Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfruad won't go away, computer froze [CLOSED]


  • This topic is locked This topic is locked

#16
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Lets get rid of it and see if it fixes anything!

Please reopen HiJackThis and scan your computer. Please place a check mark next to the following entries. Be sure to select only the entries that are listed below, as deleting the wrong file could cause harm to your system.

O4 - HKLM\..\Run: [P2001] p2001.exe


Next, please close all programs except for HiJackThis, and select Fix Checked.
Reboot your computer and boot into safe mode.

To boot into safe mode turn your computer on and press f8, continiously, until a menu appears. At this menu please select safemode

Once in safe mode please open Add/Remove ProgramsClick on Start
Select Control Panel
Select Add/Remove Programs
Please delete the following files from Add/Remove Programs.

Pragma

Please note any programs that you do not recognize in Add/Remove programs and list them in your next reply.
Close Add/Remove Programs

Next, open Windows Explorer. The easiest way to do this is:Click Start
Select Run
Type in Explorer
While in Windows Explorer, please delete the following Files, if they are found. Please note thay you may not find the files, please let me know if you do not find them.

p2001.exe


Reboot into normal windows, then post a new HiJackThis log.
  • 0

Advertisements


#17
keeska

keeska

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Another note: I just ran Spybot to see what has been cleaned up and PSGuard showed up! I did not have that in the beginning, must've picked it up this week even with all this stuff going on. Spybot was able to fix the PSGuard stuff, but not the Smitfraud. It still shows 36 entries of that, down from 53.

What's next or do I just throw this thing out?

Thanks,
k
  • 0

#18
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Lets see if we can get rod of Smitfraud. Dont worry, you wont have to throw this computer away :tazz:

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
  • 0

#19
keeska

keeska

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay, I got rid of the p2001.exe file, but Add/Remove did not have Pragma listed as a program. There two old Napster programs listed that won't remove.

I have the smitfiles log and a new HJT log. My system totally crashed and died in the middle of running Panda ActiveScan (Explorer has caused and error in KERNAL32.dll). I'm posting the first two logs in case this crashes again and will try Panda again right after.

Thanks for sticking this out with me!!

Logfile of HijackThis v1.99.1
Scan saved at 3:01:38 PM, on 8/27/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\DEFENDER\DEFENDER PRO 2005\KAVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\DEFENDER\DEFENDER PRO 2005\KAV.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\DEFENDER PRO LLC\DEFENDER PRO FIREWALL\KAVPF.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
F1 - win.ini: run=hpfsched
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton Uninstall Deluxe\NINIT.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Defender\Defender Pro 2005\kav.exe /minimize
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [kavsvc] C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Clean!! :tazz:
  • 0

#20
keeska

keeska

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry, I forgot the Ad-Aware log.
It was unable to delete 5 files from the C:\_restore\temp file.

Here it is:

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, August 27, 2005 11:15:39 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R62 17.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):5 total references
Coulomb Dialer(TAC index:5):1 total references
Malware.TopAntiSpyware(TAC index:10):2 total references
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R62 17.08.2005
Internal build : 72
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 509965 Bytes
Total size : 1536749 Bytes
Signature data size : 1503983 Bytes
Reference data size : 32254 Bytes
Signatures total : 42805
CSI Fingerprints total : 1012
CSI data size : 35821 Bytes
Target categories : 15
Target families : 731


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:39 %
Total physical memory:63968 kb
Available physical memory:3260 kb
Total page file size:2033180 kb
Available on page file:2018616 kb
Total virtual memory:2093056 kb
Available virtual memory:2044864 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-27-2005 11:15:39 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : .DEFAULT\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293868959
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294933303
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294955731
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:4 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294963707
Threads : 5
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:5 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294872331
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@servedby.netshelter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:52
Value : Cookie:ustina barsukoff@servedby.netshelter.net/
Expires : 9-3-2005 10:44:00 AM
LastSync : Hits:52
UseCount : 0
Hits : 52

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@sel.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:ustina barsukoff@sel.as-us.falkag.net/
Expires : 9-25-2005 8:53:56 AM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@katu.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ustina barsukoff@katu.adbureau.net/
Expires : 2-28-2007 4:59:58 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:62
Value : Cookie:ustina barsukoff@2o7.net/
Expires : 8-25-2010 6:06:04 PM
LastSync : Hits:62
UseCount : 0
Hits : 62

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ustina barsukoff@tribalfusion.com/
Expires : 12-31-2037 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:29
Value : Cookie:ustina barsukoff@zedo.com/
Expires : 8-22-2015 10:44:28 PM
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:50
Value : Cookie:ustina barsukoff@as-us.falkag.net/
Expires : 9-25-2005 8:53:56 AM
LastSync : Hits:50
UseCount : 0
Hits : 50

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@c1.zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ustina barsukoff@c1.zedo.com/
Expires : 8-26-2005 10:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ustina barsukoff@centrport.net/
Expires : 12-31-2029 5:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ustina barsukoff@as1.falkag.de/
Expires : 9-21-2005 11:40:10 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 21



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@as-us.falkag[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@as1.falkag[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@katu.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@katu.adbureau[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@sel.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@sel.as-us.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@servedby.netshelter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@servedby.netshelter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@c1.zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@c1.zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ustina barsukoff@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ustina barsukoff@centrport[1].txt

Malware.TopAntiSpyware Object Recognized!
Type : File
Data : A0069987.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : A0070623.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : A0070624.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : A0070625.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



Coulomb Dialer Object Recognized!
Type : File
Data : A0070758.0
TAC Rating : 5
Category : Dialer
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : AtlBrowser Module
FileDescription : AtlBrowser Module
InternalName : ATLBROWSER
LegalCopyright : Copyright 1999
OriginalFilename : ATLBROWSER.DLL


Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.TopAntiSpyware Object Recognized!
Type : File
Data : Desktop.htt
TAC Rating : 10
Category : Malware
Comment : File may be infected and regenerates by default
Object : C:\WINDOWS\Application Data\microsoft\internet explorer\



CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Page

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 39

11:26:23 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:44.390
Objects scanned:97378
Objects identified:28
Objects ignored:0
New critical objects:28
  • 0

#21
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Everything looks clean to me. :tazz:

How did the second attempt at PandaScan go?
  • 0

#22
keeska

keeska

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
No, Panda did not go all the way through. I was having trouble getting back online since my last post, the computer kept crashing and wouldn't open any new windows except for favorites. I finally realized it must be Spyware Guard I had just intalled, which warned me it might cause conflict. So I deleted it and now things work better.

Spybot still finds 32 entries of smitfraud, cannot delete.
One more HJT log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 4:29:45 PM, on 8/28/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\DEFENDER\DEFENDER PRO 2005\KAVSVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\DEFENDER\DEFENDER PRO 2005\KAV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\DEFENDER PRO LLC\DEFENDER PRO FIREWALL\KAVPF.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
F1 - win.ini: run=hpfsched
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton Uninstall Deluxe\NINIT.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Defender\Defender Pro 2005\kav.exe /minimize
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [kavsvc] C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro LLC\Defender Pro Firewall\KAVPF.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#23
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Normally Ewido would kill the left overs of this infection. Since you are on ME, we have to find another way to kill it. Lets try these two programs.

Please Download Trojan Hunter and aSquared

Run Trojan Hunter.

Then go here for information on how to run aSquared - Clean what it finds.

Let me know the results of these scans.
  • 0

#24
keeska

keeska

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay, installed and ran TrojanHunter, it found 2 things: AdWare.TopMoxie.102 and InfoFtp.100. Both were removed succesfully. (No mention of SmitFraud?)

A-squared found 59 malware files and removed them all.

a² Report
Filename Diagnosis
c:\WINDOWS\Cookies\name@centrport[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\name@as-us.falkag[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\name@questionmarket[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\name@tribalfusion[2].txt Trace.TrackingCookie
c:\_RESTORE\TEMP\A0034258.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0034866.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0034870.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0034872.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0035187.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0036187.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0037187.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0037357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0038357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0039357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0040357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0041357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0042357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0043357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0044357.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0044599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0045599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0046599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0047599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0048599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0049599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0050599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0049641.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0051599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0052599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0053599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0054599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0055599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0056599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0057599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0058599.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0058803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0059803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0060803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0061803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0062803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0063803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0064023.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0064803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0065803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0066803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0067803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0068803.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0069986.0 Trojan.Win32.Small.eu
c:\_RESTORE\TEMP\A0069987.1 Trojan.Win32.TopAntiSpyware.n
c:\_RESTORE\TEMP\A0069988.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0069989.0 Trojan-Downloader.Win32.Zlob.z
c:\_RESTORE\TEMP\A0069990.0 Trojan-Clicker.Win32.Agent.eg
c:\_RESTORE\TEMP\A0069991.0 Trojan.Win32.Puper.af
c:\_RESTORE\TEMP\A0069992.0 Trojan.Win32.Small.ev
c:\_RESTORE\TEMP\A0069994.0 Trojan.Win32.Puper.ag
c:\_RESTORE\TEMP\A0070446.0 Trojan.Win32.Small.eu
c:\_RESTORE\TEMP\A0070460.0 Trojan-Downloader.Win32.WinShow.u
c:\_RESTORE\TEMP\A0070870.0 Trojan.Win32.Small.eu
c:\_RESTORE\TEMP\A0070872.0 Trojan.Win32.Agent.ff

Are you familiar with the Anti-virus/firewall program Defender pro? I had it installed on my computer. After still having trouble getting online today, I deleted the whole thing and now I have no problems with the internet. Not sure why. I guess I'll have to download some other kind of anti-virus/firewall program.

New HJT log just in case there is anything else I could delete
Thank you so much again!

Logfile of HijackThis v1.99.1
Scan saved at 4:48:47 PM, on 8/29/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
F1 - win.ini: run=hpfsched
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton Uninstall Deluxe\NINIT.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#25
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Your log looks clean. Are you still having any issues with your computer?

I have never heard of that AntiVirus, but that does not mean it is bad.

If you want a free AntiVirus Program, the best is AVG Free, by grisoft.

Some of the better AntiVirus programs that require you to pay are Kaspersky and NOD32.

Let me know if you are having any other issues :tazz:
  • 0

Advertisements


#26
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP