Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Zlob.Trojan in XP


  • This topic is locked This topic is locked

#1
nthn75075

nthn75075

    Member

  • Member
  • PipPip
  • 15 posts
Hi, I'm Nathan

I've got a a Zlob.Trojan infection. While the computer seems to be running fine, I need to do some sensitive online stuff soon, and I really don't want people seeing some of the numbers that I may have to type in.

I've run all the stuff asked before running a Hijack this log, and have also tried both smitfraudfix and smitrem.

Here's my log, uninstall list, and Panda active Scan

Logfile of HijackThis v1.99.1
Scan saved at 8:40:15 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://202.67.220.23...=md2_spybot_1_3
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround

Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2

\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet

Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1

\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google

Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) -

http://costco.intern...x/PCAXSetup.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32

\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32

\npkcsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe




Uninstall list

123 DVD Converter
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
AIM 6.0
AOL Instant Messenger
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
Canon Camera Window for ZoomBrowser EX
Canon i860
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CC_ccProxyMSI
CC_ccStart
ccCommon
CleanUp!
Conexant D850 56K V.9x DFVc Modem
Creative MediaSource
Dance Dance Revolution
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (766)
Diablo
Digital Line Detect
DVD Decrypter (Remove Only)
DVD Identifier
DVD Shrink 3.2
DVDSentry
Easy-WebPrint
Google Earth
Google Talk (remove only)
Guild Wars
GunboundWC
Hijackthis 1.99.1
HijackThis 1.99.1
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
K-Lite Codec Pack 2.80 Full
LANBridge
LiveReg (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Middadle
mIRC
Modem Helper
Mozilla Firefox (2.0.0.1)
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
NetWaiting
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
nProtect KeyCrypt
OIN
Panda ActiveScan
PowerDVD
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
Spybot - Search & Destroy 1.3
SpyHunter
SpywareBlaster v3.5.1
Starcraft
StepMania (remove only)
SUPERAntiSpyware Free Edition
Symantec Script Blocking Installer
Sysnet
TaxACT 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Web Browser Component Manager
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows VisFx Components
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WordPerfect Office 11
XviD & MP3 Codec Pack (remove only)




Activescan


Incident Status Location

Adware:adware/powersearch Not disinfected c:\windows\system32\stlb2.xml
Adware:adware/statblaster Not disinfected c:\windows\system32\WBCMUninst.exe
Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini
Adware:adware/sidesearch Not disinfected c:\windows\sepsd.bin
Spyware:spyware/media-motor Not disinfected c:\windows\ubber60.ini
Adware:adware/imgiant Not disinfected c:\program files\joystick networks
Adware:adware/delfinmedia Not disinfected c:\documents and settings\all users\application data\vidctrl
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:adware/outerinfo Not disinfected Windows Registry
Adware:adware/esyndicate Not disinfected Windows Registry
Adware:adware/pacimedia Not disinfected Windows Registry
Spyware:spyware/apropos Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/elitebar Not disinfected Windows Registry
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.realmedia.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[server.iad.liveperson.net/hc/84815040]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.clickbank.net/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.statcounter.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.ccbill.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.burstnet.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.burstnet.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.go.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.serving-sys.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[fe.lea.lycos.fr/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.azjmp.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.uol.com.br/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[server.iad.liveperson.net/hc/79170937]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.target.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\nw\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\Local Settings\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\Cache\3EFBEAA3d01[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\My Documents\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\nw\My Documents\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.overture.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.target.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[www48.seeq.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt[.belnk.com/]
Adware:Adware/Cmap Not disinfected C:\Program Files\CMAPP\Client\cmappupdate.exe[cmappclient.exe]
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\abrras.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Cursors\avplay.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Cursors\iisvga.exe
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[uninstaller.exe]
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[clicks.dll]
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[Updater.exe]
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\fixit.exe[Watcher.exe]
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Help\runfont.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Microsoft.NET\olew.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\MSAGENT\olebak.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Registration\faxole.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\Registration\iiswms.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\REPAIR\cabjpeg.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\SYSTEM\sap.exe
Virus:Trj/Downloader.GNB Disinfected C:\WINDOWS\SYSTEM32\dckn.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV4.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\lanbruns.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[exdl.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[exul.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][adv.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][adx.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[adp8040_MARKETING51.exe][²èÇ]
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[nls8039_MARKETING51.exe][²èÇ]
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[nls8039_MARKETING51.exe][nls.exe]
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][mscb.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][cashback.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][cb.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][flash.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_click_wider.swf]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_auto_wider.swf]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_welcome.html]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][bb_welcome1.swf]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][icon.gif]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[cb8040_MARKETING51.exe][logo.gif]
Adware:Adware/404Search Not disinfected C:\WINDOWS\SYSTEM32\package_MARKETING51.exe[exclean.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\uninstaller.exe



Thanks for your time. You guys at Geeks to Go have helped me before and I have to say you're the best on the web.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello nthn75075

Welcome to G2Go. :whistling:
My name is Kahdah and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers,so there may be a delay between posts.

I will be back with you as soon as possible.
  • 0

#3
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello nthn75075

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

(Note:When you save your next hjt log please make sure that Wordwrap is unckecked in Notepad.
You can check it by going to the top of the Notepad document and click Edit make sure that Word wrap is unchecked.

  • 0

#4
nthn75075

nthn75075

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Alright, here are the logs:

Combofix

"nw" - 07-01-14 19:05:45 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\combofix"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\cmapp


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 19:03 <DIR> d-------- C:\combofix
2007-01-14 14:04 <DIR> d-------- C:\DOCUME~1\al\Application Data\AVG7
2007-01-13 17:47 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-13 14:58 <DIR> d-------- C:\DOCUME~1\yk\Application Data\AVG7
2007-01-13 13:48 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-13 12:52 <DIR> d-------- C:\DOCUME~1\nw\Application Data\AVG7
2007-01-13 12:52 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-13 12:51 816,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2007-01-13 12:51 4,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2007-01-13 12:51 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
2007-01-13 12:51 28,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2007-01-13 12:51 18,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
2007-01-13 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-13 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-13 12:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-13 12:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-13 12:47 <DIR> d-------- C:\DOCUME~1\nw\Application Data\SUPERAntiSpyware.com
2007-01-13 12:31 3,800 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-13 12:30 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe
2007-01-13 12:30 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-01-13 12:30 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-01-13 12:30 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2007-01-13 12:30 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-01-13 12:30 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2007-01-12 20:17 <DIR> d-------- C:\Program Files\SpywareBot
2007-01-12 19:58 <DIR> d-------- C:\Program Files\Enigma Software Group
2006-12-27 23:00 <DIR> d-------- C:\DOCUME~1\nw\Application Data\acccore
2006-12-27 23:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2006-12-27 22:56 <DIR> d-------- C:\Program Files\AIM6
2006-12-27 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 19:02 -------- d-------- C:\Program Files\mozilla firefox
2007-01-13 19:17 -------- d-------- C:\Program Files\winamp
2007-01-13 19:14 -------- d-------- C:\Program Files\quicktime
2007-01-13 19:13 -------- d-------- C:\Program Files\norton internet security
2007-01-13 19:10 -------- d-------- C:\Program Files\messenger
2007-01-13 19:04 -------- d-------- C:\Program Files\digital line detect
2007-01-13 18:34 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-13 17:58 -------- d--h----- C:\Program Files\installshield installation information
2007-01-13 12:51 -------- d-------- C:\Program Files\grisoft
2007-01-12 20:12 -------- d-------- C:\Program Files\spywareblaster
2007-01-10 23:33 -------- d-------- C:\Program Files\viewpoint
2007-01-07 16:09 -------- d-------- C:\DOCUME~1\nw\Application Data\adobeum
2006-12-28 00:48 -------- d-------- C:\Program Files\aim
2006-12-27 22:57 -------- d-------- C:\Program Files\Common Files\aol
2006-12-21 12:45 -------- d-------- C:\Program Files\gwfreaks
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-12-04 20:54 -------- d-------- C:\DOCUME~1\nw\Application Data\winamp
2006-12-02 14:39 -------- d-------- C:\DOCUME~1\nw\Application Data\media player classic
2006-11-27 20:54 -------- d-------- C:\DOCUME~1\nw\Application Data\u3
2006-11-27 20:04 -------- d-------- C:\Program Files\k-lite codec pack
2006-11-23 00:21 -------- d-------- C:\Program Files\ac3filter
2006-11-18 15:46 -------- d-------- C:\Program Files\stepmania
2006-11-16 02:00 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 09:48 1138688 --a------ C:\WINDOWS\SYSTEM32\xvidcore.dll
2006-11-07 23:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-11-03 13:35 217088 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\SYSTEM32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"Aim6"=""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"mmtask"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SpyHunter"=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nw^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\nw\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\nw\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgmgr52"
"hkey"="HKLM"
"command"="RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1124501765\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpigqlb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qpigqlb"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\qpigqlb.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sysnet"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\nw\\LOCALS~1\\Temp\\sysnet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"akvkwqnu.exe"="C:\\WINDOWS\\system\\akvkwqnu.exe"
"xjupmhqb.exe"="C:\\WINDOWS\\system\\xjupmhqb.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fd70048-4e7b-11db-804e-001111001cd6}]
Shell\AutoRun\command F:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - nw.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-14 19:10:41





HJT:

Logfile of HijackThis v1.99.1
Scan saved at 19:21, on 07-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.67.220.23...=md2_spybot_1_3
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://costco.intern...x/PCAXSetup.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello nthn75075

You currently have Two Anti-virus programs running on your computer.
This alone can cause major computer issues.(ie:Conflicts,locking up,crashing. etc...)

Please uninstall Norton Internet Security.
To do this:
*Click on Start
*Navigate to Control Panel
*Click Add/Remove Programs
*Scroll down until you see Norton Internet Security
*Click Remove

Close Control Panel.

Then download this >> Norton Removal Tool to completely remove the Norton products from your computer.

AVG is free and reliable.

You will need to download and install ONE firewall to keep your system better protected.
Here are some free ones to use.
Kerio personal firewall
or
Zone Alarm.

This link will explain how to use firewalls to better understand them, Firewall tutorial


After that please download the Killbox by Option^Explicit.
Note:In the event you already have Killbox, this is a new version that I need you to download.
*Save it to your desktop.

Please update your AVG Anti-Spyware.
To do this
[*]locate the icon on the desktop and double-click it to start the program.
[*]On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

    After that Close AVG Anti-Spyware

    After that please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    **Do not do anything with the above tools yet**


    Please open up Notepad and copy all of the items in the code box below.
    Change the "Save As Type" to "All Files". Save it as fix.reg on your Desktop.
    Make sure there is NO blank line above "Windows Registry Editor Version 5.00"

    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpigqlb]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
    "akvkwqnu.exe"=-
    "xjupmhqb.exe"=-
    

    Locate fix.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.



    After that Run Killbox:
  • Please double-click Killbox.exe to run it.
  • Select:
  • "Delete on Reboot
  • then Click on the "All Files" button.
[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\WINDOWS\SYSTEM32\tmp.reg
C:\Documents and Settings\nw\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\qpigqlb.EXE
C:\DOCUME~1\nw\LOCALS~1\Temp\sysnet.exe
C:\WINDOWS\system\akvkwqnu.exe
C:\WINDOWS\system\xjupmhqb.exe
c:\windows\system32\stlb2.xml
c:\windows\system32\WBCMUninst.exe
c:\windows\sepsd.bin
c:\windows\ubber60.ini
c:\documents and settings\all users\application data\vidctrl
C:\WINDOWS\abrras.exe
C:\WINDOWS\Cursors\avplay.exe
C:\WINDOWS\Cursors\iisvga.exe
C:\WINDOWS\fixit.exe
C:\WINDOWS\SYSTEM32\InstallerV4.exe
C:\WINDOWS\SYSTEM32\lanbruns.exe
C:\WINDOWS\SYSTEM32\package_MARKETING51.exe
C:\WINDOWS\uninstaller.exe


[*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
[*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.
If your computer does not restart automatically, please restart it manually

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then please go to the Control Panel > Add/Remove Programs and remove the following:
(If some of these are not present do not be alarmed)

CMAPP
Middadle
OIN
Joystick networks
SpywareBot
Sysnet
Viewpoint Manager (Remove Only)
Viewpoint Media Player


Close control panel.


Using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete these folders:

C:\Program Files\CMAPP
C:\Program Files\Middadle
C:\Program Files\OIN
c:\program files\joystick networks
C:\Program Files\SpywareBot
C:\Program Files\Sysnet
C:\Program Files\Viewpoint

Close Windows Explorer.

Now run ATF cleaner:
Double-click ATF-Cleaner.exe to run the program.(It is on your Desktop)
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then run AVG antispyware.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
[*]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"
[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

After that Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with these logs:
*New Hjt log
*AVG Anti-Spyware log
*Kaspersky online scan.


And also tell me how things are running. :whistling:
  • 0

#6
nthn75075

nthn75075

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ty again

Alright here's an update: I have yet to install either of the firewalls you recommended because I'm fairly certain I have a hardware firewall (Netgear router) and I know that firewalls can interfere with each other. Do you still think I should install one of the software ones you recommended? However, I did all your other instructions.

My computer seems to be running fine, but I know there's some virus activity running. New files keep popping up where ever I download things (including things you've asked me to download). And antivirus stuff recognizes them as viruses and on one occasion, a Trojan downloader. Should I delete these if I find them or wait for further instructions from you? I'm afraid if I leave it on my computer, it'll continue to download new malware.


HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 14:58, on 07-01-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.67.220.23...=md2_spybot_1_3
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://costco.intern...x/PCAXSetup.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe






AVG Antispyware log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 03:30 07-01-15

+ Scan result:



C:\!KillBox\uninstaller.exe -> Adware.WildMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062934.exe -> Adware.WildMedia : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.32:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.21:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.10:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.14:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.15:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.18:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.19:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.7:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.8:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.9:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.22:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.46:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.47:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.48:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\68movza5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\yk\Application Data\Mozilla\Firefox\Profiles\wlq1d0rb.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end





Kaspersky online scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
07-01-15 14:54
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/01/2007
Kaspersky Anti-Virus database records: 258612
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 152703
Number of viruses found: 17
Number of infected objects: 110 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:38:32

Infected Object Name / Virus Name / Last Action
C:\!KillBox\fixit.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\!KillBox\fixit.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\!KillBox\fixit.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\!KillBox\fixit.exe NSIS: infected - 3 skipped
C:\!KillBox\InstallerV4.exe/data0001 Infected: not-a-virus:AdWare.Win32.SafeSurfing.o skipped
C:\!KillBox\InstallerV4.exe NSIS: infected - 1 skipped
C:\!KillBox\lanbruns.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped
C:\!KillBox\lanbruns.exe NSIS: infected - 1 skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0004/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0004/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.aa skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0004/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0004/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0004/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0004/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.CashBack.b skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\!KillBox\package_MARKETING51.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\!KillBox\package_MARKETING51.exe/stream Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\!KillBox\package_MARKETING51.exe NSIS: infected - 20 skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d39d50585f242d62c565734ddbe6972a_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\cert8.db Object is locked skipped
C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\history.dat Object is locked skipped
C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\key3.db Object is locked skipped
C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\parent.lock Object is locked skipped
C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\search.sqlite Object is locked skipped
C:\Documents and Settings\nw\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\nw\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\nw\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\nw\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\nw\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\nw\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\nw\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\AOL OCP\AIM\Storage\data\fuzzybeans611\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\AOL OCP\AIM\Storage\data\n0whereman08\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\AOL OCP\AIM\Storage\data\sirsleepy15\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Application Data\Mozilla\Firefox\Profiles\f53003eh.default1\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\nw\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Temp\Perflib_Perfdata_3e0.dat Object is locked skipped
C:\Documents and Settings\nw\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nw\ntuser.dat Object is locked skipped
C:\Documents and Settings\nw\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pm\My Documents\Documents\Stuff\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\pm\My Documents\Documents\Stuff\mirc616.exe mIRC: infected - 1 skipped
C:\Documents and Settings\pm\My Documents\download\realquietdream\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059674.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059674.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059674.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059674.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059679.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059679.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059679.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP349\A0059679.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0059807.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0059807.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0059807.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0059807.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0061577.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0061577.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062930.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062930.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062930.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062930.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062931.exe/data0001 Infected: not-a-virus:AdWare.Win32.SafeSurfing.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062931.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062932.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062932.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0004/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0004/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.aa skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0004/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0004/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0004/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0004/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.CashBack.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe/stream Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0062933.exe NSIS: infected - 20 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063056.exe/data0003 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063056.exe/data0004 Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063056.exe/data0005 Infected: not-a-virus:AdWare.Win32.Midadle.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063056.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063057.exe/data0001 Infected: not-a-virus:AdWare.Win32.SafeSurfing.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063057.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0004/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0004/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.aa skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0004/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0004/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0004/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0004/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.CashBack.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe/stream Infected: not-a-virus:AdWare.Win32.CashBack.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\A0063058.exe NSIS: infected - 20 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP354\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bak Infected: Trojan.Win32.Qhost.r skipped
C:\WINDOWS\SYSTEM32\gad630q7.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\sxusq.dll Infected: Trojan.Win32.Crypt.o skipped
C:\WINDOWS\SYSTEM32\uryvs.dll Infected: Trojan.Win32.Crypt.o skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF Object is locked skipped

Scan process completed.
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello nthn75075

I have yet to install either of the firewalls you recommended because I'm fairly certain I have a hardware firewall (Netgear router) and I know that firewalls can interfere with each other. Do you still think I should install one of the software ones you recommended? However, I did all your other instructions.

As long as you have one firewall that is fine.
I could not see the router firewall in the log so that is why I had you download one.

My computer seems to be running fine, but I know there's some virus activity running. .

That is because there is still some things left to clean up.

New files keep popping up where ever I download things (including things you've asked me to download). And antivirus stuff recognizes them as viruses and on one occasion, a Trojan downloader. Should I delete these if I find them or wait for further instructions from you? I'm afraid if I leave it on my computer, it'll continue to download new malware.

Some tools are detected as viruses or trojans etc.. because Anti-virus companies cannot distinguish between good and bad applications they are flagged as the same.

Just a little bit left to go and you will be on your way. :whistling:

Please re-open Killbox
[*] Select:
  • "Delete on Reboot
  • then Click on the "All Files" button.
[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C


C:\WINDOWS\SYSTEM32\gad630q7.ini
C:\WINDOWS\SYSTEM32\sxusq.dll
C:\WINDOWS\SYSTEM32\uryvs.dll
C:\Documents and Settings\nw\Desktop\SmitfraudFix


[*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
[*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.[/list]If your computer does not restart automatically, please restart it manually

After reboot
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
After that please Delete any tools that I had you download.
Delete anything in Quarantine in AVG Anti-spyware.

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu on the left side of the Options window.
* Click the Clear button located to the right of each option (History, Cookies, Cache).
* Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

***Empty your recycle bin***

Then please clean up your System Restore points.
To do this:
(Windows XP)
1. Turn off System Restore.Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.
2. Reboot.

3. Turn ON System Restore.Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

Please post back with a new HJT log and let me know if you had any problems or if you have any questions. :blink:
  • 0

#8
nthn75075

nthn75075

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Everything seems to be running fine. Here's the new log

Logfile of HijackThis v1.99.1
Scan saved at 20:58, on 07-01-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.67.220.23...=md2_spybot_1_3
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://costco.intern...x/PCAXSetup.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello nthn75075

There is one more file that needs to be deleted/replaced to make sure you are clean.

Download the Hoster.
  • Unzip Hoster to a convenient folder such as C:\Hoster.
  • Run Hoster.exe from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Original Hosts and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
You can delete that after you are done using it.


Your all set. :blink:

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Sywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Cleanup-Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Google- Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

Trillian or Miranda-These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Castle Cops To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

If you have any further problems please feel free to contact G2Go.:whistling:

Edited by kahdah, 16 January 2007 - 06:34 PM.

  • 0

#10
nthn75075

nthn75075

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Heya kahdah, sorry to bother you again, but I wanna check something.

The reason I originally asked for assistance was because a freeware version of spyhunter kept picking up certain infections in my registry. Can you look at them for me plz? It could just be the program misdiagnosing it like you said, but I'd still like to check. Here's the support log from Spyhunter if you can analyze it, if not please tell me some other way I can get the info to you, because every time I scan there's more of the zlob.trojan items on the list.

Log Contents provided by Enigma Software Group, Inc.
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178
processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe
processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4
processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2
processName = ATI2EVXX.EXE File Size = 319488 File Path = C:\WINDOWS\System32\Ati2evxx.exe ModuleMD5 = ab878b0412252fd8f44de1733987cdb2
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f
processName = AVGAMSVR.EXE File Size = 343552 File Path = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe ModuleMD5 = dd4db777d2ba1e475f75015b90557795
processName = AVGUPSVC.EXE File Size = 49664 File Path = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ModuleMD5 = 30a14f65db477dc00a64a5a24e96919c
processName = CTSVCCDA.EXE File Size = 44032 File Path = C:\WINDOWS\System32\CTsvcCDA.exe ModuleMD5 = 3c8b6609712f4ff78e521f6dcfc4032b
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = MSPMSPSV.EXE File Size = 53520 File Path = C:\WINDOWS\System32\MsPMSPSv.exe ModuleMD5 = 581176f60885aef8f78c6e38dcc3cdf9
processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64
processName = CTSYSVOL.EXE File Size = 49152 File Path = C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe ModuleMD5 = c88806e6c9ae0ad88d20e1bda995355a
processName = CTHELPER.EXE File Size = 28672 File Path = C:\WINDOWS\system32\CTHELPER.EXE ModuleMD5 = 97615ab538986082787e4989e03c48f7
processName = DSENTRY.EXE File Size = 28672 File Path = C:\WINDOWS\System32\DSentry.exe ModuleMD5 = d9ee81715cc700cac1c552c247d78d8c
processName = PCMSERVICE.EXE File Size = 204800 File Path = C:\Program Files\Dell\Media Experience\PCMService.exe ModuleMD5 = 3f22eaad167797f2de16fa7968593d59
processName = TFSWCTRL.EXE File Size = 122933 File Path = C:\WINDOWS\system32\dla\tfswctrl.exe ModuleMD5 = 55877ab1f65a512fd317b640d9353dc5
processName = REALSCHED.EXE File Size = 180269 File Path = C:\Program Files\Common Files\Real\Update_OB\realsched.exe ModuleMD5 = b8e684df9a97497edd2f87444a6307fb
processName = MMTASK.EXE File Size = 53248 File Path = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe ModuleMD5 = efea5551e578ff6fe52b5db15ce13390
processName = QTTASK.EXE File Size = 282624 File Path = C:\Program Files\QuickTime\qttask.exe ModuleMD5 = 383145864f6543c97a7e1b78505d2f1c
processName = AVGCC.EXE File Size = 406016 File Path = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe ModuleMD5 = ed0163acdb2834ac8f53b3265671fb1a
processName = JUSCHED.EXE File Size = 77824 File Path = C:\Program Files\Java\jre1.6.0\bin\jusched.exe ModuleMD5 = ab74aa8defc1ca82759788a55b673629
processName = GOOGLETALK.EXE File Size = 3739648 File Path = C:\Program Files\Google\Google Talk\googletalk.exe ModuleMD5 = bcd9cbf0621f9a6767276a2e0bf1dd15
processName = SUPERANTISPYWARE.EXE File Size = 1294336 File Path = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ModuleMD5 = 6b886baa18fb72130da05aac9d09daf4
processName = TEATIMER.EXE File Size = 1415824 File Path = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ModuleMD5 = 70496eee0ddbe485f658693826f44d38
processName = DLG.EXE File Size = 24576 File Path = C:\Program Files\Digital Line Detect\DLG.exe ModuleMD5 = b66e56733e2cd6a10fda5919625fbf46
processName = SGMAIN.EXE File Size = 360448 File Path = C:\Program Files\SpywareGuard\sgmain.exe ModuleMD5 = 61c028aba5e49573a6332f4a7c744e87
processName = SGBHP.EXE File Size = 233472 File Path = C:\Program Files\SpywareGuard\sgbhp.exe ModuleMD5 = a80d0704537c0ef97db2bef24b99af1a
processName = AVGW.EXE File Size = 146432 File Path = C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe ModuleMD5 = 98f7c449d7c48666c367364655801a37
processName = FIREFOX.EXE File Size = 7620696 File Path = C:\PROGRA~1\MOZILL~1\FIREFOX.EXE ModuleMD5 = 6d05e232dde95d48fbf0d879559cd3ca
processName = AIM6.EXE File Size = 50736 File Path = C:\Program Files\AIM6\aim6.exe ModuleMD5 = b6c1d859d1c25e80ab655bd5f4a6884b
processName = AOLSOFTWARE.EXE File Size = 50736 File Path = C:\Program Files\AIM6\aolsoftware.exe ModuleMD5 = c482c535cbfefe722ec1eb7f11f680a3
processName = SPYHUNTER.EXE File Size = 2482176 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 146e80454798088ce29eff0254637ceb
###########################REGISTRY MD5 DATA###########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=ATIModeChange Data=Ati2mdxx.exe FileSize = 28672 MD5=fae95d6d7651b5629c4e19adbc9a3863
Name=ATIPTA Data=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe FileSize = 335872 MD5=1f8849f7faa7f9ac32cf8bd3ec545477
Name=CTSysVol Data=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe FileSize = 49152 MD5=c88806e6c9ae0ad88d20e1bda995355a
Name=CTDVDDet Data=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE FileSize = 45056 MD5=49530ea45ebd73e2c11c74dfebc30d57
Name=CTHelper Data=CTHELPER.EXE FileSize = 28672 MD5=97615ab538986082787e4989e03c48f7
Name=AsioReg Data=REGSVR32.EXE /S CTASIO.DLL FileSize = MD5=
Name=DVDSentry Data=C:\WINDOWS\System32\DSentry.exe FileSize = 28672 MD5=d9ee81715cc700cac1c552c247d78d8c
Name=PCMService Data="C:\Program Files\Dell\Media Experience\PCMService.exe" FileSize = 204800 MD5=3f22eaad167797f2de16fa7968593d59
Name=dla Data=C:\WINDOWS\system32\dla\tfswctrl.exe FileSize = 122933 MD5=55877ab1f65a512fd317b640d9353dc5
Name=UpdateManager Data="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r FileSize = 110592 MD5=22fd4e58d69969a9165721c797d54931
Name=TkBellExe Data="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot FileSize = 180269 MD5=b8e684df9a97497edd2f87444a6307fb
Name=mmtask Data="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" FileSize = 53248 MD5=efea5551e578ff6fe52b5db15ce13390
Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 282624 MD5=383145864f6543c97a7e1b78505d2f1c
Name=SpyHunter Data= FileSize = MD5=
Name=AVG7_CC Data=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP FileSize = 406016 MD5=ed0163acdb2834ac8f53b3265671fb1a
Name=SunJavaUpdateSched Data="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
FileSize = 77824 MD5=ab74aa8defc1ca82759788a55b673629
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=googletalk Data="C:\Program Files\Google\Google Talk\googletalk.exe" /autostart FileSize = 3739648 MD5=bcd9cbf0621f9a6767276a2e0bf1dd15
Name=Aim6 Data= FileSize = MD5=
Name=SUPERAntiSpyware Data=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe FileSize = 1294336 MD5=6b886baa18fb72130da05aac9d09daf4
Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background FileSize = 1694208 MD5=74e6e96c6f0e2eca4edbb7f7a468f259
Name=SpybotSD TeaTimer Data=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
FileSize = 1415824 MD5=70496eee0ddbe485f658693826f44d38
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background FileSize = 1694208 MD5=74e6e96c6f0e2eca4edbb7f7a468f259
Name=AVG7_Run Data=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
FileSize = 146432 MD5=98f7c449d7c48666c367364655801a37
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL>
Explorer.exe FileSize = 1032192 MD5=a0732187050030ae399b241436565e64
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT>
C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=39b1ffb03c2296323832acbae50d2aff
#############################FILE MD5 DATA#############################
<C:\Documents and Settings\nw\Start Menu\Programs\Startup>
File Path = C:\Documents and Settings\nw\Start Menu\Programs\Startup\DESKTOP.INI File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35
File Path = C:\Documents and Settings\nw\Start Menu\Programs\Startup\SpywareGuard.lnk File Size = 4096 md5=393bd14520504465eb3143455b161bc3
#############################SERVICES DATA#############################
Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = f1958fbf86d5c004cf19a5951a9514b7
Service Name = Ati HotKey Poller Service Display Name = Ati HotKey Poller Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\Ati2evxx.exe Binary Size = 319488 Binary MD5 = ab878b0412252fd8f44de1733987cdb2
Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Avg7Alrt Service Display Name = AVG7 Alert Manager Server Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Binary Size = 343552 Binary MD5 = dd4db777d2ba1e475f75015b90557795
Service Name = Avg7UpdSvc Service Display Name = AVG7 Update Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Binary Size = 49664 Binary MD5 = 30a14f65db477dc00a64a5a24e96919c
Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Creative Service for CDROM Access Service Display Name = Creative Service for CDROM Access Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\CTsvcCDA.exe Binary Size = 44032 Binary MD5 = 3c8b6609712f4ff78e521f6dcfc4032b
Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =
Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =
Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =
Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f
Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =
Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =
Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = UMWdf Service Display Name = Windows User Mode Driver Framework Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\wdfmgr.exe Binary Size = 38912 Binary MD5 = ab0a7ca90d9e3d6a193905dc1715ded0
Service Name = w32time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WMDM PMSP Service Service Display Name = WMDM PMSP Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\MsPMSPSv.exe Binary Size = 53520 Binary MD5 = 581176f60885aef8f78c6e38dcc3cdf9
Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
#############################WINLOGON DATA#############################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon Filepath = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll File Size = 258048 File MD5 = 878bd80fdc51f6074d7b664c253ede4c
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 702768 File MD5 = 147429092c26d18af550790ac102f32a
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
##########################BROWSER ADD-ON DATA##########################
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494528 File MD5 = 9792172c0b5b7d4ce1424a04a351d692
CLSID = {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} FilePath = C:\WINDOWS\System32\Shdocvw.dll File Size = 1494528 File MD5 = 9792172c0b5b7d4ce1424a04a351d692
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} FilePath = C:\WINDOWS\system32\SHELL32.dll File Size = 8453632 File MD5 = f056b4771408966694de5d9bf79b48f8
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>
CLSID = {4A368E80-174F-4872-96B5-0B27DDD11DB2} FilePath = C:\Program Files\SpywareGuard\dlprotect.dll File Size = 192512 File MD5 = 964621e8b2415feaa99026ed4f29d198
CLSID = {53707962-6F74-2D53-2644-206D7942484F} FilePath = C:\PROGRA~1\SPYBOT~1\SDHelper.dll File Size = 853672 File MD5 = 250d787a5712d7768ddc133b3e477759
CLSID = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} FilePath = C:\Program Files\Java\jre1.6.0\bin\ssv.dll File Size = 501384 File MD5 = 55a2f8ae42c4b347173f1aede5061be3
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>
CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = C:\WINDOWS\System32\msjava.dll File Size = 0 File MD5 =
CLSID = {92780B25-18CC-41C8-B9BE-3C9C571A8263} FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>
CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>
CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494528 File MD5 = 9792172c0b5b7d4ce1424a04a351d692 Description =
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler>
CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = d0959f2b453eae2bed9c6f7e74f3a620 Description = Browseui preloader
CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = d0959f2b453eae2bed9c6f7e74f3a620 Description = Component Categories cache daemon
##########################LSP CHAIN DATA##########################
<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
##########################UNINSTALL DATA##########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\123 DVD Converter_is1 DisplayName = 123 DVD Converter InstallLocation = C:\Program Files\123 DVD Converter\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal DisplayName = Ad-Aware SE Personal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AdobeESD DisplayName = Adobe Download Manager 1.2 (Remove Only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AIMToolbar
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AIM_6.0 DisplayName = AIM 6.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver DisplayName = ATI Display Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AudioHQ
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall DisplayName = AVG Free Edition
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVGAntiSpyware75 DisplayName = AVG Anti-Spyware 7.5 InstallLocation = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CANONBJ_Deinstall_CNMCP56.DLL DisplayName = Canon i860
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CleanUp! DisplayName = CleanUp!
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 DisplayName = Conexant D850 56K V.9x DFVc Modem
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MiniDisc Center
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver DisplayName = Dell Digital Jukebox Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DellSupport DisplayName = Dell Support 5.0.0 (766)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Diablo DisplayName = Diablo
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics_Audigy2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\dlatray.exe
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DVD Decrypter DisplayName = DVD Decrypter (Remove Only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DVD Identifier_is1 DisplayName = DVD Identifier InstallLocation = C:\Program Files\DVD Identifier\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DVD Shrink_is1 DisplayName = DVD Shrink 3.2 InstallLocation = C:\Program Files\DVD Shrink\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Easy-WebPrint DisplayName = Easy-WebPrint
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EAX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Guild Wars DisplayName = Guild Wars
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597} DisplayName = Canon Utilities PhotoStitch 3.1 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49} DisplayName = Canon Camera Window for ZoomBrowser EX InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0} DisplayName = Canon Utilities RemoteCapture 2.7 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} DisplayName = QuickTime InstallLocation = C:\Program Files\QuickTime\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5} DisplayName = Canon Utilities File Viewer Utility 1.2 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Kaspersky Online Scanner DisplayName = Kaspersky Online Scanner InstallLocation = C:\WINDOWS\system32\KASPER~1\KASPER~1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB870669 DisplayName = Microsoft Data Access Components KB870669
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Windows XP Hotfix - KB873333
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB883939 DisplayName = Security Update for Windows XP (KB883939)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP Hotfix - KB887742
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP Hotfix - KB888113
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Security Update for Windows XP (KB890046)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 DisplayName = Windows XP Hotfix - KB890175
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890923 DisplayName = Windows XP Hotfix - KB890923
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893066 DisplayName = Windows XP Hotfix - KB893066
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893086 DisplayName = Windows XP Hotfix - KB893086
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Security Update for Windows XP (KB893756)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB894391 DisplayName = Update for Windows XP (KB894391)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Security Update for Windows XP (KB896422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Security Update for Windows XP (KB896423)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Security Update for Windows XP (KB896424)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896688 DisplayName = Security Update for Windows XP (KB896688)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896727 DisplayName = Update for Windows XP (KB896727)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Security Update for Step By Step Interactive Training (KB898458)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Update for Windows XP (KB898461)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Security Update for Windows XP (KB899587)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899588 DisplayName = Security Update for Windows XP (KB899588)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Security Update for Windows XP (KB899591)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Update for Windows XP (KB900485)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Security Update for Windows XP (KB900725)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Security Update for Windows XP (KB901017)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901190 DisplayName = Security Update for Windows XP (KB901190)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Security Update for Windows XP (KB901214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Security Update for Windows XP (KB902400)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB903235 DisplayName = Security Update for Windows XP (KB903235)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Security Update for Windows XP (KB904706)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Security Update for Windows XP (KB905414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Security Update for Windows XP (KB905749)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905915 DisplayName = Security Update for Windows XP (KB905915)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Security Update for Windows XP (KB908519)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Security Update for Windows XP (KB908531)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Update for Windows XP (KB910437)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Security Update for Windows XP (KB911280)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Security Update for Windows XP (KB911562)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Security Update for Windows Media Player (KB911564)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911565 DisplayName = Security Update for Windows Media Player 10 (KB911565)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911567 DisplayName = Security Update for Windows XP (KB911567)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Security Update for Windows XP (KB911927)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912812 DisplayName = Security Update for Windows XP (KB912812)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Security Update for Windows XP (KB912919)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913446 DisplayName = Security Update for Windows XP (KB913446)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Security Update for Windows XP (KB913580)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Security Update for Windows XP (KB914388)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Security Update for Windows XP (KB914389)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916281 DisplayName = Security Update for Windows XP (KB916281)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Update for Windows XP (KB916595)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917159 DisplayName = Security Update for Windows XP (KB917159)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Security Update for Windows XP (KB917344)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Security Update for Windows XP (KB917422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10 DisplayName = Security Update for Windows Media Player 10 (KB917734)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Security Update for Windows XP (KB917953)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918439 DisplayName = Security Update for Windows XP (KB918439)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918899 DisplayName = Security Update for Windows XP (KB918899)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Security Update for Windows XP (KB919007)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920213 DisplayName = Security Update for Windows XP (KB920213)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920214 DisplayName = Security Update for Windows XP (KB920214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Security Update for Windows XP (KB920670)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Security Update for Windows XP (KB920683)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Security Update for Windows XP (KB920685)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Update for Windows XP (KB920872)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921398 DisplayName = Security Update for Windows XP (KB921398)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921883 DisplayName = Security Update for Windows XP (KB921883)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Update for Windows XP (KB922582)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922616 DisplayName = Security Update for Windows XP (KB922616)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922760 DisplayName = Security Update for Windows XP (KB922760)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Security Update for Windows XP (KB922819)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Security Update for Windows XP (KB923191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Security Update for Windows XP (KB923414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923689 DisplayName = Security Update for Windows XP (KB923689)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923694 DisplayName = Security Update for Windows XP (KB923694)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923980 DisplayName = Security Update for Windows XP (KB923980)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Security Update for Windows XP (KB924191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924270 DisplayName = Security Update for Windows XP (KB924270)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Security Update for Windows XP (KB924496)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64 DisplayName = Security Update for Windows Media Player 6.4 (KB925398)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925454 DisplayName = Security Update for Windows XP (KB925454)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925486 DisplayName = Security Update for Windows XP (KB925486)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926255 DisplayName = Security Update for Windows XP (KB926255)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929969 DisplayName = Security Update for Windows XP (KB929969)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1 DisplayName = K-Lite Codec Pack 2.80 Full InstallLocation = C:\Program Files\K-Lite Codec Pack\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LANBridge DisplayName = LANBridge
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M886903 DisplayName = Microsoft .NET Framework 1.1 Hotfix (KB886903)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player DisplayName = Macromedia Shockwave Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaSource DVD-Audio Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\mIRC DisplayName = mIRC
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.1) DisplayName = Mozilla Firefox (2.0.0.1) InstallLocation = C:\Program Files\Mozilla Firefox
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSN Music Assistant DisplayName = MSN Music Assistant
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\npkcxp DisplayName = nProtect KeyCrypt
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan DisplayName = Panda ActiveScan
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PhotoRecord DisplayName = Canon PhotoRecord
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PROSet DisplayName = Intel® PRO Network Adapters and Drivers
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0 DisplayName = RealPlayer
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RecordNow.exe
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SB Audigy 2 Getting Started Demo
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SFBM
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SGTRAY.EXE
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave DisplayName = Shockwave
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash DisplayName = Macromedia Flash Player 8
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy 2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy 2 Windows Drivers
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SPEAKER
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SPKR_CALIBRATOR
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1 DisplayName = Spybot - Search & Destroy 1.4 InstallLocation = C:\Program Files\Spybot - Search & Destroy\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1 DisplayName = SpywareBlaster v3.5.1 InstallLocation = C:\Program Files\SpywareBlaster\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SpywareGuard_is1 DisplayName = SpywareGuard v2.2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Starcraft DisplayName = Starcraft
Subkey Name = Sof
  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello nthn75075

I do not see anything regarding Zlob or anything else.
I would take this to be leftovers from a previous infection.


Just to be sure
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#12
nthn75075

nthn75075

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here it is, thanks again:


SmitFraudFix v2.132

Scan done at 18:04:45.12, 07-01-17
Run from C:\Documents and Settings\nw\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nw


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nw\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\nw\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello nthn75075

Please re-open Hijackthis and hit scan only.
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.67.220.23...=md2_spybot_1_3

Now close Hjt.



After that you are clean. :blink: Now you can delete Smitfraudfix.
If you do not have anymore questions then you're all set.


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Sywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Cleanup-Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Google- Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

Trillian or Miranda-These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Castle Cops To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

If you have any further problems please feel free to contact G2Go.:whistling:
  • 0

#14
nthn75075

nthn75075

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Alright everything's done. Thanks again kahdah.
  • 0

#15
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP