23D PID: 2432 ( 356) C:\WINDOWS\system32\RUNDLL32.EXE size: 33280 MD5: DA285490BBD8A1D0CE6623577D5BA1FF PID: 2440 ( 356) C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe size: 49263 MD5: 409C45DA1CFBC3FC19EEC7CBFE9B2786 PID: 2460 ( 356) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe size: 406016 MD5: ED0163ACDB2834AC8F53B3265671FB1A PID: 2480 ( 356) C:\Program Files\LogMeIn\LogMeInSystray.exe size: 303864 MD5: 368076B22A367BF0E162C482F96A2352 PID: 2572 ( 356) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31016 MD5: 38D198A2DD54A67120040566A38103BA PID: 2644 ( 356) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe size: 6266880 MD5: 01D90AE5DCCBCE0C7B52874FEC35A608 PID: 2652 ( 356) C:\Program Files\CursorXP\CursorXP.exe size: 125440 MD5: EB7232057799D26B2C37548CAD04E95B PID: 2692 ( 356) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 PID: 3104 ( 356) C:\Documents and Settings\Liam\My Documents\utorrent16.exe size: 174199 MD5: 1465604BD2EDEB5F3C76E19753FF5511 PID: 4092 ( 356) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 12/22/2006 6:49:08 PM HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://search.msn.com/spbasic.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- --- Uninstall list --- Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal) uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG publisher: Lavasoft help link: http://www.lavasoft.com (AddressBook) (Anti-Leech ALIE) AVG Free Edition (AVG7Uninstall) uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL AVG Anti-Spyware 7.5 (AVGAntiSpyware75) install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5 uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe publisher: Grisoft Ltd. help link: http://www.grisoft.com Belarc Advisor 7.0 (Belarc Advisor 2.0) uninstall cmd: C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG (Branding) Football Manager 2007 (c474c3891a130b8bd0297680e91988cd308463113) uninstall cmd: C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe CDex extraction audio (CDex) uninstall cmd: "C:\Program Files\CDex_150\uninstall.exe" Citrix ICA Client (Citrix ICA Client) uninstall cmd: C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll CleanUp! (CleanUp!) uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe Comcast High-Speed Internet Install Wizard (ComcastHSI) uninstall cmd: C:\Program Files\support.com\uninstall\chsi_uninstaller.exe (Connection Manager) CursorXP (CursorXP) uninstall cmd: C:\Program Files\CursorXP\CurXPUtil.exe -u (DirectAnimation) (DirectDrawEx) (DXM_Runtime) Microsoft Office Enterprise 2007 12.0.4518.1014 (ENTERPRISE) install location: C:\Program Files\Microsoft Office uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL publisher: Microsoft Corporation File-Saver (File-Saver_is1) uninstall cmd: "C:\Program Files\File-Saver\unins000.exe" (Fontcore) HijackThis 1.99.1 1.99.1 (HijackThis) uninstall cmd: C:\Documents and Settings\Liam\Desktop\HijackThis.exe /uninstall publisher: Soeperman Enterprises Ltd. IconPackager (IconPackager) uninstall cmd: C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise (ICW) Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" publisher: Microsoft Corporation (IE40) (IE4Data) (IE5BAKEX) Windows Internet Explorer 7 20061027.150806 (ie7) install date: 20061110 uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://www.microsoft.com/ie (IEData) Image Grabber II (Image Grabber II) uninstall cmd: "C:\Program Files\Image Grabber II\uninstall.exe" (InstallShield Uninstall Information) Samsung USB Driver (MCCI 4.16) 4.16 (InstallShield_{1485ABFA-12D7-4107-9148-54EE30CDBA67}) version: 68157440 version (major): 4 version (minor): 16 install date: 20060303 install source: C:\Documents and Settings\Liam\Desktop\Samsung (MCCI Driver 4.16)\ uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1485ABFA-12D7-4107-9148-54EE30CDBA67} publisher: Samsung Microsoft Data Access Components KB870669 (KB870669) uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=KB870669 Windows XP Hotfix - KB873339 20041117.092459 (KB873339) uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=873339 (KB884016) (KB884267) (KB885353) Windows XP Hotfix - KB885835 20041027.181713 (KB885835) uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885835 Windows XP Hotfix - KB885836 20041028.173203 (KB885836) uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885836 Windows XP Hotfix - KB885884 20040924.025457 (KB885884) uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885884 Windows XP Hotfix - KB886185 20041021.090540 (KB886185) uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=886185 (KB886612) (KB887078) (KB887626) Windows XP Hotfix - KB888302 20041207.111426 (KB888302) uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888302 (KB888656) (KB889858) Security Update for Windows XP (KB890046) 1 (KB890046) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890046 Windows XP Hotfix - KB890859 1 (KB890859) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890859 (KB891122) Windows XP Hotfix - KB891781 20050110.165439 (KB891781) uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=891781 (KB892313) (KB893240) (KB893241) Security Update for Windows XP (KB893756) 1 (KB893756) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893756 (KB893803) Windows Installer 3.1 (KB893803) 3.1 (KB893803v2) uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=42467 Update for Windows XP (KB894391) 1 (KB894391) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=894391 (KB895181) (KB895316) (KB895572) Security Update for Windows XP (KB896358) 1 (KB896358) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896358 Security Update for Windows XP (KB896423) 1 (KB896423) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896423 Security Update for Windows XP (KB896424) 1 (KB896424) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896424 Security Update for Windows XP (KB896428) 1 (KB896428) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896428 (KB897586) Update for Windows XP (KB898461) 1 (KB898461) install date: 20060815 uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=898461 (KB898549) Security Update for Windows XP (KB899587) 1 (KB899587) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899587 Security Update for Windows XP (KB899589) 1 (KB899589) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899589 Security Update for Windows XP (KB899591) 1 (KB899591) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899591 (KB900399) Update for Windows XP (KB900485) 2 (KB900485) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900485 Security Update for Windows XP (KB900725) 1 (KB900725) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900725 Security Update for Windows XP (KB901017) 1 (KB901017) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901017 Security Update for Windows XP (KB901214) 1 (KB901214) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901214 (KB902344) Security Update for Windows XP (KB902400) 1 (KB902400) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=902400 Security Update for Windows XP (KB904706) 2 (KB904706) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904706 Update for Windows XP (KB904942) 2 (KB904942) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904942 Security Update for Windows XP (KB905414) 1 (KB905414) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905414 Security Update for Windows XP (KB905749) 1 (KB905749) install date: 20060821 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905749 (KB907658) Security Update for Windows XP (KB908519) 1 (KB908519) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908519 Update for Windows XP (KB908531) 2 (KB908531) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908531 Update for Windows XP (KB910437) 1 (KB910437) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=910437 Update for Windows XP (KB911280) 2 (KB911280) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911280 Security Update for Windows XP (KB911562) 1 (KB911562) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911562 Security Update for Windows Media Player (KB911564) (KB911564) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=911564 Security Update for Windows Media Player 10 (KB911565) (KB911565) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=911565 Security Update for Windows XP (KB911567) 1 (KB911567) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911567 (KB911854) Security Update for Windows XP (KB911927) 1 (KB911927) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911927 Security Update for Windows XP (KB912919) 1 (KB912919) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=912919 Security Update for Windows XP (KB913580) 1 (KB913580) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=913580 Security Update for Windows XP (KB914388) 1 (KB914388) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914388 Security Update for Windows XP (KB914389) 1 (KB914389) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914389 Hotfix for Windows XP (KB914440) 12 (KB914440) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914440 Hotfix for Windows XP (KB915865) 10 (KB915865) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=915865 Update for Windows XP (KB916595) 1 (KB916595) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=916595 Security Update for Windows XP (KB917159) 1 (KB917159) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917159 Security Update for Windows XP (KB917344) 1 (KB917344) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917344 Security Update for Windows XP (KB917422) 1 (KB917422) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917422 Security Update for Windows XP (KB917537) 1 (KB917537) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917537 Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=917734 Security Update for Windows XP (KB917953) 1 (KB917953) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917953 Security Update for Windows XP (KB918439) 1 (KB918439) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=918439 Security Update for Windows XP (KB918899) 1 (KB918899) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=918899 Security Update for Windows XP (KB919007) 1 (KB919007) install date: 20060914 uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=919007 Security Update for Windows XP (KB920213) 1 (KB920213) install date: 20061117 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920213 Security Update for Windows XP (KB920214) 1 (KB920214) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920214 Security Update for Windows XP (KB920670) 1 (KB920670) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920670 Security Update for Windows XP (KB920683) 1 (KB920683) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920683 Security Update for Windows XP (KB920685) 1 (KB920685) install date: 20060914 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920685 Update for Windows XP (KB920872) 1 (KB920872) install date: 20060914 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920872 Security Update for Windows XP (KB921398) 1 (KB921398) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=921398 Security Update for Windows XP (KB921883) 1 (KB921883) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=921883 Update for Windows XP (KB922582) 1 (KB922582) install date: 20060914 uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=922582 Security Update for Windows XP (KB922616) 1 (KB922616) install date: 20060822 uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=922616 Security Update for Windows XP (KB922819) 1 (KB922819) install date: 20061014 uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=922819 Security Update for Windows XP (KB923191) 1 (KB923191) install date: 20061014 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=923191 Security Update for Windows XP (KB923414) 1 (KB923414) install date: 20061014 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=923414 Security Update for Windows XP (KB923980) 1 (KB923980) install date: 20061117 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=923980 Security Update for Windows XP (KB924191) 1 (KB924191) install date: 20061014 uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=924191 Security Update for Windows XP (KB924270) 1 (KB924270) install date: 20061117 uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=924270 Security Update for Windows XP (KB924496) 1 (KB924496) install date: 20061014 uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=924496 Security Update for Windows XP (KB925486) 1 (KB925486) install date: 20060927 uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=925486 Security Update for Windows XP (KB926255) 1 (KB926255) install date: 20061213 uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=926255 (Microsoft NetShow Player 2.0) (mIRC) (MobileOptionPack) Mozilla Firefox (2.0) 2.0 (en-US) (Mozilla Firefox (2.0)) install location: C:\Program Files\Mozilla Firefox uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninst.exe publisher: Mozilla comments: Mozilla Firefox MP3 WAV Converter 3.15 (MP3 WAV Converter 3.15) uninstall cmd: C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG (MPlayer2) (MSI30-Beta1) (MSI30-Beta2) (MSI30-KB884016) (MSI30-RC1) (MSI30-RC2) (MSI30a-KB884016) (MSI31-Beta) (MSI31-RC1) MWSnap 3 3.0.0.74 (MWSnap 3) uninstall cmd: "C:\Program Files\MWSnap\uninstall.exe" publisher: Mirek Wojtowicz Nero 6 Ultra Edition (Nero - Burning Rom!UninstallKey) uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL (NetMeeting) Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" publisher: Microsoft Corporation NVIDIA Display Driver (NVIDIA Display Driver) uninstall cmd: C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver (OutlookExpress) Panda ActiveScan (Panda ActiveScan) uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan publisher: Panda Software S.L. (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf PeerGuardian 2.0 2.0.6.4 (PeerGuardian_is1) install location: C:\Program Files\PeerGuardian2\ uninstall cmd: "C:\Program Files\PeerGuardian2\unins000.exe" publisher: Methlabs Productions help link: http://peerguardian.sourceforge.net PIXresizer 1.0.7 (PIXresizer_is1) uninstall cmd: "C:\Program Files\PIXresizer\unins000.exe" publisher: Bluefive software help link: http://bluefive.pair.com/faq.htm QuickTime (QuickTime) uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log (RealJukebox 1.0) uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 RealPlayer (RealPlayer 6.0) uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 (SchedulingAgent) Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash) uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q publisher: Adobe Systems help link: http://www.adobe.com/go/flashplayer_support/ SmartFTP Client 2.0 Setup Files (remove only) "2.0" (SmartFTP Client 2.0 Setup Files) uninstall cmd: "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe" publisher: "SmartFTP" help link: "http://www.smartftp.com/support" Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1) install location: C:\Program Files\Spybot - Search & Destroy\ uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe" publisher: Safer Networking Limited Total Recorder 5.2 (TotalRecorder) uninstall cmd: "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U Windows Media Format 11 runtime (Windows Media Format Runtime) uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll help link: http://go.microsoft.com/fwlink/?LinkId=62768 Windows Media Player 11 (Windows Media Player) uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack) uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=811113 WinPatrol (WinPatrol) uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL" WinRAR archiver (WinRAR archiver) uninstall cmd: C:\Program Files\WinRAR\uninstall.exe WinZip (WinZip) uninstall cmd: C:\Program Files\WinZip\WINZIP32.EXE /uninstall Wisecroft Ripper (Wisecroft Ripper) uninstall cmd: C:\PROGRA~1\WISECR~1\UNWISE.EXE C:\PROGRA~1\WISECR~1\INSTALL.LOG (WMCSetup) Windows Media Format 11 runtime (WMFDist11) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http: Windows Media Player 11 (wmp11) install date: 20061110 uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http: Google Gmail Notifier ({0228e555-4f9c-4e35-a3ec-b109a192b4c2}) uninstall cmd: "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe" publisher: Google Inc. help link: http://mail.google.com/support Microsoft Bootvis 1.3.37 ({0F9196C6-58B4-445B-B56E-B1200FECC151}) version: 16973861 version (major): 1 version (minor): 3 estimated size: 1205 install date: 20061104 install source: C:\Documents and Settings\Liam\Desktop\ uninstall cmd: MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151} publisher: Microsoft comments: Microsoft Bootvis - Windows XP Boot and Resume Performance Analysis Tool contact: Microsoft EA SPORTS™ Cricket 07 ({12383CA3-0733-4210-00B8-D83642F1192C}) uninstall cmd: C:\Program Files\EA SPORTS\EA SPORTS™ Cricket 07\EAUninstall.exe Samsung USB Driver (MCCI 4.16) 4.16 ({1485ABFA-12D7-4107-9148-54EE30CDBA67}) version: 68157440 version (major): 4 version (minor): 16 install date: 20060303 install source: C:\Documents and Settings\Liam\Desktop\Samsung (MCCI Driver 4.16)\ publisher: Samsung AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC}) install location: C:\Program Files\DivX J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060}) version: 17104896 version (major): 1 version (minor): 5 estimated size: 122273 install date: 20051213 install source: http://jdl.sun.com/webapps/download/GetFil.../windows-i586// uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} publisher: Sun Microsystems, Inc. contact: http://java.com help link: http://java.com readme: C:\Program Files\Java\jre1.5.0_06\README.txt J2SE Runtime Environment 5.0 Update 9 1.5.0.90 ({3248F0A8-6813-11D6-A77B-00B0D0150090}) version: 17104896 version (major): 1 version (minor): 5 estimated size: 122833 install date: 20061111 install source: http://jdl.sun.com/webapps/download/GetFil.../windows-i586// uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} publisher: Sun Microsystems, Inc. contact: http://java.com help link: http://java.com readme: C:\Program Files\Java\jre1.5.0_09\README.txt WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) version: 154277062 version (major): 9 version (minor): 50 estimated size: 2460 install date: 20040417 install source: C:\WINDOWS\System32\ publ

Flrman1 View Member Profile	Dec 22 2006, 10:59 PM Post #6
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	* I am attaching a servicefix.zip file to this post. Download it and save it to your desktop. Unzip it to extract the servicefix.bat file it contains. * Click here to download ATF Cleaner by Atribune and save it to your desktop. * Click Here and download Killbox and save it to your desktop. * Click here for info on how to boot to safe mode if you don't already know how. * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to. * Go to Add/Remove programs and uninstall these old versions of Java: J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 * Now go here and install the latest version of Java. * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked" O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file) O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll * Restart your computer into safe mode now. Perform the following steps in safe mode: * Double-click on Killbox.exe to run it. Put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time: C:\WINDOWS\system32\rpcc.dll C:\WINDOWS\system32\msasvc.exe Click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box. Killbox may tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. Exit the Killbox. * Doubleclick on the servicefix.bat file to run it. A command window will appear briefly as the batch file runs. It may happen so quickly that you won't even see the command window. It will create a log on your desktop called servicefix.txt. Copy and paste the contents of the servicefix.txt file in your next reply here. * Run ATF Cleaner: Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. * Restart back into Windows normally now. * Run ActiveScan online virus scan here When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop. Note: You have to use Internet Explorer to do the online scan. Post a new HiJackThis log along with the results from ActiveScan This post has been edited by Flrman1: Dec 22 2006, 11:00 PM Attached File(s) servicefix.zip ( 164bytes ) Number of downloads: 15

hulud View Member Profile	Dec 23 2006, 12:46 PM Post #7
Member Posts: 268 OS: Windows XP Professional	did all those steps: NEW HJT Logfile of HijackThis v1.99.1 Scan saved at 10:10:57 PM, on 12/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\LogMeIn\LogMeInSystray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Liam\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125471782656 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) Panda ActiveScan Incident Status Location Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf Adware:adware/ist.yoursitebar Not disinfected Windows Registry Adware:adware/twain-tech Not disinfected Windows Registry Adware:adware/ieplugin Not disinfected Windows Registry Adware:adware/ist.sidefind Not disinfected Windows Registry Adware:adware/keenvalue Not disinfected Windows Registry Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[.atwola.com/] Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[.ccbill.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[.go.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[.maxserving.com/] Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[.metriweb.be/] Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[.pop.mircx.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[.realmedia.com/] Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Liam\Application Data\Phoenix\Profiles\default\52gv9gp2.slt\cookies.txt[newnet.qsrch.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Liam\Cookies\liam@2o7[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Liam\Desktop\smitRem\Process.exe Adware:Adware/SpySheriff Not disinfected C:\duunk.exe Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868650.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868650.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868651.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868651.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868652.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868652.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868653.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868653.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868654.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868654.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868655.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868655.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868656.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868656.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868657.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868657.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868658.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868658.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868659.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868659.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868660.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868660.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868661.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868661.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868662.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868662.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868663.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868663.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868664.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868664.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868665.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868665.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868666.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868666.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868667.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868667.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868668.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868668.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868669.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868669.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868670.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868670.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868671.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868671.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868672.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868672.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868673.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868673.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868674.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868674.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868675.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868675.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868676.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868676.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868677.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868677.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868678.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868678.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868683.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868683.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868686.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868686.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868688.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868688.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868689.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868689.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868690.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868690.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21868695.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868695.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868697.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868699.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868706.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868709.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868711.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868713.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868716.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868720.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868724.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868731.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868732.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868735.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868736.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868739.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868741.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868744.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868746.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868750.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868843.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21868871.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868871.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21868907.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868907.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21868945.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21868945.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21869001.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869001.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21869293.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869293.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21869310.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869310.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21869341.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869341.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21869463.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869463.MOZ[.ct.360i.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\21869514.MOZ[landing.domainsponsor.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869514.MOZ[.ct.360i.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\21869529.MOZ[.adultfriendfinder.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869529.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869925.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869958.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869969.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21869993.MOZ[.ct.360i.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21870030.MOZ[.ct.360i.com/] Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\21870042.MOZ[.go.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21870042.MOZ[.ct.360i.com/] Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\21870086.MOZ[.go.com/] Spyware:Cookie/360i Not disinfected C:\RECYCLER\NPROTECT\21870086.MOZ[.ct.360i.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\21870135.MOZ[.maxserving.com/] Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\21870135.MOZ[.toplist.cz/] Spyware:Cookie/Peel Not disinfected C:\RECYCLER\NPROTECT\21870135.MOZ[.peel.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\21870792.MOZ[.maxserving.com/] Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\21870792.MOZ[.toplist.cz/] Spyware:Cookie/Peel Not disinfected C:\RECYCLER\NPROTECT\21870792.MOZ[.peel.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\21870813.MOZ[.maxserving.com/] Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\NPROTECT\21870813.MOZ[.toplist.cz/] Spyware:Cookie/Peel

Flrman1 View Member Profile	Dec 23 2006, 03:44 PM Post #8
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	* Click here to download SmitfraudFix.zip and save it to your desktop. Unzip (extract) the contents of SmitfraudFix.zip to a new SmitfraudFix folder on your desktop. Open the SmitfraudFix folder and double-click the smitfraudfix.cmd file. Select option #1 - Search by typing 1 and press "Enter" A text file will appear, which lists the infected files that it finds, if any. Copy and paste the contents of that report into your next reply to this thread. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

hulud View Member Profile	Dec 23 2006, 04:06 PM Post #9
Member Posts: 268 OS: Windows XP Professional	here is my smitfraudfix.cmd log SmitFraudFix v2.131 Scan done at 14:05:43.70, Sat 12/23/2006 Run from C:\Documents and Settings\Liam\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode �� C:\ �� C:\WINDOWS �� C:\WINDOWS\system �� C:\WINDOWS\Web �� C:\WINDOWS\system32 �� C:\Documents and Settings\Liam �� C:\Documents and Settings\Liam\Application Data �� Start Menu �� C:\DOCUME~1\Liam\FAVORI~1 �� Desktop �� C:\Program Files �� Corrupted keys �� Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" �� Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll �� AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="wbsys.dll" �� Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" �� pe386-msguard-lzx32 pe386 detected, use a Rootkit scanner �� Scanning wininet.dll infection �� End

Flrman1 View Member Profile	Dec 23 2006, 05:13 PM Post #10
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	1. Click here to download The Avenger by Swandog46 and save it to your desktop. Unzip the Avenger.zip file to extract ALL files it contains. Extract it to your desktop 2. Copy all the text contained in the quote box below to your Clipboard by highlighting it and pressing (Ctrl+C) or right clicking it and choosing "Copy": QUOTE Files to delete: c:\windows\inf\alchem.inf C:\WINDOWS\system32\rpcc.dll C:\duunk.exe Registry keys to delete: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 3. Now, start The Avenger program by clicking on its icon on your desktop. Under "Script file to execute" choose "Input Script Manually". Now click on the Magnifying Glass icon which will open a new window titled "View/edit script" Paste the text that you copied to clipboard from the quote box above into this window by pressing (Ctrl+V). Click Done Now click on the Green Light to begin execution of the script Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger�s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Come back here to this thread. Copy and paste the contents of c:\avenger.txt into your reply along with a fresh Hijack This log .

hulud View Member Profile	Dec 23 2006, 09:30 PM Post #11
Member Posts: 268 OS: Windows XP Professional	avenger.txt Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\clbytser ***************** Script file located at: \??\C:\Documents and Settings\jseixvpi.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File c:\windows\inf\alchem.inf deleted successfully. File C:\WINDOWS\system32\rpcc.dll not found! Deletion of file C:\WINDOWS\system32\rpcc.dll failed! Could not process line: C:\WINDOWS\system32\rpcc.dll Status: 0xc0000034 File C:\duunk.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc deleted successfully. Completed script processing. *************** Finished! Terminate. new HJT log** Logfile of HijackThis v1.99.1 Scan saved at 7:29:45 PM, on 12/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\devldr32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\LogMeIn\LogMeInSystray.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Liam\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125471782656 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

Flrman1 View Member Profile	Dec 24 2006, 08:36 PM Post #12
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	* Go here and do the BitDefender online virus scan. Click "I Agree" to agree to the EULA. Allow the ActiveX control to install when prompted. Click "Click here to scan" to begin the scan. Please refrain from using the computer until the scan is finished. When the scan is finished, click on "Click here to export the scan results" Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

hulud View Member Profile	Dec 25 2006, 11:29 PM Post #13
Member Posts: 268 OS: Windows XP Professional	okay, i ran the bitdefender before going to bed last night... and left it going. and i know it had picked up stuff. but this morning the pc looked like it had restarted. i re-ran bitdefender (log attached) and here is my hijackthis log ran after that. thanks! Logfile of HijackThis v1.99.1 Scan saved at 9:26:39 PM, on 12/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\LogMeIn\LogMeInSystray.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Liam\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125471782656 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing) Attached File(s) BitDefenderLog.html ( 16.64K ) Number of downloads: 12

Flrman1 View Member Profile	Dec 26 2006, 07:56 PM Post #14
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	How is the pc behaving now?

hulud View Member Profile	Dec 26 2006, 08:45 PM Post #15
Member Posts: 268 OS: Windows XP Professional	seems to be okay. havent run any scans of any sort since i posted that log. havent had any virus notifications from avg (free edition) are the logs clear? thanks for your help i will run spybot and avg scans right now This post has been edited by hulud: Dec 26 2006, 08:46 PM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Smitfraud Infection	0 / 308	20th November 2007 - 09:06 AM vamoms started - last by vamoms
Virus, Spyware and Trojan Removal Smitfraud infection (Ucleaner virus) [RESOLVED]	9 / 742	1st January 2008 - 05:36 AM strant started - last by miekiemoes
Virus, Spyware and Trojan Removal Smitfraud Infection	1 / 96	11th March 2008 - 04:08 PM cwatts started - last by cwatts
Virus, Spyware and Trojan Removal Smitfraud Infection [CLOSED]	2 / 232	25th April 2008 - 12:13 PM S. Anders started - last by greyknight17
Virus, Spyware and Trojan Removal Smitfraud Infection? [Solved] 12	16 / 232	17th May 2009 - 04:02 PM FaultlineXR started - last by sage5