This is the HiKack This LOG
Logfile of HijackThis v1.99.1
Scan saved at 7:37:02 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security 2005\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\My Documents\My Received Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beautinet.com
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpD6.tmp
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security 2005\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
This is the Panda Scan report:
Incident Status Location
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\User\Cookies\user@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\User\Cookies\user@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\User\Cookies\user@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\User\Cookies\user@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\User\Cookies\user@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\User\Cookies\user@clickbank[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\User\Cookies\[email protected][2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\User\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\User\Cookies\user@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\User\Cookies\user@fortunecity[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\User\Cookies\user@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@overture[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\User\Cookies\user@paycounter[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\User\Cookies\user@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\User\Cookies\user@revenue[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\User\Cookies\user@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\User\Cookies\user@seeq[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\User\Cookies\user@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\User\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\User\Cookies\[email protected][2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\User\Cookies\user@targetnet[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\User\Cookies\user@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\User\Cookies\user@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\User\Cookies\user@tucows[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\[email protected][2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\User\Cookies\user@valueclick[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\User\Cookies\user@webpower[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\User\Cookies\[email protected][2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\User\Cookies\user@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:adware/securityerror Not disinfected C:\Documents and Settings\User\Favorites\Antivirus Test Online.url
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\User\Local Settings\Temp\asmfiles.cab
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\User\Local Settings\Temp\p2psetup.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4JSB0RAJ\smitRem[1].exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\altnetuninstall.exe
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\asm.exe
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\asmend.exe
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Download Manager\asmps.dll
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Altnet\Points Manager\Points Manager.exe
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Spyware:spyware/web3000 Not disinfected C:\WINDOWS\hh.ico
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
Potentially unwanted tool:Application/P2PNetworking
An these are the contents of the smitfiles.txt
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 04/25/2006
The current time is: 18:28:56.62
Running from
C:\Documents and Settings\User\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
THANKS FOR YOUR HELP. I HOPE YOU CAN HELP ME.
Sign In
Create Account
