Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

smitfraud headaches

Started by illin , Jun 23 2005 08:16 PM

  • Please log in to reply

#31
Excal
Posted 14 September 2005 - 12:47 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
can you do this for me please:

Go to start then run. Copy and paste this in:

regedit /e c:\toolbar.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar"


No open My computer, then Cdrive.

In there you will see a file called toolnar.txt, please copy and paste that on to this post.

can you do this for me please:

Go to start then run. Copy and paste this in:

regedit /e c:\ExplBars.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars"


No open My computer, then Cdrive.

In there you will see a file called ExplBars.txt, please copy and paste that on to this post.
  • 0

Advertisements

#32
illin
Posted 14 September 2005 - 05:26 PM

illin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, did the smitfraud.reg addition/merge (it always asks me if I want to add the information to my registry- shrug). Rebooted, checked- still no search/control panel. Did the two run items- here's the log files:

Thanks,
illin

text of ExplBars.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}]
"BarSize"=hex:41,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}]
"BarSize"=hex:d3,00,00,00,00,00,00,00

**********************************************************
text of toolbar.txt:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="Links"
"Locked"=dword:00000001
"ShowDiscussionButton"="Yes"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,19,00,01,00,\
3a,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,97,01,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=hex:bf,d1,cd,42,fb,3f,38,42,8a,d1,78,\
59,df,00,b1,d6
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:b1,c2,18,23,65,49,d4,11,9b,18,00,\
90,27,a5,cd,4f
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,19,00,00,00,\
3e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,\
aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\
00,00,46,81,00,00,00,10,00,00,00,12,a8,aa,89,41,0a,c4,01,12,c8,f2,b7,5b,71,\
c5,01,12,a8,aa,89,41,0a,c4,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,4d,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\
08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,4b,2f,55,14,10,00,44,4f,43,55,4d,\
45,7e,31,00,00,44,00,03,00,04,00,ef,be,4a,2f,36,9b,cf,32,86,1c,14,00,00,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\
00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,36,00,\
31,00,00,00,00,00,8e,30,54,1b,10,00,4f,77,6e,65,72,00,22,00,03,00,04,00,ef,\
be,4b,2f,55,14,cf,32,7c,1c,14,00,00,00,4f,00,77,00,6e,00,65,00,72,00,00,00,\
14,00,56,00,31,00,00,00,00,00,b3,32,94,5b,11,00,46,41,56,4f,52,49,7e,31,00,\
00,3e,00,03,00,04,00,ef,be,88,2f,87,ab,cf,32,d4,1c,14,00,28,00,46,00,61,00,\
76,00,6f,00,72,00,69,00,74,00,65,00,73,00,00,00,40,73,68,65,6c,6c,33,32,2e,\
64,6c,6c,2c,2d,31,32,36,39,33,00,18,00,36,00,31,00,00,00,00,00,6f,30,18,1f,\
10,00,4c,69,6e,6b,73,00,22,00,03,00,04,00,ef,be,6f,30,18,1f,cf,32,59,0e,14,\
00,00,00,4c,00,69,00,6e,00,6b,00,73,00,00,00,14,00,00,00,60,00,00,00,03,00,\
00,a0,58,00,00,00,00,00,00,00,66,72,6f,64,6f,00,00,00,00,00,00,00,00,00,00,\
00,f6,42,39,86,e5,d7,65,49,8f,16,ac,9f,a6,15,0c,1a,a4,20,ae,ca,32,76,d8,11,\
b0,2b,00,0e,a6,77,59,9c,f6,42,39,86,e5,d7,65,49,8f,16,ac,9f,a6,15,0c,1a,a4,\
20,ae,ca,32,76,d8,11,b0,2b,00,0e,a6,77,59,9c,00,00,00,00
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:b1,c2,18,23,65,49,d4,11,9b,18,00,\
90,27,a5,cd,4f
  • 0

#33
Excal
Posted 16 September 2005 - 09:34 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme5.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at or above REGEDIT 4.


REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"Locked"=dword:00000000



Locate fixme5.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

reboot

then see if anything has changed.

thanks,

:tazz:

Excal
  • 0

#34
illin
Posted 24 September 2005 - 08:31 AM

illin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, I made the change, but ie, control panel, and find files didn't work. I did get a microsoft .net error window when I opened my computer to get the file from the usb drive. I saved the text of the jit script debugging- it was quite long in case it was relevant- do you want me to post it?

also, I've been trying to follow along on the registry- I see that the sick computer has a registry entry for "noControlPanel" under policies, but my work laptop doesn't. Is this something where you change the "dword" or is it ok to just delete the whole entry? Just trying to understand...

illin
  • 0

#35
Excal
Posted 24 September 2005 - 01:31 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
we set the value to 0, that was it isn't active.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Don't copy and paste the lines from infected files that are present in quarantine, recovery or backupfolders from antispywarescanner (eg adaware, spybot s&d) or your virusscanner. Those I don't need.
I don't need the infected files/lines that are present in your System Volume Information-folder.
I just want all the other infected ones apart from those above.
  • 0

#36
illin
Posted 25 September 2005 - 02:19 PM

illin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Excal, ok, everything ran fine. Mwav found 5 viruses, but it had 1774 errors (!). All the errors appeared in the window as well, so I didn't copy all of them. I did copy the first few after the five viruses so you could see what they were like. All the ones I looked at seem to indicate some file was being called that didn't exist.

In case I didn't configure the search correctly, I copied in the first ~30 lines of the log file that showed the configuration I used.

Thanks,
illin

Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "GAIN DashBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SmartFinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Sonic\Update Manager\banner.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Sonic\Update Manager\is5unin.isu". Action Taken: No Action Taken.


Piece of Mwav log:


Sun Sep 25 11:05:29 2005 => **********************************************************
Sun Sep 25 11:05:29 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Sep 25 11:05:29 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Sep 25 11:05:29 2005 => **********************************************************
Sun Sep 25 11:05:29 2005 => Version 7.1.4 (C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com)
Sun Sep 25 11:05:29 2005 => Log File: C:\DOCUME~1\Owner\LOCALS~1\Temp\MWAV.LOG
Sun Sep 25 11:05:29 2005 => MWAV Registered: FALSE.
Sun Sep 25 11:05:29 2005 => MWAV Mode: Only Scan files.
Sun Sep 25 11:05:30 2005 => Latest Date of files inside MWAV: 09 Sep 2005 08:02:44.
Sun Sep 25 11:05:32 2005 => AV Library Loaded...
Sun Sep 25 11:05:32 2005 => MWAV doing self scanning...
Sun Sep 25 11:05:32 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.exe
Sun Sep 25 11:05:32 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\Getvlist.exe
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.dll
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssdi.dll
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssi.dll
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavvlg.dll
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\msvlclnt.dll
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\ipc.dll
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\main.avi
Sun Sep 25 11:05:33 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\virus.avi
Sun Sep 25 11:05:33 2005 => MWAV files are clean.
Sun Sep 25 11:05:36 2005 => Virus Database Date: 2005/09/09
Sun Sep 25 11:05:36 2005 => Virus Database Count: 148428

Sun Sep 25 11:13:37 2005 => **********************************************************
Sun Sep 25 11:13:37 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Sep 25 11:13:37 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Sun Sep 25 11:13:37 2005 =>
Sun Sep 25 11:13:37 2005 => Support: [email protected]
Sun Sep 25 11:13:37 2005 => Web: http://www.mwti.net
Sun Sep 25 11:13:37 2005 => **********************************************************
Sun Sep 25 11:13:37 2005 => Version 7.1.4 (C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com)
Sun Sep 25 11:13:37 2005 => Log File: C:\DOCUME~1\Owner\LOCALS~1\Temp\MWAV.LOG
Sun Sep 25 11:13:37 2005 => User Account: Owner
Sun Sep 25 11:13:37 2005 => Windows Root Folder: C:\WINDOWS
Sun Sep 25 11:13:37 2005 => Windows Sys32 Folder: C:\WINDOWS\System32
Sun Sep 25 11:13:37 2005 => OS: Windows NT
Sun Sep 25 11:13:38 2005 => Latest Date of files inside MWAV: 09 Sep 2005 08:02:44.

Sun Sep 25 11:13:38 2005 => Options Selected by User:
Sun Sep 25 11:13:38 2005 => Memory Check: Enabled
Sun Sep 25 11:13:38 2005 => Registry Check: Enabled
Sun Sep 25 11:13:38 2005 => StartUp Folder Check: Enabled
Sun Sep 25 11:13:38 2005 => System Folder Check: Enabled
Sun Sep 25 11:13:38 2005 => System Area Check: Disabled
Sun Sep 25 11:13:38 2005 => Services Check: Enabled
Sun Sep 25 11:13:38 2005 => Drive Check: Disabled
Sun Sep 25 11:13:38 2005 => All Drive Check :Enabled
Sun Sep 25 11:13:38 2005 => Folder Check: Enabled
Sun Sep 25 11:13:38 2005 => Folder Selected = C:\WINDOWS
  • 0

#37
Excal
Posted 25 September 2005 - 07:35 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
You do have to clear your temp files again. Run cleanup please.
I really didn't see anything in that log :)


Can you post me a fresh HiJackthis log, i want to see soemthing.


Thanks,

:tazz:

Excal
  • 0

#38
illin
Posted 06 October 2005 - 09:22 PM

illin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, I ran cleanup, but was I supposed to rerun that last virus check program again after that? Either way, here's the hjt log for the meantime.

illin


Logfile of HijackThis v1.99.1
Scan saved at 11:12:47 PM, on 10/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse Tool\MMKEYBD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP