Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Smitfraud problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Smitfraud problem

Unread postby god0fgod » November 7th, 2007, 6:22 pm

I've used all my anti spyware programs and I've gotten no where. I've also used this thing called Smitfraudfix with no luck. Please help me as I'm getting headaches now. I have the hijackthis log below. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 17:00:50, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\puabtect.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
D:\Documents and Settings\Matt\My Documents\APP THINGS\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pbtifmwm.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [bcef5b15] rundll32.exe "C:\WINDOWS\system32\ifnfryrj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [XP Tweak Mechanic] C:\Program Files\XP Tweak Mechanic\XpTweakMech.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7512496328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinema ... tycoon.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB15D32B-0C47-46B6-AC42-74B36EBA8353}: NameServer = 192.168.1.1,64.6.40.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D74C7.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\puabtect.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies. - C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Also I've had 4 smitfraud infections on this PC. Any ideas why? Just a quincidence?

PS: Great thanks to ChrisRLG for his help.
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm
Advertisement
Register to Remove

Unread postby Bob4 » November 7th, 2007, 7:28 pm

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.




Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


______________
Chris has asked me to look at your log. I will have something for you soon.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby Bob4 » November 7th, 2007, 8:06 pm

Hello again god0fgod.
Here we go.


1. Download Combo fix from one of these locations.
http://www.techsupportforum.com/sectool ... mboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply . (c:\comboFix.txt)

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall



_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from ComboFix


User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby god0fgod » November 8th, 2007, 12:49 pm

Thanks. I'm still getting the full symptoms of the infection. The logs are below.

Combo fix:

ComboFix 07-11-08.1 - Matt 2007-11-08 16:21:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.265 [GMT 0:00]
Running from: D:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\6ELYUDL9\ComboFix[1].exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\crodftsx.dll
C:\WINDOWS\system32\ogdycxys.dll
C:\WINDOWS\system32\pbtifmwm.dllbox
C:\WINDOWS\system32\syxcydgo.ini
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\vtstt.dll
D:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
D:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
D:\Documents and Settings\Marie\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Marie\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Marie\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Matt\Desktop\internet.lnk
D:\Documents and Settings\Matt\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Matt\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Matt\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Sam\Desktop\internet.lnk
D:\Documents and Settings\Sam\My Documents\internet.lnk
Z:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_IPRIP
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 16:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 22:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 22:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 22:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 22:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 22:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 16:59 79,936 --a------ C:\WINDOWS\system32\tctgtkoa.dll
2007-11-07 16:56 86,080 --a------ C:\WINDOWS\system32\ifnfryrj.dll
2007-11-07 16:53 71,232 --a------ C:\WINDOWS\system32\skfctlpf.exe
2007-11-06 17:24 4,948 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-06 17:13 81,472 --a------ C:\WINDOWS\system32\sdosmqdn.dll
2007-11-06 17:05 145,984 --a------ C:\WINDOWS\system32\pbtifmwm.dll
2007-11-06 17:04 145,984 --a------ C:\WINDOWS\system32\ypcektvw.dll
2007-11-06 17:01 71,232 --a------ C:\WINDOWS\system32\puabtect.exe
2007-11-04 17:34 78,912 --a------ C:\WINDOWS\system32\pvdabysj.dll
2007-11-04 17:30 86,080 --a------ C:\WINDOWS\system32\fwhwcqex.dll
2007-11-04 10:58 78,912 --a------ C:\WINDOWS\system32\qxayptin.dll
2007-11-02 16:31 82,496 --a------ C:\WINDOWS\system32\emdjxrxm.dll
2007-10-30 19:12 <DIR> d-------- C:\Program Files\WINROC
2007-10-26 17:37 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-26 16:03 <DIR> d-------- C:\Program Files\Paint.NET
2007-10-13 18:52 <DIR> d-------- C:\Program Files\eRightSoft
2007-10-13 18:52 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-10-13 18:52 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-10-13 13:27 <DIR> d-------- C:\Program Files\iMeXoR
2007-10-13 13:27 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-10-12 17:34 <DIR> d-------- C:\Program Files\AwinSoft
2007-10-12 16:54 <DIR> d-------- C:\Program Files\CCleaner
2007-10-10 16:29 <DIR> d-------- C:\Program Files\Magic Swf2Gif
2007-10-10 16:08 <DIR> d-------- C:\WINDOWS\Vbox
2007-10-10 16:07 <DIR> d-------- C:\WINDOWS\Noslip
2007-10-10 15:24 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 16:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-07 18:48 --------- d-----w D:\Documents and Settings\Matt\Application Data\CoreFTP
2007-11-02 21:41 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-02 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-31 21:35 --------- d-----w C:\Program Files\XoftSpySE
2007-10-30 22:19 --------- d-----w C:\Program Files\Google
2007-10-23 14:54 --------- d-----w C:\Program Files\PHP Editor
2007-10-22 09:24 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-22 09:24 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-22 09:24 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-22 09:24 --------- d-----w C:\Program Files\Symantec
2007-10-10 16:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-10-10 16:26 --------- d-----w C:\Program Files\Ulead Systems
2007-10-10 16:10 --------- d-----w D:\Documents and Settings\Matt\Application Data\Ulead Systems
2007-10-06 20:40 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-03 21:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-02 16:36 --------- d-----w C:\Program Files\OneStepSearch
2007-10-01 13:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-01 13:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-01 13:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-01 13:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-01 13:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-01 13:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-09-21 20:08 --------- d-----w C:\Program Files\ProxyWay
2007-09-16 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-09-16 16:25 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 17:19 --------- d-----w C:\Program Files\Debugmode
2007-09-15 17:19 --------- d-----w C:\Program Files\Common Files\debugmode
2007-09-10 20:10 --------- d-----w D:\Documents and Settings\Sam\Application Data\Yahoo!
2006-11-13 20:49 69,632 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb2845.dat
2006-11-13 20:49 334 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb1942.dat
2006-11-13 20:49 13,046 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb2126.dat
2006-11-13 20:49 0 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb9344.dat
2006-11-13 20:49 0 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb7183.dat
2006-11-13 20:41 20,480 ----a-w D:\Documents and Settings\Matt\Application Data\internaldb1238.dat
2006-11-13 20:41 0 ----a-w D:\Documents and Settings\Matt\Application Data\internaldb9558.dat
2006-08-20 18:55 81,920 ----a-w D:\Documents and Settings\Free Download Manager\iefdmcks.dll
2006-05-21 12:00 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-05-08 12:00 332 ----a-w D:\Documents and Settings\Marie\Application Data\wklnhst.dat
2006-05-02 16:48 0 ----a-w D:\Documents and Settings\Matt\Application Data\wklnhst.dat
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-06 17:05 145984 --a------ C:\WINDOWS\system32\pbtifmwm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc5cb60c-1d67-4fe9-b3fb-eff1b4771cfa}]
2007-11-07 16:59 79936 --a------ C:\WINDOWS\system32\tctgtkoa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pbtifmwm.dll [2007-11-06 17:05 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 12:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 13:11]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 11:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 11:14 C:\WINDOWS\sm56hlpr.exe]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2005-06-22 13:29]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"bcef5b15"="C:\WINDOWS\system32\ifnfryrj.dll" [2007-11-07 16:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 16:11]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"Steam"="d:\program files\steam\steam.exe" [2007-10-05 15:05]
"XP Tweak Mechanic"="C:\Program Files\XP Tweak Mechanic\XpTweakMech.exe" [2007-08-06 11:17]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 17:37]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-08 15:16:56]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Broadband Desktop Help.lnk - C:\Program Files\BT Broadband 210\Help\bin\matcli.exe [2007-06-08 17:43:48]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-26 17:37:03]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2006-07-29 09:13:13]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= D:\Documents and Settings\Matt\My Documents\desktop.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= D:\Documents and Settings\Matt\My Documents\Desktop2.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pbtifmwm]
pbtifmwm.dll 2007-11-06 17:05 145984 C:\WINDOWS\system32\pbtifmwm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjks32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys
R1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys
R2 Apache2.2;Apache2.2;"C:\Program Files\xampp\apache\bin\apache.exe" -k runservice
R2 Kithara-RBsoft;RBsoft Customer Driver;\??\C:\WINDOWS\system32\RBsoft.sys
R2 UMediaServer;UMediaServer;C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
S2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys
S3 Httpocksita;Httpocksita;C:\WINDOWS\system32\ie4uinit.exe
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PAP(ZyDas);PAP Blue USB Driver (ZyDas);C:\WINDOWS\system32\DRIVERS\PAPBlue.sys
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b48bb94-9412-11db-a41a-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa81bb88-c2b3-11db-a4b2-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 20:51:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-08 16:30:00 C:\WINDOWS\Tasks\Extended Warranty.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2007-11-02 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Marie.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-11-04 12:08:26 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Matt.job"
"2006-06-16 16:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Matt.job"
"2007-11-08 16:31:58 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-08 16:32:48 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-10-02 16:40:59 C:\WINDOWS\Tasks\XoftSpySE.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 16:32:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 16:37:29 - machine was rebooted
.
--- E O F ---

Hyjackthis:

Logfile of HijackThis v1.99.1
Scan saved at 16:44:18, on 08/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
C:\Program Files\xampp\apache\bin\apache.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files\steam\steam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\BT Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Matt\My Documents\APP THINGS\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\pbtifmwm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {afc1774b-1ffe-bf3b-9ef4-76d1c06bc5cd} - {dc5cb60c-1d67-4fe9-b3fb-eff1b4771cfa} - C:\WINDOWS\system32\tctgtkoa.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pbtifmwm.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [bcef5b15] rundll32.exe "C:\WINDOWS\system32\ifnfryrj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [XP Tweak Mechanic] C:\Program Files\XP Tweak Mechanic\XpTweakMech.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7512496328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinema ... tycoon.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB15D32B-0C47-46B6-AC42-74B36EBA8353}: NameServer = 192.168.1.1,64.6.40.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pbtifmwm - C:\WINDOWS\SYSTEM32\pbtifmwm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjks32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies. - C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Thanks again.
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm

Unread postby Bob4 » November 8th, 2007, 2:43 pm

god0fgod wrote:Thanks. I'm still getting the full symptoms of the infection.

Just so you know I wasn't expecting vundo ( the infection you have) to go away that quick.
We almost have it though. You have some work to do!



______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\pbtifmwm.dll
O2 - BHO: {afc1774b-1ffe-bf3b-9ef4-76d1c06bc5cd} - {dc5cb60c-1d67-4fe9-b3fb-eff1b4771cfa} - C:\WINDOWS\system32\tctgtkoa.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pbtifmwm.dll

O4 - HKLM\..\Run: [bcef5b15] rundll32.exe "C:\WINDOWS\system32\ifnfryrj.dll",b
O20 - Winlogon Notify: pbtifmwm - C:\WINDOWS\SYSTEM32\pbtifmwm.dll
O20 - Winlogon Notify: winjks32 - C:\WINDOWS\




________________________________________
Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\system32\tctgtkoa.dll
C:\WINDOWS\system32\ifnfryrj.dll
C:\WINDOWS\system32\skfctlpf.exe
C:\WINDOWS\system32\sdosmqdn.dll
C:\WINDOWS\system32\pbtifmwm.dll
C:\WINDOWS\system32\ypcektvw.dll
C:\WINDOWS\system32\puabtect.exe
C:\WINDOWS\system32\pvdabysj.dll
C:\WINDOWS\system32\fwhwcqex.dll
C:\WINDOWS\system32\qxayptin.dll
C:\WINDOWS\system32\emdjxrxm.dll
C:\WINDOWS\system32\vtstt.dll
D:\Documents and Settings\Matt\My Documents\desktop.html
D:\Documents and Settings\Matt\My Documents\Desktop2.html

Folder::

Driver::

Registry::

[--HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc5cb60c-1d67-4fe9-b3fb-eff1b4771cfa}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\dc5cb60c-1d67-4fe9-b3fb-eff1b4771cfa}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pbtifmwm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjks32]




Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.

______________________
Then Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab

Place a check mark by Desktop2.html (if present) and choose delete.




________________________________

Go to
Start/control panel/add remove programs ;
And Uninstall

OneStepSearch




_______________________________________
I need to have some files anylyzed online.

Unless you know exactly what they are.
If you know what they are and trust them just let me know.


_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste these filepaths: 1 at a time.

There are quite a few we will just have 3 examined. That should be sufficient to tell us if there good or not.


D:\Documents and Settings\Marie\Application Data\internaldb7183.dat
D:\Documents and Settings\Matt\Application Data\internaldb1238.dat
D:\Documents and Settings\Matt\Application Data\internaldb9558.dat



Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html





______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


AVG Anti-Spyware:
________________________________________
I see you have AVG anti spyware installed. Let's put it to work for us.

If the program does not automatically update itself , or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware

Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.
_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from ComboFix
  • The report from Avg antiSpyware
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby god0fgod » November 8th, 2007, 4:01 pm

Before I do the AVG part I'll return with everything so far.

ComboFix 07-11-08.1 - Matt 2007-11-08 19:25:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.238 [GMT 0:00]
Running from: D:\Documents and Settings\Matt\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Matt\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\emdjxrxm.dll
C:\WINDOWS\system32\fwhwcqex.dll
C:\WINDOWS\system32\ifnfryrj.dll
C:\WINDOWS\system32\pbtifmwm.dll
C:\WINDOWS\system32\puabtect.exe
C:\WINDOWS\system32\pvdabysj.dll
C:\WINDOWS\system32\qxayptin.dll
C:\WINDOWS\system32\sdosmqdn.dll
C:\WINDOWS\system32\skfctlpf.exe
C:\WINDOWS\system32\tctgtkoa.dll
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\ypcektvw.dll
D:\Documents and Settings\Matt\My Documents\desktop.html
D:\Documents and Settings\Matt\My Documents\Desktop2.html
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\emdjxrxm.dll
C:\WINDOWS\system32\fwhwcqex.dll
C:\WINDOWS\system32\ifnfryrj.dll
C:\WINDOWS\system32\pbtifmwm.dll
C:\WINDOWS\system32\pbtifmwm.dllbox
C:\WINDOWS\system32\puabtect.exe
C:\WINDOWS\system32\pvdabysj.dll
C:\WINDOWS\system32\qxayptin.dll
C:\WINDOWS\system32\sdosmqdn.dll
C:\WINDOWS\system32\skfctlpf.exe
C:\WINDOWS\system32\tctgtkoa.dll
C:\WINDOWS\system32\ypcektvw.dll
D:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
D:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
D:\Documents and Settings\Matt\Desktop\Live Safety Center.lnk
D:\Documents and Settings\Matt\Desktop\Online Security Guide.lnk
D:\Documents and Settings\Matt\Favorites\Online Security Guide.lnk
D:\Documents and Settings\Matt\My Documents\desktop.html
D:\Documents and Settings\Matt\My Documents\Desktop2.html

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 16:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 22:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 22:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 22:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 22:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 22:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-06 17:24 4,948 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-30 19:12 <DIR> d-------- C:\Program Files\WINROC
2007-10-26 17:37 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-26 16:03 <DIR> d-------- C:\Program Files\Paint.NET
2007-10-13 18:52 <DIR> d-------- C:\Program Files\eRightSoft
2007-10-13 18:52 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-10-13 18:52 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-10-13 13:27 <DIR> d-------- C:\Program Files\iMeXoR
2007-10-13 13:27 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-10-12 17:34 <DIR> d-------- C:\Program Files\AwinSoft
2007-10-12 16:54 <DIR> d-------- C:\Program Files\CCleaner
2007-10-10 16:29 <DIR> d-------- C:\Program Files\Magic Swf2Gif
2007-10-10 16:08 <DIR> d-------- C:\WINDOWS\Vbox
2007-10-10 16:07 <DIR> d-------- C:\WINDOWS\Noslip
2007-10-10 15:24 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 16:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-07 18:48 --------- d-----w D:\Documents and Settings\Matt\Application Data\CoreFTP
2007-11-02 21:41 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-02 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-31 21:35 --------- d-----w C:\Program Files\XoftSpySE
2007-10-30 22:19 --------- d-----w C:\Program Files\Google
2007-10-23 14:54 --------- d-----w C:\Program Files\PHP Editor
2007-10-22 09:24 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-22 09:24 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-22 09:24 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-22 09:24 --------- d-----w C:\Program Files\Symantec
2007-10-10 16:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-10-10 16:26 --------- d-----w C:\Program Files\Ulead Systems
2007-10-10 16:10 --------- d-----w D:\Documents and Settings\Matt\Application Data\Ulead Systems
2007-10-06 20:40 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-03 21:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-02 16:36 --------- d-----w C:\Program Files\OneStepSearch
2007-10-01 13:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-01 13:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-01 13:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-01 13:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-01 13:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-01 13:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-09-21 20:08 --------- d-----w C:\Program Files\ProxyWay
2007-09-16 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-09-16 16:25 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 17:19 --------- d-----w C:\Program Files\Debugmode
2007-09-15 17:19 --------- d-----w C:\Program Files\Common Files\debugmode
2007-09-10 20:10 --------- d-----w D:\Documents and Settings\Sam\Application Data\Yahoo!
2006-11-13 20:49 69,632 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb2845.dat
2006-11-13 20:49 334 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb1942.dat
2006-11-13 20:49 13,046 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb2126.dat
2006-11-13 20:49 0 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb9344.dat
2006-11-13 20:49 0 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb7183.dat
2006-11-13 20:41 20,480 ----a-w D:\Documents and Settings\Matt\Application Data\internaldb1238.dat
2006-11-13 20:41 0 ----a-w D:\Documents and Settings\Matt\Application Data\internaldb9558.dat
2006-08-20 18:55 81,920 ----a-w D:\Documents and Settings\Free Download Manager\iefdmcks.dll
2006-05-21 12:00 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-05-08 12:00 332 ----a-w D:\Documents and Settings\Marie\Application Data\wklnhst.dat
2006-05-02 16:48 0 ----a-w D:\Documents and Settings\Matt\Application Data\wklnhst.dat
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_16.33.45.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-08 19:36:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 12:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 13:11]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 11:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 11:14 C:\WINDOWS\sm56hlpr.exe]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2005-06-22 13:29]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 16:11]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"Steam"="d:\program files\steam\steam.exe" [2007-10-05 15:05]
"XP Tweak Mechanic"="C:\Program Files\XP Tweak Mechanic\XpTweakMech.exe" [2007-08-06 11:17]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 17:37]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-08 15:16:56]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Broadband Desktop Help.lnk - C:\Program Files\BT Broadband 210\Help\bin\matcli.exe [2007-06-08 17:43:48]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-26 17:37:03]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2006-07-29 09:13:13]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= D:\Documents and Settings\Matt\My Documents\desktop.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= D:\Documents and Settings\Matt\My Documents\Desktop2.html
FriendlyName=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys
R1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys
R2 Apache2.2;Apache2.2;"C:\Program Files\xampp\apache\bin\apache.exe" -k runservice
R2 Kithara-RBsoft;RBsoft Customer Driver;\??\C:\WINDOWS\system32\RBsoft.sys
R2 UMediaServer;UMediaServer;C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
S2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys
S3 Httpocksita;Httpocksita;C:\WINDOWS\system32\ie4uinit.exe
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PAP(ZyDas);PAP Blue USB Driver (ZyDas);C:\WINDOWS\system32\DRIVERS\PAPBlue.sys
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b48bb94-9412-11db-a41a-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa81bb88-c2b3-11db-a4b2-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 20:51:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-08 19:30:00 C:\WINDOWS\Tasks\Extended Warranty.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2007-11-02 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Marie.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-11-08 18:28:37 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Matt.job"
"2006-06-16 16:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Matt.job"
"2007-11-08 19:36:19 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-08 19:37:22 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-10-02 16:40:59 C:\WINDOWS\Tasks\XoftSpySE.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 19:37:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 19:40:37 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-08 16:37
.
--- E O F ---


No symptoms are current now.

Desktop2.html is something I've made. Should I remove it?

OneStepSearch isn't on add/remove programs.

D:\Documents and Settings\Marie\Application Data\internaldb7183.dat - 0 bytes uploaded.

D:\Documents and Settings\Matt\Application Data\internaldb1238.dat - Nothing found.

D:\Documents and Settings\Matt\Application Data\internaldb9558.dat - 0 bytes uploaded.

I've run CCleaner after updating.

I'll be back with a hijackthis log and AVG antispyware log.
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm

Unread postby Bob4 » November 8th, 2007, 4:07 pm

If you made
Desktop2.html
You don't have to remove it.
It was removed by comboFix.
You can find it in c:/qoobox.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby god0fgod » November 9th, 2007, 12:32 pm

Hello. I'm sorry the AVG antispyware went over the night. I'm getting a pop up from norton anti virus about a "trojan.vundo" which doesn't sound good. All smitfraud symptoms have been removed however. Logs below. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 16:31:08, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
C:\Program Files\xampp\apache\bin\apache.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\BT Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
D:\Documents and Settings\Matt\My Documents\APP THINGS\hijackthis\HijackThis.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [XP Tweak Mechanic] C:\Program Files\XP Tweak Mechanic\XpTweakMech.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7512496328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinema ... tycoon.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB15D32B-0C47-46B6-AC42-74B36EBA8353}: NameServer = 192.168.1.1,64.6.40.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMediaServer - Unreal Streaming Technologies. - C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 03:38:33 09/11/2007

+ Scan result:



HKU\S-1-5-21-3576533622-73733308-564853311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3576533622-73733308-564853311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18668683-731C-48FA-B1B9-AD013748FB00} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3576533622-73733308-564853311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4D74AAA-A178-4463-846B-B4BC87A024E0} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\matrix_screensaver.exe -> Adware.Givefree : Cleaned with backup (quarantined).
HKU\S-1-5-21-3576533622-73733308-564853311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned with backup (quarantined).
C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe -> Adware.TrafficSol : Cleaned with backup (quarantined).
D:\program files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs -> Not-A-Virus.BadJoke.JS.RJump : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq865.tmp -> TrackingCookie.247realmedia : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A2.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A3.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A4.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A5.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A6.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq866.tmp -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@atoc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@eurostar.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@livenation.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@trinitymirror.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@geosign.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@heritagegalleries.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@nettexmedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@primediabusiness.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@sevenoneintermedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@adserver.71i[1].txt -> TrackingCookie.71i : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@lovefreegames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86A.tmp -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86C.tmp -> TrackingCookie.Adjuggler : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq870.tmp -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@netli.media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq873.tmp -> TrackingCookie.Adtech : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq874.tmp -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq875.tmp -> TrackingCookie.Adviva : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87C.tmp -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq880.tmp -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq882.tmp -> TrackingCookie.Burstbeacon : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq883.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq884.tmp -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq885.tmp -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq889.tmp -> TrackingCookie.Cj : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@uk.cj[1].txt -> TrackingCookie.Cj : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq886.tmp -> TrackingCookie.Clickbank : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq887.tmp -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ads.guardian.co[2].txt -> TrackingCookie.Co : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88A.tmp -> TrackingCookie.Commission-junction : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88F.tmp -> TrackingCookie.Dealtime : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@www.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq890.tmp -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@e-2dj6wfl4qgdpwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@e-2dj6wflicidjmfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@e-2dj6wjkoehcjcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@e-2dj6wjlyalcjeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@e-2dj6wjmigoajelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@e-2dj6wjnyajcjmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfl4kidzchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkigjcjsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkoogdpaeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfl4ukdpmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgliagdpokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjkoqgczodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjlyspdjmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjnyshdzeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq897.tmp -> TrackingCookie.Euroclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq898.tmp -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq894.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89F.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A0.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A1.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A2.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A3.tmp -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-associatednewmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-autotrader.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-baa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-debenhams.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-hotgroup.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-logantod.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-rodale.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-systemax.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ehg-warnerbrothers.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-bbc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-digg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-foxmovies.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-futurepub.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-gamespot.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-ghd.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-gucciamericainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-ignitemedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-ladbrokes.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-littlewoods.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-mgnlimited.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-myspaceinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-triseptsoultions.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-ubisoft.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A4.tmp -> TrackingCookie.Hitslink : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A5.tmp -> TrackingCookie.Hotlog : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A9.tmp -> TrackingCookie.Information : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8AC.tmp -> TrackingCookie.Intelli-direct : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@www.intelli-tracker[1].txt -> TrackingCookie.Intelli-tracker : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B2.tmp -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@auto.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@auto.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B5.tmp -> TrackingCookie.Navrcholu : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B6.tmp -> TrackingCookie.Netflame : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@overture[2].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8BB.tmp -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88E.tmp -> TrackingCookie.Pro-market : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8BD.tmp -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C0.tmp -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C1.tmp -> TrackingCookie.Revsci : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq893.tmp -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq881.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C3.tmp -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C4.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C5.tmp -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C7.tmp -> TrackingCookie.Spylog : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8CA.tmp -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8CC.tmp -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8CE.tmp -> TrackingCookie.Tracking101 : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D1.tmp -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D2.tmp -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D6.tmp -> TrackingCookie.Webtrends : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq869.tmp -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Marie\Cookies\marie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D9.tmp -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\Sam\Cookies\sam@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm

Unread postby Bob4 » November 9th, 2007, 1:23 pm

No reason to apologize.


It's very likely by now that the detection from Vundo is a left over in a system restore point that Nortons is warning you about.
I see no signs of it.
Let's get one final scan to confirm.
This one will also take a while. So be prepared.


______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.




_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Kasperskys
  • I see there imay be another operating system here on the D:/drive ( Sam) Is this correct ?]
    Please let me know.

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby god0fgod » November 9th, 2007, 5:28 pm

My browser doesn't seem to like Kaspersky very much. Can I use one of the trials instead? My browser (bt yahoo as internet explorer is highly risky) wouldn't respond and the scanner wasn't going anywhere. This happened at 47%. It did find some viruses and infections in that time.

Should I try again in internet explorer maybe?

Sam is another windows user account on this computer. Unlike Matt and Marie it is limited.
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm

Unread postby Bob4 » November 9th, 2007, 5:45 pm

Yes I am sorry. You should by all means use internet explorer for the scan.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby god0fgod » November 10th, 2007, 7:48 am

Sorry I'm having problems with phpbb2 at the moment so I'm unable to make big posts so please look here for information - http://www.godofgod.co.uk/information.txt
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm

Unread postby Bob4 » November 10th, 2007, 10:47 am

Ok the most of Kasperskys shows stuff in Nortons quarintined folder. Let's empty that now.

As I do not use Nortons Anti virus I am unsure as to how to empty this folder using the program itself.
Have a look around at the program and see if you can't find something called quarintine and have it deleted.
If you can't I'm sure someone here has used it and we can figure that out.

Please let me know.



________________________________
You may delete the smitfraud.exe now. This tool is updated often so no reason to have an outdated version.

D:\Documents and Settings\Matt\Desktop\SmitfraudFix


________________________________________
Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\Program Files\XP Tweak Mechanic\osgluz118.exe
C:\Program Files\Yahoo!\Installs\btyh.exe




Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.



[___________________________________
Please create a 'clean' System Restore Point:

The reason for doing this is in case you need system restore you don't put back all we just took out.
Also I want to see if Norton's quits barking about Vundo from a system restore point.
Usually Kasperskys will show infected system restore points. But we didn't get that far. :cry:
I feel quite confident Vundo is no longer active on your machine.

Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT NOW

Now go right back to the same place and uncheck system restore This will automatically create a new restore point.
Click APPLYand OK



_________________________
In your next reply I would like to see:

  • The report from ComboFix
  • Let me know if Nortons has quit barking at you about Vundo.
  • How do things seem to be running in general?

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby god0fgod » November 10th, 2007, 11:25 am

Before I do everything else I'll post the combofix log:

ComboFix 07-11-08.1 - Matt 2007-11-10 15:20:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.272 [GMT 0:00]
Running from: D:\Documents and Settings\Matt\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Matt\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\XP Tweak Mechanic\osgluz118.exe
C:\Program Files\Yahoo!\Installs\btyh.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\XP Tweak Mechanic\osgluz118.exe
C:\Program Files\Yahoo!\Installs\btyh.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-08 20:05 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 16:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 22:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 22:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 22:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 22:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 22:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-06 17:24 4,948 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-30 19:12 <DIR> d-------- C:\Program Files\WINROC
2007-10-26 17:37 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-26 16:03 <DIR> d-------- C:\Program Files\Paint.NET
2007-10-13 18:52 <DIR> d-------- C:\Program Files\eRightSoft
2007-10-13 18:52 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-10-13 18:52 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-10-13 13:27 <DIR> d-------- C:\Program Files\iMeXoR
2007-10-13 13:27 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-10-12 17:34 <DIR> d-------- C:\Program Files\AwinSoft
2007-10-12 16:54 <DIR> d-------- C:\Program Files\CCleaner
2007-10-10 16:29 <DIR> d-------- C:\Program Files\Magic Swf2Gif
2007-10-10 16:08 <DIR> d-------- C:\WINDOWS\Vbox
2007-10-10 16:07 <DIR> d-------- C:\WINDOWS\Noslip
2007-10-10 15:24 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 15:22 --------- d-----w C:\Program Files\XP Tweak Mechanic
2007-11-10 10:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-08 22:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 22:03 --------- d-----w C:\Program Files\Microsoft Games
2007-11-07 18:48 --------- d-----w D:\Documents and Settings\Matt\Application Data\CoreFTP
2007-11-02 21:41 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-31 21:35 --------- d-----w C:\Program Files\XoftSpySE
2007-10-30 22:19 --------- d-----w C:\Program Files\Google
2007-10-23 14:54 --------- d-----w C:\Program Files\PHP Editor
2007-10-22 09:24 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-22 09:24 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-22 09:24 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-22 09:24 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-22 09:24 --------- d-----w C:\Program Files\Symantec
2007-10-10 16:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-10-10 16:26 --------- d-----w C:\Program Files\Ulead Systems
2007-10-10 16:10 --------- d-----w D:\Documents and Settings\Matt\Application Data\Ulead Systems
2007-10-06 20:40 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-10-03 21:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-02 16:36 --------- d-----w C:\Program Files\OneStepSearch
2007-10-01 13:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-01 13:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 13:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-01 13:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-01 13:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-01 13:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-01 13:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-01 13:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-09-21 20:08 --------- d-----w C:\Program Files\ProxyWay
2007-09-16 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-09-16 16:25 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 17:19 --------- d-----w C:\Program Files\Debugmode
2007-09-15 17:19 --------- d-----w C:\Program Files\Common Files\debugmode
2007-09-10 20:10 --------- d-----w D:\Documents and Settings\Sam\Application Data\Yahoo!
2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2006-11-13 20:49 69,632 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb2845.dat
2006-11-13 20:49 334 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb1942.dat
2006-11-13 20:49 13,046 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb2126.dat
2006-11-13 20:49 0 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb9344.dat
2006-11-13 20:49 0 ----a-w D:\Documents and Settings\Marie\Application Data\internaldb7183.dat
2006-11-13 20:41 20,480 ----a-w D:\Documents and Settings\Matt\Application Data\internaldb1238.dat
2006-11-13 20:41 0 ----a-w D:\Documents and Settings\Matt\Application Data\internaldb9558.dat
2006-08-20 18:55 81,920 ----a-w D:\Documents and Settings\Free Download Manager\iefdmcks.dll
2006-05-21 12:00 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-05-08 12:00 332 ----a-w D:\Documents and Settings\Marie\Application Data\wklnhst.dat
2006-05-02 16:48 0 ----a-w D:\Documents and Settings\Matt\Application Data\wklnhst.dat
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_16.33.45.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2005-05-24 12:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
- 2007-09-07 10:29:00 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 15:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
- 2007-09-07 10:29:00 946,176 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-08-29 15:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-11-10 10:34:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_bbc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 12:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 13:11]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 11:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 11:14 C:\WINDOWS\sm56hlpr.exe]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2005-06-22 13:29]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 16:11]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"Steam"="d:\program files\steam\steam.exe" [2007-10-05 15:05]
"XP Tweak Mechanic"="C:\Program Files\XP Tweak Mechanic\XpTweakMech.exe" [2007-08-06 11:17]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 17:37]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-08 15:16:56]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Broadband Desktop Help.lnk - C:\Program Files\BT Broadband 210\Help\bin\matcli.exe [2007-06-08 17:43:48]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-26 17:37:03]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2006-07-29 09:13:13]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= D:\Documents and Settings\Matt\My Documents\desktop.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source= D:\Documents and Settings\Matt\My Documents\Desktop2.html
FriendlyName=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys
R1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys
R2 Apache2.2;Apache2.2;"C:\Program Files\xampp\apache\bin\apache.exe" -k runservice
R2 Kithara-RBsoft;RBsoft Customer Driver;\??\C:\WINDOWS\system32\RBsoft.sys
R2 UMediaServer;UMediaServer;C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
S2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys
S3 Httpocksita;Httpocksita;C:\WINDOWS\system32\ie4uinit.exe
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PAP(ZyDas);PAP Blue USB Driver (ZyDas);C:\WINDOWS\system32\DRIVERS\PAPBlue.sys
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b48bb94-9412-11db-a41a-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa81bb88-c2b3-11db-a4b2-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 20:51:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-10 15:00:00 C:\WINDOWS\Tasks\Extended Warranty.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2007-11-09 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Marie.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-11-09 21:20:59 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Matt.job"
"2006-06-16 16:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Matt.job"
"2007-11-10 10:35:49 C:\WINDOWS\Tasks\XoftSpy.job"
"2007-11-10 10:37:30 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-02 16:40:59 C:\WINDOWS\Tasks\XoftSpySE.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 15:22:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 15:23:50
C:\ComboFix2.txt ... 2007-11-08 19:40
C:\ComboFix3.txt ... 2007-11-08 16:37
.
--- E O F ---
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm

Re: Smitfraud problem

Unread postby god0fgod » November 11th, 2007, 6:28 pm

Sorry I've been having troubles with posting when the board was running phpbb2 but now it's phpbb3 so no problem :)

My post:

I reset the restore points. Norton antiviruses quarintined files have been removed. Norton antivirus hasn't said anything about vundo and my computer seems clean. Anything else?

Do you think it's best not to use internet explorer as that seems to get hacked easily? I'm going to be using linux soon so malware will be much less a problem.

Thanks again.
god0fgod
Regular Member
 
Posts: 24
Joined: November 7th, 2007, 5:51 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 497 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware