There is a piece of code which comes up - looks like a file location
Trojan Spy - smitfraud.c [CLOSED]
Started by
j-alexander
, Jun 22 2005 01:00 PM
#16
Posted 30 June 2005 - 01:05 PM
#17
Posted 30 June 2005 - 01:13 PM
I get this: (Build 2600.xpsp_sp2_rtm.040803-2158: Service Pack 2)
thats the exact information I get at the top of the safe mode screen.
Don't know how helpful this is.
J-alexander
thats the exact information I get at the top of the safe mode screen.
Don't know how helpful this is.
J-alexander
#18
Posted 30 June 2005 - 01:30 PM
Ah, so that means you can boot in safe mode.
That message is normal.
So, it's better we uninstall SP2 here.... so read here for different instructions how to uninstall it:
http://www.compphix....tallingsp2.html
That message is normal.
So, it's better we uninstall SP2 here.... so read here for different instructions how to uninstall it:
http://www.compphix....tallingsp2.html
#19
Posted 30 June 2005 - 01:34 PM
Safe mode appears - but I can't do anything. It appears, and disappears more quickly than it came. All that happens is a constant loop of restarts.
I can't get as far as any of the normal (or safe mode) menus appearing.
That's why I'm finding it difficult to attempt any type of system restore/uninstallation.
Thanks,
J-alexander
I can't get as far as any of the normal (or safe mode) menus appearing.
That's why I'm finding it difficult to attempt any type of system restore/uninstallation.
Thanks,
J-alexander
Edited by j-alexander, 30 June 2005 - 01:35 PM.
#20
Posted 30 June 2005 - 01:53 PM
Do you have your original XP cdrom?
Because we're going to need recovery console.
You need to follow next steps exactly described on this site:
http://support.micro...om/?kbid=875355
Because we're going to need recovery console.
You need to follow next steps exactly described on this site:
http://support.micro...om/?kbid=875355
#21
Posted 30 June 2005 - 01:58 PM
No problems - I'll do this tomorrow at some point and get back to you with the results.
Thanks for all the help so far!!
J-alexander
Thanks for all the help so far!!
J-alexander
#22
Posted 30 June 2005 - 02:10 PM
Ok.. success.
#23
Posted 04 July 2005 - 10:36 AM
Ever noticed - once you start getting somewhere with a problem you soon hit a brick wall?
Well it's happened again - tried to do a system restore but tripped up at step 5 - I don't know any administrator password (because I've never had one). I've tried all sorts - the product ID, nothing at all, all of my passwords (dating back since I had the laptop). I've also tried things like "default", "12345" and "abcd". Nothing works.
Hopefully you can help
Thanks,
J-alexander
Well it's happened again - tried to do a system restore but tripped up at step 5 - I don't know any administrator password (because I've never had one). I've tried all sorts - the product ID, nothing at all, all of my passwords (dating back since I had the laptop). I've also tried things like "default", "12345" and "abcd". Nothing works.
Hopefully you can help
Thanks,
J-alexander
#24
Posted 04 July 2005 - 10:50 AM
Hmm.. already tried to fill in nothing and just press OK.
Or use admin as login and admin as password?
Also take a look here:
http://www.kellys-ko...p_passwords.htm
This is the only thing I can think of right now.
Or use admin as login and admin as password?
Also take a look here:
http://www.kellys-ko...p_passwords.htm
This is the only thing I can think of right now.
#25
Posted 04 July 2005 - 12:55 PM
I just tried typing in "admin" as the password..but that doesnt work. There isn't any option to put in a user name - it just asks for the system administrator password. Putting in nothing and so hitting return when the option to put in the password appears doesn't work either. I can't think why this doesn't work as I have never had a password for the administrator.
The link you gave me would be useful, but I can't get into DOS or any other operational mode and so I can't implement any of the options listed there.
Really confusing and frustrating - nothing worse than passwords! (except smitfraud.c)
Thanks,
J-alexander
The link you gave me would be useful, but I can't get into DOS or any other operational mode and so I can't implement any of the options listed there.
Really confusing and frustrating - nothing worse than passwords! (except smitfraud.c)
Thanks,
J-alexander
#26
Posted 04 July 2005 - 01:09 PM
I am sorry to hear that.
I am really out of ideas now and I also don't have many knowledge about this and how to fix it. Assuming you can't use recovery console either..
Maybe post your problem about the passwords or how to restore your XP in general in the appropiate section of this forum? I'm pretty sure someone with much more knowledge about this will help you soon.
http://www.geekstogo...2003_NT-f5.html
I am really out of ideas now and I also don't have many knowledge about this and how to fix it. Assuming you can't use recovery console either..
Maybe post your problem about the passwords or how to restore your XP in general in the appropiate section of this forum? I'm pretty sure someone with much more knowledge about this will help you soon.
http://www.geekstogo...2003_NT-f5.html
#27
Posted 04 July 2005 - 03:05 PM
I've posted about the password problem on the other forum. If worst comes to worse I'm just gonna re-install windows. Nothing else for it.
Hopefully it won't come to that though.
Thanks for all your help so far (I'll keep you posted),
J-alexander
Hopefully it won't come to that though.
Thanks for all your help so far (I'll keep you posted),
J-alexander
#28
Posted 04 July 2005 - 03:21 PM
Glad I could help you and sorry I can't help you any further with this.
#29
Posted 04 July 2005 - 03:55 PM
Glad I could help you and sorry I can't help you any further with this.
It's no problem, honestly, if it comes to it the hard-drive wont know what hit it and smitfraud (and everything else for that matter) will be wiped clean. I'd just rather try with you guys that obliterate the data stored.
Your help has been very much appreciated, and coachwife6's help also.
Thanks,
J-alexander
#30
Posted 05 July 2005 - 10:52 AM
Ok - back on track now - the loop has ended - the operating system is back in use and the removal of smitfraud.c can be resumed.
Here's the most recent (new) hijackthis log which was requested.
Note: Wont be upgrading to SP1a till after smitfraud.c is gone .
Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 17:43:50, on 05/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\lexpps.exe
C:\wp.exe
C:\Documents and Settings\john stephen\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=2346
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...GB_ZSzeb029AXGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {00203AA7-BCC8-4009-9716-6509F28DA918} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {00203AA7-BCC8-4009-9716-6509F28DA918} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {14771B69-2503-4BE3-9014-CAC285AC3B4B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {14771B69-2503-4BE3-9014-CAC285AC3B4B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest....chm::/file.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F920A57-5116-4CEB-8C93-46AB3A2D429F}: NameServer = 194.168.4.100,194.168.8.100
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
Thanks,
J-alexander
Here's the most recent (new) hijackthis log which was requested.
Note: Wont be upgrading to SP1a till after smitfraud.c is gone .
Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 17:43:50, on 05/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\lexpps.exe
C:\wp.exe
C:\Documents and Settings\john stephen\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=2346
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...GB_ZSzeb029AXGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {00203AA7-BCC8-4009-9716-6509F28DA918} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {00203AA7-BCC8-4009-9716-6509F28DA918} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {14771B69-2503-4BE3-9014-CAC285AC3B4B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {14771B69-2503-4BE3-9014-CAC285AC3B4B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B51E0E77-9820-4203-A72F-E6A1FAA6BD82} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EAFF285E-A890-441D-A5D3-75C00E48649D} - (no file) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest....chm::/file.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F920A57-5116-4CEB-8C93-46AB3A2D429F}: NameServer = 194.168.4.100,194.168.8.100
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
Thanks,
J-alexander
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users