Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Have done ALL I can!

Started by pilgrimicron , Jul 20 2006 08:08 PM

Please log in to reply

#1
pilgrimicron

Posted 20 July 2006 - 08:08 PM

New Member

Member
7 posts

Hello everyone I have atried everything in your malware section. Here is the problem. I think I have gotten everything except this stupid Zlob.Downloader. After I have ran everything it just won't go away. When I run spybot if finds the registry key regperf.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:05:56 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\FarStone\GameDrive\gdtask.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\RunDLL32.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\LOOKIN~1\LookInMyPC.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...774/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

ewido log:

-------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:56:01 PM 7/20/2006

+ Scan result:

:mozilla.102:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.571:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.701:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Stephen and Jennifer\Cookies\stephen and jennifer@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.398:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.838:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.839:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.840:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.841:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.739:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.740:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.290:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.291:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.30:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.284:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.204:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.205:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.206:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.745:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.344:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.345:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.346:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.347:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.348:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.14:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.458:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.459:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.460:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.387:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.388:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.389:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.390:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Stephen and Jennifer\Cookies\stephen and [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.300:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.131:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.151:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.152:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.916:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.207:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.208:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.209:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.210:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.861:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.862:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.863:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.830:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.7:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.605:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.86:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.27:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.28:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.29:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.627:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.74:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.75:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.76:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.77:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.285:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.286:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.287:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.288:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.289:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.393:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.394:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.395:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.396:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.397:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.333:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.200:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.202:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.203:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.211:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.681:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.682:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.683:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.684:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.685:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.686:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.687:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.310:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.311:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.312:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.313:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.314:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.315:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.316:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.811:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.334:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.148:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.150:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.741:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.742:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.743:C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Panda scan:

Incident Status Location

Adware:adware/swimsuitnetwork Not disinfected c:\windows\system32\MYDLL.dll
Adware:adware/sidesearch Not disinfected Windows Registry
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.target.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Stephen and Jennifer\Cookies\stephen and jennifer@did-it[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Stephen and Jennifer\Cookies\stephen and jennifer@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Stephen and Jennifer\Cookies\stephen and jennifer@go[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Stephen and Jennifer\Cookies\stephen and jennifer@target[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stephen and Jennifer\Cookies\stephen and jennifer@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stephen and Jennifer\Desktop\smitrem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stephen and Jennifer\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\ba01c44a.exe
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\111[1].net[eltadperf.exe]
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[1].net[wni.exe][installer.exe]
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[2].net[wni.exe][installer.exe]

I know you guys must get really tired of looking at everyone elses mess but I would really appreciate the help.

#2
Flrman1

Posted 21 July 2006 - 04:50 PM

Malware Assassin

Retired Staff
6,596 posts

Hi pilgrimicron

Welcome to GTG! :whistling:

* Click here to download ATF Cleaner by Atribune and save it to your desktop.

* Click Here and download Killbox and save it to your desktop.

* Click here for info on how to boot to safe mode if you don't already know how.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste the following line:

c:\windows\system32\MYDLL.dll
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
Exit the Killbox.

* Run ATF Cleaner:

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

#3
pilgrimicron

Posted 22 July 2006 - 03:59 PM

New Member

Topic Starter
Member
7 posts

Here ya go. SpyBot still shows the Zlob.Downloader. What do ya think?

Logfile of HijackThis v1.99.1
Scan saved at 5:45:58 PM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\FarStone\GameDrive\gdtask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...774/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Scan Statistics
Total number of scanned objects 112142
Number of viruses found 4
Number of infected objects 19 / 0
Number of suspicious objects 0
Duration of the scan process 01:21:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07142006-203909.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\cert8.db Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\history.dat Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\key3.db Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\parent.lock Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\ba01c44a.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A483DD16-DBD6-46B0-91C9-4E7C3EFCB30A} Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Application Data\Mozilla\Firefox\Profiles\1h0pc78o.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\111[1].net/stream/data0002 Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\111[1].net/stream Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\111[1].net NSIS: infected - 2 skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[1].net/stream/data0002/stream/data0001 Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[1].net/stream/data0002/stream Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[1].net/stream/data0002 Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[1].net/stream Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[1].net NSIS: infected - 4 skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[2].net/stream/data0002/stream/data0001 Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[2].net/stream/data0002/stream Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[2].net/stream/data0002 Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[2].net/stream Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\03BBQK9X\123[2].net NSIS: infected - 4 skipped
C:\Documents and Settings\Stephen and Jennifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Stephen and Jennifer\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FE879901-2303-4F5A-9E16-4108E8B28622}\RP12\A0000158.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.aad skipped
C:\System Volume Information\_restore{FE879901-2303-4F5A-9E16-4108E8B28622}\RP12\A0000158.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.aad skipped
C:\System Volume Information\_restore{FE879901-2303-4F5A-9E16-4108E8B28622}\RP12\A0000158.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{FE879901-2303-4F5A-9E16-4108E8B28622}\RP12\A0000158.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{FE879901-2303-4F5A-9E16-4108E8B28622}\RP13\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ba01c44a.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\sqlite_gSxnCbWtWzgGcwv Object is locked skipped
C:\WINDOWS\temp\sqlite_omGG0BWFCibwQ2M Object is locked skipped
C:\WINDOWS\temp\sqlite_WKg6uvDAdkKcUKZ Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

#4
Flrman1

Posted 22 July 2006 - 04:53 PM

Malware Assassin

Retired Staff
6,596 posts

Tell me exatly where Spybot is finding Zlob. Better yet, post the log from the Spybot scan.

#5
Flrman1

Posted 22 July 2006 - 04:56 PM

Malware Assassin

Retired Staff
6,596 posts

* Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.

* Open Firefox.
Click on Tools, then Options
Select the Privacy icon in the left-hand panel
Click on Cookies
Click on View Cookies
Click on the Remove All Cookies button

* Double-click on Killbox.exe to run it.

Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following line:

C:\WINDOWS\system32\ba01c44a.exe
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.

* After it reboots, go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

Note: You have to use Internet Explorer to do the online scan.

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

#6
pilgrimicron

Posted 24 July 2006 - 10:09 PM

New Member

Topic Starter
Member
7 posts

ok here is the spybot log:

--- Search result list ---
ScanSpyware: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-57989841-1417001333-839522115-1004\Software\ScanSpyware

ScanSpyware: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{01667638-ABC1-4753-81FE-5E89FEA93EB6}

ScanSpyware: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{C6A5ED20-49A5-4B92-8131-D6D8C8F107EC}

ScanSpyware: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{CBE2E6C4-5D09-4B13-9FBA-DCAC57B62417}

ScanSpyware: Program directory (Directory, fixed)
C:\Program Files\ScanSpyware v3.8.0.4\

ScanSpyware: Library (File, fixed)
C:\Program Files\ScanSpyware v3.8.0.4\baBackupRestore.dll

ScanSpyware: Web page (File, fixed)
C:\Program Files\ScanSpyware v3.8.0.4\ScanSpyware.url

Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Zlob.Downloader: Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\wininet.dll=...regperf.exe...

Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)

Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)

DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)

HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)

HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)

FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)

FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)

FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)

FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)

HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)

HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-09-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-07-21 Includes\Cookies.sbi (*)
2006-07-21 Includes\Dialer.sbi (*)
2006-07-21 Includes\Hijackers.sbi (*)
2006-07-21 Includes\Keyloggers.sbi (*)
2006-07-21 Includes\Malware.sbi (*)
2006-07-21 Includes\PUPS.sbi (*)
2006-07-21 Includes\Revision.sbi (*)
2006-07-21 Includes\Security.sbi (*)
2006-07-21 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-07-21 Includes\Trojans.sbi (*)

--- Startup entries list ---
Located: HK_LM:Run, _AntiSpyware
command: c:\progra~1\mcafee\MCAFEE~1\masalert.exe
file: c:\progra~1\mcafee\MCAFEE~1\masalert.exe
size: 327680
MD5: 83d43e1077c8e90d17e194b17a7bac54

Located: HK_LM:Run, CTDVDDET
command: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
file: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: db20fce248d269e1c396e70a91e587c8

Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
file:

Located: HK_LM:Run, GameDrive
command: C:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore
file:

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7c6b5065e7326e3c91a62800df3a31fa

Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: e8d2dcece015f4558aa3853514664f15

Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 212992
MD5: dec79e9887924b82837b9b7730ecaa1f

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RunDLL32.exe NvMCTray.dll,NvTaskbarInit
file: C:\WINDOWS\SYSTEM32\RunDLL32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, OASClnt
command: C:\Program Files\McAfee.com\VSO\oasclnt.exe
file: C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76e033f33912bfaca4a05be8d1f3a740

Located: HK_LM:Run, razer
command: C:\Program Files\Razer\razerhid.exe
file: C:\Program Files\Razer\razerhid.exe
size: 147456
MD5: 5f25da46a23c16629264424a764a9946

Located: HK_LM:Run, SBDrvDet
command: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
file:

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 67584
MD5: 77abdf73d9d90144a4e1f3a030ea042f

Located: HK_LM:Run, VirusScan Online
command: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
file: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: b154ac6dbd82f96476003e58e1625bd8

Located: HK_LM:Run, VSOCheckTask
command: "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
file: C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
size: 151552
MD5: 3c943ceb913520f9981d82db93ba7a8a

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207bba7a51043ff2c5d64df4c3b6310

Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 7094272
MD5: b83e12b5341c5dcecc5c217a824ffeb1

Located: Startup (common), Loadout Manager.lnk
command: C:\Program Files\Belkin\Nostromo\nost_LM.exe
file: C:\Program Files\Belkin\Nostromo\nost_LM.exe
size: 442368
MD5: deae290757d4b957327e1ff940ced37c

Located: System.ini, AtiExtEvent
command:
file:

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{00C6482D-C502-44C8-8409-FCE54AD9C208} (HelperObject Class)
BHO name:
CLSID name: HelperObject Class
description: SnagIt
classification: Legitimate
known filename: SnagItBHO.dll
info link: http://www.techsmith...git/default.asp
info source: TonyKlein
Path: C:\Program Files\TechSmith\SnagIt 8\
Long name: SnagItBHO.dll
Short name: SNA335~1.DLL
Date (created): 5/10/2006 8:02:00 AM
Date (last access): 7/24/2006 11:23:50 PM
Date (last write): 5/10/2006 8:02:00 AM
Filesize: 49152
Attributes: archive
MD5: 3B796EB5B55AAD5288CF56021B05A597
CRC32: 93DD1374
Version: 1.0.1.0

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/24/2005 1:12:08 AM
Date (last access): 7/24/2006 11:50:50 PM
Date (last write): 9/24/2005 1:12:08 AM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 7/24/2006 11:18:06 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com...atpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 9/24/2005 1:41:42 AM
Date (last access): 7/24/2006 11:50:50 PM
Date (last write): 9/24/2005 1:41:42 AM
Filesize: 231160
Attributes: archive
MD5: 6A95C44FFF0AFE30351CBC92CF327924
CRC32: 8A33F35E
Version: 7.0.5.172

--- ActiveX list ---
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate)
DPF name:
CLSID name: Creative Software AutoUpdate
Installer: C:\WINDOWS\Downloaded Program Files\CTSUEng.inf
Codebase: http://www.creative....015/CTSUEng.cab
description:
classification: Open for discussion
known filename: CTSUEng.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: CTSUEng.ocx
Short name:
Date (created): 6/22/2005 6:37:28 PM
Date (last access): 7/24/2006 11:33:02 PM
Date (last write): 6/22/2005 6:37:28 PM
Filesize: 225280
Attributes: archive
MD5: F78ACCCE90722CB62F2D3767BEEBA545
CRC32: 03683A52
Version: 1.50.12.0

{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://www.pcpitstop...p/PCPitStop.CAB
description: Gateway tools
classification: Open for discussion
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 1/5/2005 9:02:56 PM
Date (last access): 7/24/2006 11:33:04 PM
Date (last write): 3/3/2006 4:32:36 PM
Filesize: 263456
Attributes: archive
MD5: 4C4E5E0791405EE808B53DD5B8DE2E3E
CRC32: 644A9B79
Version: 1.0.0.147

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky...can_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 3/20/2006 1:17:20 PM
Date (last access): 7/24/2006 11:39:24 PM
Date (last write): 3/20/2006 1:17:20 PM
Filesize: 798720
Attributes: archive
MD5: F74B09086C2097BC535C5DCCCD3402AC
CRC32: 01AA9D3D
Version: 5.0.83.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft....k/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 6:04:22 PM
Date (last access): 7/24/2006 11:39:28 PM
Date (last write): 6/19/2006 4:19:42 PM
Filesize: 571184
Attributes: archive
MD5: 31BF58C9814F840EB10A2B7A410ABEA3
CRC32: DAFAE165
Version: 1.5.540.0

{1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class)
DPF name:
CLSID name: iCC Class
Installer: C:\WINDOWS\Downloaded Program Files\pcpconncheck.inf
Codebase: http://www.pcpitstop...cpConnCheck.cab
description:
classification: Open for discussion
known filename: PCPCONNCHECK.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: pcpConnCheck.dll
Short name: PCPCON~1.DLL
Date (created): 12/8/2003 11:14:20 AM
Date (last access): 7/24/2006 11:33:04 PM
Date (last write): 12/8/2003 11:14:20 AM
Filesize: 86016
Attributes: archive
MD5: B22B240E952120C0A5251AFA542477D3
CRC32: B58B03EE
Version: 1.0.0.4

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://download.mcaf...01/mcinsctl.cab
description:
classification: Open for discussion
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: mcinsctl.dll
Short name:
Date (created): 10/18/2005 11:08:04 AM
Date (last access): 7/24/2006 11:36:14 PM
Date (last write): 10/18/2005 11:08:04 AM
Filesize: 349760
Attributes: archive
MD5: 4BCCCA6CBD89CE29DD7FE0BB1E0DCDD3
CRC32: FF5BF715
Version: 4.0.0.101

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
Codebase: http://download.bitd...can8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: oscan8.ocx
Short name:
Date (created): 6/1/2006 2:54:16 AM
Date (last access): 7/24/2006 11:33:04 PM
Date (last write): 6/1/2006 2:54:16 AM
Filesize: 471040
Attributes: archive
MD5: 9026F860148F0569BD92AEEFC4BDDFD7
CRC32: D1520CCE
Version: 1.0.0.1

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.syma...n/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 4/20/2006 1:43:06 PM
Date (last access): 7/24/2006 11:33:04 PM
Date (last write): 4/20/2006 1:43:06 PM
Filesize: 161480
Attributes: archive
MD5: 3CB430974D11764CEEFB3120876BFB1F
CRC32: C269885A
Version: 2006.2.15.43

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 7/24/2006 11:18:04 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoft...free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2006 5:10:10 PM
Date (last access): 7/24/2006 11:33:02 PM
Date (last write): 4/11/2006 5:10:10 PM
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0

{A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class)
DPF name:
CLSID name: FujifilmUploader Class
Installer: C:\WINDOWS\Downloaded Program Files\FujifilmUploadClient.inf
Codebase: http://photo.walmart...ploadClient.cab
description:
classification: Open for discussion
known filename: FujifilmUploadClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FujifilmUploadClient.dll
Short name: FUJIFI~1.DLL
Date (created): 3/9/2005 3:59:54 PM
Date (last access): 7/24/2006 11:33:02 PM
Date (last write): 3/9/2005 3:59:54 PM
Filesize: 3002368
Attributes: archive
MD5: B46ED281514F794CF68DEAD807099E88
CRC32: FBC90B62
Version: 1.0.0.0

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase: http://download.mcaf...,26/mcgdmgr.cab
description:
classification: Open for discussion
known filename: McGDMgr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: McGDMgr.dll
Short name:
Date (created): 5/24/2005 7:23:32 PM
Date (last access): 7/24/2006 11:36:14 PM
Date (last write): 5/24/2005 7:23:32 PM
Filesize: 288320
Attributes: archive
MD5: DAD85986ECE72BC56A535FCC116AA6DD
CRC32: 6B1048D3
Version: 1.0.0.26

{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_10
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\j2re1.4.2_10\bin\
Long name: NPJPI142_10.dll
Short name: NPJPI1~1.DLL
Date (created): 10/10/2005 5:29:40 PM
Date (last access): 7/24/2006 11:16:56 PM
Date (last write): 10/10/2005 5:29:26 PM
Filesize: 65650
Attributes: archive
MD5: 6C60CCE3BB22CF66B6D056096AA76E02
CRC32: E0C8A7A5
Version: 1.4.2.100

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_04.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2005 3:52:58 AM
Date (last access): 7/24/2006 11:17:48 PM
Date (last write): 6/3/2005 4:09:54 AM
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 7/24/2006 11:18:04 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11)
DPF name:
CLSID name: Measurement Services Client v.3.11
Installer: C:\WINDOWS\Downloaded Program Files\MSC3.inf
Codebase: http://gameadvisor.f...obal/msc311.cab
Path: C:\WINDOWS\system32\FUTURE~1\MSC\
Long name: MSC3.ocx
Short name:
Date (created): 5/10/2006 12:14:54 PM
Date (last access): 7/24/2006 11:39:12 PM
Date (last write): 5/10/2006 12:14:54 PM
Filesize: 1089536
Attributes: archive
MD5: EB790C14E0B00D30D26A92A3E37EC0B9
CRC32: A481BDA8
Version: 3.11.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.ma...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash.ocx
Short name:
Date (created): 2/24/2005 1:21:52 PM
Date (last access): 7/24/2006 11:39:30 PM
Date (last write): 6/9/2004 4:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Installer: C:\WINDOWS\Downloaded Program Files\mcfscan.inf
Codebase: http://download.mcaf...774/mcfscan.cab
description:
classification: Legitimate
known filename: mcfscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 4/19/2006 9:58:34 AM
Date (last access): 7/24/2006 11:35:34 PM
Date (last write): 5/31/2006 9:43:12 AM
Filesize: 116288
Attributes: archive
MD5: B89E339E96965DD45677FCCE80DA4492
CRC32: 8270319E
Version: 2.1.0.4774

{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
Codebase: http://www.creative....15016/CTPID.cab
description:
classification: Open for discussion
known filename: CTPID.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: CTPID.ocx
Short name:
Date (created): 8/19/2005 3:52:24 PM
Date (last access): 7/24/2006 11:33:02 PM
Date (last write): 8/19/2005 3:52:24 PM
Filesize: 32768
Attributes: archive
MD5: 85037C17A443F5E7DBB278AF131538D5
CRC32: 038B7217
Version: 1.0.22.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 568 ( 4) \SystemRoot\System32\smss.exe
PID: 620 ( 568) \??\C:\WINDOWS\system32\csrss.exe
PID: 660 ( 568) \??\C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 712 ( 660) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 724 ( 660) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 872 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 932 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1000 ( 712) C:\Program Files\Windows Defender\MsMpEng.exe
size: 14032
MD5: E7E81C6BCD697F5921DF6D6781D2673D
PID: 1044 ( 712) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1068 ( 712) C:\Program Files\Ahead\InCD\InCDsrv.exe
size: 869376
MD5: E30AA40B2FCDB0B8818C4521DE7E2CDC
PID: 1288 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1320 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1504 ( 712) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1708 (1680) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1760 (1708) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7C6B5065E7326E3C91A62800DF3A31FA
PID: 1768 (1708) C:\WINDOWS\SOUNDMAN.EXE
size: 67584
MD5: 77ABDF73D9D90144A4E1F3A030EA042F
PID: 1780 (1708) C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
size: 57344
MD5: E7D1D8179FE03E2BC569A92B56509414
PID: 1796 (1708) C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: DB20FCE248D269E1C396E70A91E587C8
PID: 1832 (1708) C:\Program Files\Razer\razerhid.exe
size: 147456
MD5: 5F25DA46A23C16629264424A764A9946
PID: 1844 (1708) C:\Program Files\FarStone\GameDrive\gdtask.exe
size: 143360
MD5: F087365634C899A25CBE804BB9105A6F
PID: 1868 (1708) C:\WINDOWS\system32\RunDLL32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1884 (1708) C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: B154AC6DBD82F96476003E58E1625BD8
PID: 1900 (1708) C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76E033F33912BFACA4A05BE8D1F3A740
PID: 1912 (1708) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: E8D2DCECE015F4558AA3853514664F15
PID: 1936 (1884) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 483328
MD5: 3B1A1BAA8D7444DEFCE4093611212ED6
PID: 1968 (1708) C:\progra~1\mcafee\MCAFEE~1\masalert.exe
size: 327680
MD5: 83D43E1077C8E90D17E194B17A7BAC54
PID: 1988 (1708) C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207BBA7A51043FF2C5D64DF4C3B6310
PID: 168 (1708) C:\Program Files\Belkin\Nostromo\nost_LM.exe
size: 442368
MD5: DEAE290757D4B957327E1FF940CED37C
PID: 444 ( 872) c:\progra~1\mcafee.com\vso\mcvsftsn.exe
size: 299008
MD5: FBB63395BDE6DBE39D4D469A046D5311
PID: 468 ( 872) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 536 ( 712) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 108 ( 712) C:\Program Files\ewido anti-spyware 4.0\guard.exe
size: 172032
MD5: F8D982556A9E0795829632FF0812DC2D
PID: 616 ( 712) c:\progra~1\mcafee\mcafee antispyware\massrv.exe
size: 1003520
MD5: 00A6ED61311E73F11D6ECAED9B8F86CB
PID: 728 ( 712) c:\program files\mcafee.com\agent\mcdetect.exe
size: 126976
MD5: F73B0F3EBD90B1C87A3B93BE94E831C7
PID: 980 ( 712) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 221184
MD5: FAE84A2F9C11B7C532950BF0AE1EC26A
PID: 1244 ( 712) c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
size: 122368
MD5: A214E217784D1002411DCA8E9793D4A4
PID: 1596 ( 712) C:\WINDOWS\system32\nvsvc32.exe
size: 155715
MD5: BE4A98439A5E26CBC70DB20E996938DC
PID: 1652 ( 712) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1820 ( 712) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2092 ( 712) C:\WINDOWS\system32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 2316 ( 872) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 2764 ( 712) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3632 (1832) C:\Program Files\Razer\razertra.exe
size: 114688
MD5: 073EC5C0E14E67BF3FF74BE6031A6B61
PID: 3776 (1832) C:\Program Files\Razer\razerofa.exe
size: 143360
MD5: E24E6F9D065C91F7BA8C49F326291AC4
PID: 3040 (1708) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/25/2006 12:02:37 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...p...&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsof...search.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...p...ER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BED9A4C-6DFC-4D51-9138-CBFBE80C52AD}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BED9A4C-6DFC-4D51-9138-CBFBE80C52AD}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{916F4117-F282-4A6E-B31A-800F19E82B32}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{916F4117-F282-4A6E-B31A-800F19E82B32}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{231E3817-E3B8-43ED-B951-65C25C53B4AD}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{231E3817-E3B8-43ED-B951-65C25C53B4AD}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D00D2A71-A5B7-42C3-BF54-E62C465D361D}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D00D2A71-A5B7-42C3-BF54-E62C465D361D}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2D39974-225C-4AD7-B3D9-02359ACC6BAC}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2D39974-225C-4AD7-B3D9-02359ACC6BAC}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD58A142-D926-4BE9-8CBC-8C1557720C87}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CD58A142-D926-4BE9-8CBC-8C1557720C87}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89F7B02D-4D74-4E10-9A0C-626CFA8DFA9A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89F7B02D-4D74-4E10-9A0C-626CFA8DFA9A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDE169E0-4C37-4C0F-A0E2-3E20E8F6FBD0}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDE169E0-4C37-4C0F-A0E2-3E20E8F6FBD0}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BFCB9DC-1B6A-4BD2-B706-BF4B15205E55}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9BFCB9DC-1B6A-4BD2-B706-BF4B15205E55}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46F058E3-80BA-422C-8D6E-B0BFA31B6FDB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46F058E3-80BA-422C-8D6E-B0BFA31B6FDB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55DA0524-AE83-4A96-9E13-94466C763119}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55DA0524-AE83-4A96-9E13-94466C763119}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29296CE7-F3A7-43A9-9896-4187AB1314DB}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29296CE7-F3A7-43A9-9896-4187AB1314DB}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

--- Uninstall list ---
1Click DVD Copy 4.1 (1Click DVD Copy 4.1)
uninstall cmd: "C:\Program Files\LG Software Innovations\1Click DVD Copy 4.1\setup\uninst.exe"

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Acrobat 7.0.5 Professional 7.0.5 (Adobe Acrobat 7.0 Professional)
version (major): 7
version (minor): 5
install date: 12/29/2005
install location: C:\Program Files\Adobe\Acrobat 7.0\
uninstall cmd: msiexec /I {AC76BA86-1033-0000-7760-000000000002}
publisher: Adobe Systems
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Readme.htm

AnyDVD (AnyDVD)
install location: C:\Program Files\SlySoft\AnyDVD
uninstall cmd: "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
publisher: SlySoft

Creative Audio Console (AudioConSole)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove

(AudioHQ)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove

(BackWeb-8876480 Uninstaller)

Birthday Bios 4.1.0 (Birthday Bios)
uninstall cmd: C:\PROGRA~1\BIRTHD~1\UNWISE.EXE C:\PROGRA~1\BIRTHD~1\INSTALL.LOG
publisher: Symphonic Software
contact: Tech Support
help link: http://www.symphonicsoftware.com
help telephone: 515-274-0422

(Branding)

BurnInTest v4.0 Standard 3.2 (BurnInTest_is1)
install location: C:\Program Files\BurnInTest\
uninstall cmd: "C:\Program Files\BurnInTest\unins000.exe"
publisher: Passmark Software
help link: http://www.passmark.com/support/

Call of Duty (Call of Duty)
uninstall cmd: C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log

Clifford Learning Activities (Clifford Learning Activities)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Uninst.isu" -c"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\_UnInstall.dll"

CloneDVD2 (CloneDVD2)
install location: C:\Program Files\Elaborate Bytes\CloneDVD2
uninstall cmd: "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
publisher: Elaborate Bytes

(Connection Manager)

CopyToDVD 3.0.39 (CopyToDVD_is1)
install location: C:\Program Files\vso\CopyToDVD\
uninstall cmd: "C:\Program Files\vso\CopyToDVD\unins000.exe"
publisher: VSO Software

(Creative MediaSource)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove

(Creative MediaSource AudioSync Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove

(Creative MediaSource CD-ROM Burner Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove

(Creative MediaSource Detector)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove

(Creative MediaSource DVD-Audio Player)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove

(Creative MediaSource Go!)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove

(Creative MediaSource NOMAD II/MG Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove

(Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove

(Creative MediaSource NOMAD Jukebox Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x9 /remove

(Creative MediaSource NOMAD MuVo Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove

(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove

(Creative MediaSource RemoteControl Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove

(Creative MiniDisc Center)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove

(Creative Restore Defaults)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove

(Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Progr

#7
pilgrimicron

Posted 24 July 2006 - 10:15 PM

New Member

Topic Starter
Member
7 posts

Hijack This uninstall:

µTorrent
1Click DVD Copy 4.1
Ad-Aware SE Personal
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Acrobat 7.0.5 Professional
Adobe Reader 7.0
AnyDVD
Battlefield 2™
Battlefield 2™ Demo
Battlefield 2: Special Forces
Birthday Bios
BurnInTest v4.0 Standard
Call of Duty
Call of Duty - United Offensive
Call of Duty® 2
Clifford Learning Activities
CloneDVD2
CopyToDVD
Creative Audio Console
Creative MediaSource
Creative System Information
DivX
DivX Converter
DivX Player
DivX Web Player
DivxToDVD 1.99.24
DVD Shrink 3.2
EA downloader
EAX Unified
ewido anti-spyware 4.0
Family Feud (remove only)
Far Cry
FireTune for Firefox v1.x
First Step Guide
Futuremark Measurement Services Client
GameDrive
GameSpy Arcade
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
hp deskjet 825c series (Remove only)
HP Software Update
Image Resizer Powertoy for Windows XP
ImageMixer EasyStepDVD
Intel® 537EP Modem
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_10
JumpStart Phonics
JumpStart Preschool
Kaspersky Online Scanner
LookInMyPC
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee AntiSpyware
McAfee SecurityCenter
McAfee VirusScan
MGI PhotoSuite II SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Halo
Microsoft Office XP Professional
Microsoft Plus! for Windows XP
Microsoft Return of Arcade
Microsoft Works 2000
Movielink Manager
Mozilla Firefox (1.5.0.4)
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nero Suite
NeroMIX
Nostromo Array Programming Software
NVDVD
NVIDIA Drivers
Omni Auction Builder
Operation
Over the Hedge™ Demo
Paint.NET v2.64
Panda ActiveScan
Pankaj Arora Software's Tumi Cursor PowerPack (Remove)
PCBugDoctor version 1.0.0.4
PhotoParade Player
Picture Package
Playtime For Baby & Toddler
PowerDVD
Quake 4™
QuickTime
QuickTime Alternative 1.39
Razer
Real Alternative 1.30
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Rise Of Legends
ScanSpyware v3.8.0.4
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SnagIt 8
Snes9x
Soltek Hardware Monitor
Sony DVD Handycam USB Driver 2
Sound Blaster Audigy 2 ZS
SpeeDefrag 3.1.1
Spybot - Search & Destroy 1.4
The Battle for Middle-earth ™ II
Tomb Raider: Legend Demo 1.0
Trillian
Tweak-XP Pro 4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Ventrilo
VIA Platform Device Manager
VideoLAN VLC media player 0.8.5
Wheel of Fortune Deluxe (remove only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip

#8
Flrman1

Posted 25 July 2006 - 07:10 PM

Malware Assassin

Retired Staff
6,596 posts

* I am attaching a fix.zip file to this post. Download it and save it to your desktop. Unzip it to extract the fix.reg file it contains.

Doubleclick on the fix.reg file to add it to the registry. Answer yes to confirm the merge.

* Go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_10
ScanSpyware v3.8.0.4

* Click here to download smitRem.exe.

Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
If the link to SmitRem above is not working try this one.

* Update ewido:

On the main screen select the icon "Update" then select the "Update now" link.
- Select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
If you cannot download the updates, update manuallly according to the directions here.
DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

* Run ewido:

Launch ewido by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient it may take a while for the scan to complete.
When the scan is complete, if you have any infections you will be prompted to select an action.
Select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen
Save the report as a text file and save it to your desktop.
Close ewido.

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

* Restart back into Windows normally now.

* Now go here and install the latest version of Java.

* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it.

Note: You have to use Internet Explorer to do the online scan.

SmitRem creates a log file with the results of it's fix in C:\smitfiles.txt. Go to your C drive and locate the smitfiles.txt file. Copy and paste the contents of the smitfiles.txt file in your next reply here along with a new HiJackThis log

Attached Files

fix.zip 254bytes 113 downloads

Edited by Flrman1, 25 July 2006 - 07:12 PM.

#9
pilgrimicron

Posted 26 July 2006 - 05:40 PM

New Member

Topic Starter
Member
7 posts

It is still showing up in spybot and it says it can't remove it because it is in memory.

Logfile of HijackThis v1.99.1
Scan saved at 7:38:45 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\FarStone\GameDrive\gdtask.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...774/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

smitRem © log file
version 3.1

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Tue 07/25/2006
The current time is: 22:34:58.12

Running from
C:\Documents and Settings\Stephen and Jennifer\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

checking for drsmartload2 key

drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Trust Cleaner Fix © by noahdfear

Starting Trust Cleaner uninstaller

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SpyHeal uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 912 'explorer.exe'
Killing PID 912 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :whistling:

#10
pilgrimicron

Posted 26 July 2006 - 05:49 PM

New Member

Topic Starter
Member
7 posts

This is what windows defender shows. It is the same path that spybot shows for the Zlob.Downloader. Here is my lookinmypc log.

Running Desktop Applications - What's This?
Name
LookInMyPC Inspector
Geeks to Go! -> Replying in Have done ALL I can! - Mozilla Firefox
smitfiles - Notepad
Local Disk (C:)
Spybot - Search & Destroy
TREND MICRO HouseCall 6.5 - Microsoft Internet Explorer
Installed Programs - What's This?
Program
1Click DVD Copy 4.1 (1Click DVD Copy 4.1)
Ad-Aware SE Personal (Ad-Aware SE Personal)
AddressBook
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.0 Professional (Adobe Acrobat 7.0.5 Professional)
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Reader 7.0
AnyDVD (AnyDVD)
AudioConSole (Creative Audio Console)
AudioHQ
AutoUpdate
BackWeb-8876480 Uninstaller
Battlefield 2: Special Forces
Battlefield 2TM
Battlefield 2TM Demo
Birthday Bios (Birthday Bios)
Branding
BurnInTest_is1 (BurnInTest v4.0 Standard)
Call of Duty - United Offensive
Call of Duty (Call of Duty)
Call of DutyR 2
Call of DutyR 2 Patch 1.3
Clifford Learning Activities (Clifford Learning Activities)
CloneDVD2 (CloneDVD2)
Connection Manager
CopyToDVD_is1 (CopyToDVD)
Creative MediaSource
Creative MediaSource AudioSync Plugin
Creative MediaSource CD-ROM Burner Plugin
Creative MediaSource Detector
Creative MediaSource DVD-Audio Player
Creative MediaSource Go!
Creative MediaSource NOMAD II/MG Plugin
Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin
Creative MediaSource NOMAD Jukebox Plugin
Creative MediaSource NOMAD MuVo Plugin
Creative MediaSource Player Skin Pack
Creative MediaSource RemoteControl Plugin
Creative MiniDisc Center
Creative Restore Defaults
Creative WaveStudio
Diagnostics_Audigy2
DirectAnimation
DirectDrawEx
DivX
DivX Converter
DivX Player
DivX Web Player
DTS Console
Dungeon Siege 1.0
DVD Shrink_is1 (DVD Shrink 3.2)
DXM_Runtime
EA downloader
EAX
EAX Unified (EAX Unified)
EQUALIZER
ewidoantispyware4 (ewido anti-spyware 4.0)
Family Feud (Family Feud (remove only))
Far Cry
Far Cry Patch 1.3
Far Cry Patch 1.31
Far Cry Patch 2
FireTune for Firefox v1.x (FireTune for Firefox v1.x)
First Step Guide
Fontcore
GameDrive
GameSpy Arcade (GameSpy Arcade)
Google Earth
Halo (Microsoft Halo)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis (HijackThis 1.99.1)
hp deskjet 825c series (hp deskjet 825c series (Remove only))
HP Software Update
ICW
IE40
IE4Data
IE5BAKEX
IEData
Image Resizer Powertoy for Windows XP
ImageMixer EasyStepDVD
InCD!UninstallKey
InstallShield Uninstall Information
Intel® 537EP Modem (Intel® 537EP Modem)
is1 DivxToDVD 1.99.24
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner (Kaspersky Online Scanner)
KB867282 (Windows XP Hotfix - KB867282)
KB873333 (Windows XP Hotfix - KB873333)
KB873339 (Windows XP Hotfix - KB873339)
KB883939 (Security Update for Windows XP (KB883939))
KB884016
KB885250 (Windows XP Hotfix - KB885250)
KB885835 (Windows XP Hotfix - KB885835)
KB885836 (Windows XP Hotfix - KB885836)
KB885884 (Windows XP Hotfix - KB885884)
KB886185 (Windows XP Hotfix - KB886185)
KB887472 (Windows XP Hotfix - KB887472)
KB887742 (Windows XP Hotfix - KB887742)
KB887797 (Windows XP Hotfix - KB887797)
KB888113 (Windows XP Hotfix - KB888113)
KB888302 (Windows XP Hotfix - KB888302)
KB890046 (Security Update for Windows XP (KB890046))
KB890047 (Windows XP Hotfix - KB890047)
KB890175 (Windows XP Hotfix - KB890175)
KB890859 (Windows XP Hotfix - KB890859)
KB890923 (Windows XP Hotfix - KB890923)
KB891781 (Windows XP Hotfix - KB891781)
KB893066 (Windows XP Hotfix - KB893066)
KB893086 (Windows XP Hotfix - KB893086)
KB893756 (Security Update for Windows XP (KB893756))
KB893803 (Windows Installer 3.1 (KB893803))
KB893803v2 (Windows Installer 3.1 (KB893803))
KB894391 (Update for Windows XP (KB894391))
KB896344 (Hotfix for Windows XP (KB896344))
KB896358 (Security Update for Windows XP (KB896358))
KB896422 (Security Update for Windows XP (KB896422))
KB896423 (Security Update for Windows XP (KB896423))
KB896424 (Security Update for Windows XP (KB896424))
KB896428 (Security Update for Windows XP (KB896428))
KB896688 (Security Update for Windows XP (KB896688))
KB896727 (Update for Windows XP (KB896727))
KB898461 (Update for Windows XP (KB898461))
KB899587 (Security Update for Windows XP (KB899587))
KB899588 (Security Update for Windows XP (KB899588))
KB899591 (Security Update for Windows XP (KB899591))
KB900485 (Update for Windows XP (KB900485))
KB900725 (Security Update for Windows XP (KB900725))
KB900930 (Update for Windows XP (KB900930))
KB901017 (Security Update for Windows XP (KB901017))
KB901214 (Security Update for Windows XP (KB901214))
KB902400 (Security Update for Windows XP (KB902400))
KB903235 (Security Update for Windows XP (KB903235))
KB904706 (Security Update for Windows XP (KB904706))
KB905414 (Security Update for Windows XP (KB905414))
KB905749 (Security Update for Windows XP (KB905749))
KB905915 (Security Update for Windows XP (KB905915))
KB908519 (Security Update for Windows XP (KB908519))
KB908531 (Security Update for Windows XP (KB908531))
KB910437 (Update for Windows XP (KB910437))
KB911280 (Security Update for Windows XP (KB911280))
KB911562 (Security Update for Windows XP (KB911562))
KB911564 (Security Update for Windows Media Player (KB911564))
KB911565 (Security Update for Windows Media Player 10 (KB911565))
KB911567 (Security Update for Windows XP (KB911567))
KB911927 (Security Update for Windows XP (KB911927))
KB912812 (Security Update for Windows XP (KB912812))
KB912919 (Security Update for Windows XP (KB912919))
KB913446 (Security Update for Windows XP (KB913446))
KB913580 (Security Update for Windows XP (KB913580))
KB914388 (Security Update for Windows XP (KB914388))
KB914389 (Security Update for Windows XP (KB914389))
KB916281 (Security Update for Windows XP (KB916281))
KB916595 (Update for Windows XP (KB916595))
KB917159 (Security Update for Windows XP (KB917159))
KB917283.T1_1ToU93_1 (Security Update for Microsoft .NET Framework 2.0 (KB917283))
KB917344 (Security Update for Windows XP (KB917344))
KB917734_WMP10 (Security Update for Windows Media Player 10 (KB917734))
KB917953 (Security Update for Windows XP (KB917953))
KB918439 (Security Update for Windows XP (KB918439))
LookInMyPC (LookInMyPC)
M886903 (Microsoft .NET Framework 1.1 Hotfix (KB886903))
Macromedia Flash Player
Macromedia Shockwave Player (Macromedia Shockwave Player)
McAfee AntiSpyware (McAfee AntiSpyware)
Mcafee SecurityCenter (McAfee SecurityCenter)
Measurement Services Client (Futuremark Measurement Services Client)
MGI_PRISM_V1_0 (MGI PhotoSuite II SE (Remove Only))
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (1033) (Microsoft .NET Framework 1.1)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
Microsoft Office XP Professional
Microsoft Plus! for Windows XP
Microsoft Works 2000
MobileOptionPack
Movielink Manager (Movielink Manager)
Mozilla Firefox (1.5.0.4) (Mozilla Firefox (1.5.0.4))
MPlayer2
MSI30a-KB884016
MSI30-Beta1
MSI30-Beta2
MSI30-KB884016
MSI30-RC1
MSI30-RC2
MSI31-Beta
MSI31-RC1
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nero - Burning Rom!UninstallKey
NeroMultiInstaller!UninstallKey (Nero Suite)
NeroVision!UninstallKey
NetMeeting
NMIX!UninstallKey (NeroMIX)
NMPUninstallKey
Nostromo Array Programming Software
NVDVD
NVEContent!UninstallKey
NVIDIA Drivers (NVIDIA Drivers)
Omni_Auction_Builder (Omni Auction Builder)
OpDKey (Operation)
OutlookExpress
Over the HedgeTM Demo
Paint.NET v2.64
Panda ActiveScan (Panda ActiveScan)
Pankaj Arora Software's Tumi Cursor PowerPack (Pankaj Arora Software's Tumi Cursor PowerPack (Remove))
PCBugDoctor_is1 (PCBugDoctor version 1.0.0.4)
PCHealth
PHONICS (JumpStart Phonics)
PhotoParade.exe (PhotoParade Player)
Picture Package
Platform
Playtime For Baby & Toddler (Playtime For Baby & Toddler)
PowerDVD
PRSCHL99 (JumpStart Preschool)
Quake 4TM
Quake 4TM 1.0.4 Patch
QuickTime (QuickTime)
QuicktimeAlt_is1 (QuickTime Alternative 1.39)
Razer
RealAlt_is1 (Real Alternative 1.30)
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Return of Arcade (Microsoft Return of Arcade)
Rise Of Legends
Rrr132.exe (Reader Rabbit's Reading 1)
SB Audigy 2 Getting Started Demo
SchedulingAgent
SFBM
Shockwave
ShockwaveFlash (Macromedia Flash Player 8)
SnagIt 8
Snes9x (Snes9x)
Soltek Hardware Monitor
Sony DVD Handycam USB Driver 2
Sound Blaster Audigy 2 ZS
Sound Blaster Audigy 2 ZS Windows Drivers
SPEAKER
SPKR_CALIBRATOR
Spybot - Search & Destroy_is1 (Spybot - Search & Destroy 1.4)
SURMIXER
SysInfo (Creative System Information)
The Battle for Middle-earth tm II
THX_Console
Tomb Raider: Legend Demo (Tomb Raider: Legend Demo 1.0)
Tweak-XP Pro 4 (Tweak-XP Pro 4)
uTorrent (µTorrent)
Ventrilo
VIA Platform Device Manager
VirusScan Online (McAfee VirusScan)
WebFldrs XP
WGA (Windows Genuine Advantage Validation Tool)
WgaNotify (Windows Genuine Advantage Notifications (KB905474))
Wheel of Fortune Deluxe (Wheel of Fortune Deluxe (remove only))
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime (Windows Media Format Runtime)
Windows Media Player (Windows Media Player 10)
WinRAR archiver (WinRAR archiver)
WinZip (WinZip)

Installed Services - What's This?
Program Path Start Mode Use Desktop Run As Status
.NET Runtime Optimization Service v2.0.50727_X86 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Manual No LocalSystem Stopped
Adobe LM Service "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Manual No LocalSystem Stopped
Alerter C:\WINDOWS\system32\svchost.exe -k LocalService Disabled No NT AUTHORITY\LocalService Stopped
Application Layer Gateway Service C:\WINDOWS\System32\alg.exe Manual No NT AUTHORITY\LocalService Running
Application Management C:\WINDOWS\system32\svchost.exe -k netsvcs Manual No LocalSystem Stopped
ASP.NET State Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Manual No NT AUTHORITY\NetworkService Stopped
Automatic Updates C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
Background Intelligent Transfer Service C:\WINDOWS\system32\svchost.exe -k netsvcs Manual No LocalSystem Stopped
ClipBook C:\WINDOWS\system32\clipsrv.exe Disabled No LocalSystem Stopped
COM+ Event System C:\WINDOWS\system32\svchost.exe -k netsvcs Manual No LocalSystem Running
COM+ System Application C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Manual No LocalSystem Stopped
Computer Browser C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Stopped
Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe Auto No LocalSystem Running
Cryptographic Services C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
DCOM Server Process Launcher C:\WINDOWS\system32\svchost -k DcomLaunch Auto No LocalSystem Running
DHCP Client C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
Distributed Link Tracking Client C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
Distributed Transaction Coordinator C:\WINDOWS\system32\msdtc.exe Manual No NT AUTHORITY\NetworkService Stopped
DNS Client C:\WINDOWS\system32\svchost.exe -k NetworkService Auto No NT AUTHORITY\NetworkService Running
Error Reporting Service C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
Event Log C:\WINDOWS\system32\services.exe Auto No LocalSystem Running
ewido anti-spyware 4.0 guard C:\Program Files\ewido anti-spyware 4.0\guard.exe Auto No LocalSystem Running
Fast User Switching Compatibility C:\WINDOWS\System32\svchost.exe -k netsvcs Manual No LocalSystem Running
Help and Support C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
HTTP SSL C:\WINDOWS\System32\svchost.exe -k HTTPFilter Manual No LocalSystem Stopped
Human Interface Device Access C:\WINDOWS\System32\svchost.exe -k netsvcs Disabled No LocalSystem Stopped
IMAPI CD-Burning COM Service C:\WINDOWS\system32\imapi.exe Manual No LocalSystem Stopped
InCD Helper C:\Program Files\Ahead\InCD\InCDsrv.exe Auto No LocalSystem Running
Indexing Service C:\WINDOWS\system32\cisvc.exe Manual Yes LocalSystem Stopped
InstallDriver Table Manager "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" Manual No LocalSystem Stopped
IPSEC Services C:\WINDOWS\system32\lsass.exe Auto No LocalSystem Running
Logical Disk Manager Administrative Service C:\WINDOWS\System32\dmadmin.exe /com Manual No LocalSystem Stopped
Logical Disk Manager C:\WINDOWS\System32\svchost.exe -k netsvcs Manual No LocalSystem Stopped
McAfee AntiSpyware Service "c:\progra~1\mcafee\mcafee antispyware\massrv.exe" Auto No LocalSystem Running
McAfee SecurityCenter Update Manager C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe Manual No LocalSystem Stopped
McAfee Task Scheduler c:\PROGRA~1\mcafee.com\agent\mctskshd.exe Auto No LocalSystem Running
McAfee WSC Integration c:\program files\mcafee.com\agent\mcdetect.exe Auto Yes LocalSystem Running
McAfee.com McShield c:\PROGRA~1\mcafee.com\vso\mcshield.exe Auto No LocalSystem Running
Messenger C:\WINDOWS\system32\svchost.exe -k netsvcs Disabled No LocalSystem Stopped
Movielink Core Service "C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE" Disabled Yes LocalSystem Stopped
MS Software Shadow Copy Provider C:\WINDOWS\system32\dllhost.exe /Processid:{1E98BFB3-99AA-4A44-A942-ACF27D74F377} Manual No LocalSystem Stopped
Net Logon C:\WINDOWS\system32\lsass.exe Manual No LocalSystem Stopped
NetMeeting Remote Desktop Sharing C:\WINDOWS\system32\mnmsrvc.exe Manual Yes LocalSystem Stopped
Network Connections C:\WINDOWS\System32\svchost.exe -k netsvcs Manual Yes LocalSystem Running
Network DDE DSDM C:\WINDOWS\system32\netdde.exe Disabled No LocalSystem Stopped
Network DDE C:\WINDOWS\system32\netdde.exe Disabled No LocalSystem Stopped
Network Location Awareness (NLA) C:\WINDOWS\system32\svchost.exe -k netsvcs Manual No LocalSystem Running
Network Provisioning Service C:\WINDOWS\System32\svchost.exe -k netsvcs Manual No LocalSystem Stopped
NT LM Security Support Provider C:\WINDOWS\system32\lsass.exe Manual No LocalSystem Stopped
NVIDIA Display Driver Service C:\WINDOWS\system32\nvsvc32.exe Auto No LocalSystem Running
Performance Logs and Alerts C:\WINDOWS\system32\smlogsvc.exe Manual No NT Authority\NetworkService Stopped
Plug and Play C:\WINDOWS\system32\services.exe Auto No LocalSystem Running
Portable Media Serial Number Service C:\WINDOWS\System32\svchost.exe -k netsvcs Manual No LocalSystem Stopped
Print Spooler C:\WINDOWS\system32\spoolsv.exe Auto Yes LocalSystem Running
Protected Storage C:\WINDOWS\system32\lsass.exe Auto Yes LocalSystem Running
QoS RSVP C:\WINDOWS\system32\rsvp.exe Manual No LocalSystem Stopped
Remote Access Auto Connection Manager C:\WINDOWS\system32\svchost.exe -k netsvcs Manual No LocalSystem Stopped
Remote Access Connection Manager C:\WINDOWS\system32\svchost.exe -k netsvcs Manual No LocalSystem Running
Remote Desktop Help Session Manager C:\WINDOWS\system32\sessmgr.exe Manual No LocalSystem Stopped
Remote Procedure Call (RPC) Locator C:\WINDOWS\system32\locator.exe Manual No NT AUTHORITY\NetworkService Stopped
Remote Procedure Call (RPC) C:\WINDOWS\system32\svchost -k rpcss Auto No NT AUTHORITY\NetworkService Running
Removable Storage C:\WINDOWS\system32\svchost.exe -k netsvcs Manual No LocalSystem Stopped
Routing and Remote Access C:\WINDOWS\system32\svchost.exe -k netsvcs Disabled No LocalSystem Stopped
Secondary Logon C:\WINDOWS\System32\svchost.exe -k netsvcs Auto Yes LocalSystem Running
Security Accounts Manager C:\WINDOWS\system32\lsass.exe Auto No LocalSystem Running
Security Center C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
Server C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
Shell Hardware Detection C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
Smart Card C:\WINDOWS\System32\SCardSvr.exe Manual No NT AUTHORITY\LocalService Stopped
SSDP Discovery Service C:\WINDOWS\system32\svchost.exe -k LocalService Manual No NT AUTHORITY\LocalService Running
System Event Notification C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
System Restore Service C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
Task Scheduler C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
TCP/IP NetBIOS Helper C:\WINDOWS\system32\svchost.exe -k LocalService Auto No NT AUTHORITY\LocalService Running
Telephony C:\WINDOWS\System32\svchost.exe -k netsvcs Manual No LocalSystem Running
Terminal Services C:\WINDOWS\System32\svchost -k DComLaunch Manual No LocalSystem Running
Themes C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
Uninterruptible Power Supply C:\WINDOWS\System32\ups.exe Manual No NT AUTHORITY\LocalService Stopped
Universal Plug and Play Device Host C:\WINDOWS\system32\svchost.exe -k LocalService Manual No NT AUTHORITY\LocalService Stopped
Volume Shadow Copy C:\WINDOWS\System32\vssvc.exe Manual No LocalSystem Stopped
WebClient C:\WINDOWS\system32\svchost.exe -k LocalService Auto No NT AUTHORITY\LocalService Running
Windows Audio C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
Windows Defender Service "C:\Program Files\Windows Defender\MsMpEng.exe" Auto No LocalSystem Running
Windows Firewall/Internet Connection Sharing (ICS) C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
Windows Image Acquisition (WIA) C:\WINDOWS\system32\svchost.exe -k imgsvc Auto No LocalSystem Running
Windows Installer C:\WINDOWS\system32\msiexec.exe /V Manual No LocalSystem Stopped
Windows Management Instrumentation C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running
Windows Time C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
Windows User Mode Driver Framework C:\WINDOWS\system32\wdfmgr.exe Auto No NT AUTHORITY\LocalService Running
Wireless Zero Configuration C:\WINDOWS\System32\svchost.exe -k netsvcs Auto No LocalSystem Running
WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe Auto No LocalSystem Running
WMI Performance Adapter C:\WINDOWS\system32\wbem\wmiapsrv.exe Manual No LocalSystem Stopped
Workstation C:\WINDOWS\system32\svchost.exe -k netsvcs Auto No LocalSystem Running

Running Processes - What's This?
Process Name Version Vendor PID CPU/s Threads Memory Handles Sockets
alg.exe 2636 00:00:04 6 280 KB 103 1
csrss.exe 604 00:04:36 12 2884 KB 633 0
CTDVDDET.exe 1.0.3.0 Creative Technology Ltd 1892 00:00:04 1 524 KB 51 0
CTSVCCDA.EXE 1.0.1.0 Creative Technology Ltd 1948 00:00:01 2 108 KB 29 0
CTSysVol.exe 1.4.1.0 Creative Technology Ltd 1828 00:00:07 2 888 KB 66 0
ewido.exe 4, 0, 0, 172 Anti-Malware Development a.s. 1384 00:21:10 13 2376 KB 6118 0
explorer.exe 6.00.2900.2180 (x... Microsoft Corporation 1728 00:03:57 15 30704 KB 568 0
firefox.exe 1.8.0.4: 2006050817 Mozilla Corporation 3756 00:02:00 11 74376 KB 298 15
gdtask.exe 7, 0, 0, 1 FarStone Technology Inc. 1936 00:00:02 1 536 KB 79 0
guard.exe 4, 0, 0, 172 Anti-Malware Development a.s. 1984 00:01:41 8 7212 KB 62 0
hpztsb04.exe 2,80,0,0 HP 1804 00:00:03 1 892 KB 38 0
IEXPLORE.EXE 6.00.2900.2180 (x... Microsoft Corporation 3976 00:32:42 45 56520 KB 1647 12
incdsrv.exe 4, 3, 14, 1 Nero AG 1100 00:00:02 10 916 KB 147 0
LookInMyPC.exe 1.0.0.5 Solid Oak Software, Inc. 2624 00:00:00 6 7820 KB 122 0
lsass.exe 5.1.2600.2180 (xp... Microsoft Corporation 708 00:03:34 21 2400 KB 379 2
MASAlert.exe 2.1.0.112 McAfee, Inc. 272 00:00:11 2 3216 KB 120 0
MASSrv.exe 2.1.0.112 McAfee, Inc. 192 00:00:41 18 32184 KB 810 0
mcagent.exe 6, 0, 0, 16 McAfee, Inc 148 00:00:08 2 736 KB 130 0
Mcdetect.exe 6, 0, 0, 19 McAfee, Inc 544 00:00:02 5 1704 KB 103 0
McShield.exe 11.0.0.151 McAfee Inc. 672 00:19:24 18 20304 KB 177 0
McTskshd.exe 6, 0, 0, 13 McAfee, Inc 1004 00:00:06 2 1668 KB 82 0
McVSEscn.exe 10, 0, 0, 20 McAfee, Inc. 168 00:00:06 2 748 KB 113 0
mcvsftsn.exe 10, 0, 0, 19 McAfee, Inc. 2360 00:00:12 3 1004 KB 153 0
mcvsshld.exe 10, 0, 0, 22 McAfee, Inc. 2012 00:00:09 2 1880 KB 124 0
MSASCui.exe 1.1.1347.0 Microsoft Corporation 404 00:00:19 22 12732 KB 555 0
MsMpEng.exe 1.1.1347.0 Microsoft Corporation 1020 00:40:58 15 12768 KB 270 0
msmsgs.exe 4.7.3001 Microsoft Corporation 2692 00:00:03 2 972 KB 147 0
MsPMSPSv.exe 7.00.00.1954 Microsoft Corporation 1620 00:00:02 2 140 KB 43 0
nost_LM.exe 3.0 Unknown 780 00:00:11 1 1452 KB 57 0
notepad.exe 5.1.2600.2180 (xp... Microsoft Corporation 3656 00:00:00 1 3300 KB 34 0
nvsvc32.exe 6.14.10.9131 NVIDIA Corporation 1240 00:02:20 3 1512 KB 114 0
oasclnt.exe 10, 0, 0, 24 McAfee, Inc. 2020 00:00:04 2 560 KB 80 0
razerhid.exe 1, 0, 0, 1 Unknown 1916 00:00:06 2 484 KB 70 0
razerofa.exe 4.0.0.4 Razer Inc. 2320 00:00:04 1 276 KB 18 0
razertra.exe 1, 0, 0, 1 Unknown 268 00:00:06 1 420 KB 46 0
rundll32.exe 5.1.2600.2180 (xp... Microsoft Corporation 1988 00:00:07 1 368 KB 28 0
services.exe 5.1.2600.2180 (xp... Microsoft Corporation 696 00:04:42 16 2036 KB 323 0
smss.exe 5.1.2600.2180 (xp... Microsoft Corporation 552 00:00:00 3 96 KB 22 0
soundman.exe 5.1.0.29 Realtek Semiconductor Corp. 1812 00:00:06 2 716 KB 58 0
spoolsv.exe 5.1.2600.2696 (xp... Microsoft Corporation 1552 00:01:50 15 2044 KB 147 0
SpybotSD.exe 1.4.0.3 Safer Networking Limited 2860 00:05:35 2 19044 KB 1119 0
svchost.exe 1252 00:00:22 6 1196 KB 100 8
svchost.exe 1348 00:00:10 13 740 KB 187 2
svchost.exe 948 00:00:03 11 1496 KB 380 1
svchost.exe 5.1.2600.2180 (xp... Microsoft Corporation 1072 00:03:11 78 17884 KB 1678 2
svchost.exe 5.1.2600.2180 (xp... Microsoft Corporation 1336 00:00:11 7 1484 KB 129 0
svchost.exe 5.1.2600.2180 (xp... Microsoft Corporation 864 00:00:06 17 1780 KB 218 0
System Idle Process 0 17:28:23 1 28 KB 0 0
System 4 00:08:16 87 44 KB 396 5
wdfmgr.exe 1296 00:00:02 4 128 KB 65 0
winlogon.exe 5.1.2600.2180 (xp... Microsoft Corporation 652 00:00:06 16 2252 KB 425 0
wmiprvse.exe 2896 00:09:34 12 5132 KB 219 0

Registry Run Entries - What's This?
Name
[ROOT KEY] - HKEY_LOCAL_MACHINE:
[KEY] Software\Microsoft\Windows\CurrentVersion\Run
-HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
-SoundMan=SOUNDMAN.EXE
-CTSysVol=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
-CTDVDDET=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
-SBDrvDet=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
-razer=C:\Program Files\Razer\razerhid.exe
-GameDrive=C:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore
-NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
-NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
-VSOCheckTask="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
-VirusScan Online=C:\Program Files\McAfee.com\VSO\mcvsshld.exe
-OASClnt=C:\Program Files\McAfee.com\VSO\oasclnt.exe
-MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-MCUpdateExe=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
-_AntiSpyware=c:\progra~1\mcafee\MCAFEE~1\masalert.exe
-Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
-SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[KEY] Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
No values found
[ROOT KEY] - HKEY_CURRENT_USER:
[KEY] Software\Microsoft\Windows\CurrentVersion\Run
-MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

Attached Thumbnails

#11
Flrman1

Posted 27 July 2006 - 05:02 PM

Malware Assassin

Retired Staff
6,596 posts

* I am attaching a fix2.zip file to this post. Download it and save it to your desktop. Unzip it to extract the fix2.reg file it contains.

Doubleclick on the fix2.reg file to add it to the registry. Answer yes to confirm the merge.

Now run another scan with Spybot and see if it still finds that entry.

* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan