1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Spyfalcon removal

Discussion in 'Malware and Virus Removal Archive' started by CherinJerry, 2006/05/19.

  1. 2006/05/19
    CherinJerry

    CherinJerry Inactive Thread Starter

    Joined:
    2006/05/19
    Messages:
    6
    Likes Received:
    0
    I have already followed all of the steps to remove this but it still sits on my taskbar and has a little pop-up. It is no longer in my add/remove programs and None of the files can be located. Here is a copy of the log from SmitFraudFix v2.45

    Scan done at 21:00:11.03, Fri 05/19/2006
    Run from C:\Documents and Settings\Cheri\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cheri\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»»


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31} "= "AutoDisc Ware "

    [HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @= "C:\WINDOWS\system32\sbnudh.dll "

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @= "C:\WINDOWS\system32\sbnudh.dll "


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    CherinJerry,
    #1
  2. 2006/05/20
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    CherinJerry - Welcome to the Board :)

    You have some infections remaining ......

    Download HijackThis.exe through Quicklinks in my signature and save it to a folder on your hard drive, say C:\ HJT, not to the Desktop or a temporary location. Do not run it yet.

    You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.

    Boot into Safe Mode and log onto your usual account.
    In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

    The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process - a copy of this file is saved as C:\rapport.txt.

    Stay or reboot into Safe Mode and double click on hijackthis.exe and 'Scan and save a log file' - this will be saved in the folder from which you ran HJT.

    Reboot into Normal Mode and post the contents of the SmitfraudFix log located at C:\rapport.txt and the HJT log into this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/05/20
    CherinJerry

    CherinJerry Inactive Thread Starter

    Joined:
    2006/05/19
    Messages:
    6
    Likes Received:
    0
    Thanks so much for helping me. I did everything you said and it is still there. Here are the reports. I have to work today so I wont be able to check back for about 12 hours. Once again, Thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:37 AM, on 5/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm472YYUS
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.2.0.30/threepoint/threepoint-ob-assets.cab
    O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/omaha/omaha-ob-assets.cab
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.5.42/aces/aces-ob-assets.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-6.1.0.39/slots/alibaba-ob-assets.cab
    O16 - DPF: All-Star Football Challenge by pogo - http://game1.pogo.com/applet-6.5.4.27/allstarfb2/allstarfb2-en_US.cab
    O16 - DPF: Armored Attack by pogo - http://game4.pogo.com/applet-6.1.0.39/cctank/cctank-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.2.2.66/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.1.41/blackjack/blackjack-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.5.3.44/canasta/canasta-en_US.cab
    O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/checkers2/checkers-ob-assets.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.2.3.36/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
    O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.2.5.42/soccer/soccer-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.2.4.23/euchre/euchre-ob-assets.cab
    O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.0.4.31/bingo/bingoe-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.5.4.27/superbingo/superbingo-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.1.4.22/hearts/hearts-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool2/pool-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet-5.9.4.30/itsoutofhere/itsoutofhere-ob-assets.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.4.29/jigsaw/jigsaw-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.3.36/gin/gin-ob-assets.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.5.42/lottso/lottso-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.5.2.33/mahjong/mahjong-en_US.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.4.29/mlslots/mlslots-ob-assets.cab
    O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.2.1.34/nascar/nascar-ob-assets.cab
    O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paigow/paigow-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://game5.pogo.com/applet-6.1.3.21/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://game4.pogo.com/applet-6.0.2.21/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.42/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://game1.pogo.com/applet-6.2.0.30/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.3.28/flinger/flinger-ob-assets.cab
    O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.2.51/pinochle/pinochle-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.2.32/poppit/poppit-ob-assets.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.2.33/hotstreak/hotstreak-en_US.cab
    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.20/slots/scifi-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.1.4.22/slots/showbiz-ob-assets.cab
    O16 - DPF: Spades by pogo - http://game3.pogo.com/applet-6.1.2.32/spades/spades-ob-assets.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.42/spider/spider-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.5.42/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.5.4.27/topdown2/topdown2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.5.29/peaks/peaks-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.28/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.2.0.30/vertskater/vertskater-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.37/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.5.21/whackdown/whackdown-ob-assets.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.3.39/wordjong/wordjong-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.2.32/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
    O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E2B469B-7444-42C3-BE28-7A54E05AC049} (PrintCtrl Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPRTC.CAB
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb10.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab28578.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe




    SmitFraudFix v2.45

    Scan done at 10:50:43.51, Sat 05/20/2006
    Run from C:\Documents and Settings\Cheri\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    CherinJerry,
    #3
  5. 2006/05/20
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Cheri

    We are not finished yet - that is the purpose of the HJT log, to see what remains and there is some :)

    Scan again with HJT and put a check mark against these entries and hit Fix selected ....

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Reboot.
     
    PeteC,
    #4
  6. 2006/05/26
    CherinJerry

    CherinJerry Inactive Thread Starter

    Joined:
    2006/05/19
    Messages:
    6
    Likes Received:
    0
    OK..I did that and it still remains. What a stubborn bugger. Anything else that I need to do?
     
    CherinJerry,
    #5
  7. 2006/05/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please post another HJT log from Safe Mode - I forgot to ask for that last time :(
     
    PeteC,
    #6
  8. 2006/05/26
    CherinJerry

    CherinJerry Inactive Thread Starter

    Joined:
    2006/05/19
    Messages:
    6
    Likes Received:
    0
    OK, good . I just did that as I was waiting ..

    Logfile of HijackThis v1.99.1
    Scan saved at 2:18:20 PM, on 5/26/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm472YYUS
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.2.0.30/threepoint/threepoint-ob-assets.cab
    O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/omaha/omaha-ob-assets.cab
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.5.42/aces/aces-ob-assets.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-6.1.0.39/slots/alibaba-ob-assets.cab
    O16 - DPF: All-Star Football Challenge by pogo - http://game1.pogo.com/applet-6.5.4.27/allstarfb2/allstarfb2-en_US.cab
    O16 - DPF: Armored Attack by pogo - http://game4.pogo.com/applet-6.1.0.39/cctank/cctank-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.2.2.66/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.1.41/blackjack/blackjack-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-6.0.0.32/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.5.3.44/canasta/canasta-en_US.cab
    O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/checkers2/checkers-ob-assets.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.2.3.36/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
    O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.2.5.42/soccer/soccer-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.2.4.23/euchre/euchre-ob-assets.cab
    O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.0.4.31/bingo/bingoe-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.5.4.27/superbingo/superbingo-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.21/harvest/harvest-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.1.4.22/hearts/hearts-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.4.27/drawpoker/drawpoker-en_US.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool2/pool-ob-assets.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet-5.9.4.30/itsoutofhere/itsoutofhere-ob-assets.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.4.29/jigsaw/jigsaw-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.3.29/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.3.36/gin/gin-ob-assets.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.5.42/lottso/lottso-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.5.2.33/mahjong/mahjong-en_US.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.4.29/mlslots/mlslots-ob-assets.cab
    O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.2.1.34/nascar/nascar-ob-assets.cab
    O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paigow/paigow-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://game5.pogo.com/applet-6.1.3.21/freecell/freecell-ob-assets.cab
    O16 - DPF: Pebble Beach Golf by pogo - http://game4.pogo.com/applet-6.0.2.21/pebble/pebble-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.42/waterwheel/waterwheel-ob-assets.cab
    O16 - DPF: Perfect Passer by pogo - http://game1.pogo.com/applet-6.2.0.30/perfectpasser/perfectpasser-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.3.28/flinger/flinger-ob-assets.cab
    O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.2.51/pinochle/pinochle-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popfu/popfu-ob-assets.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.2.32/poppit/poppit-ob-assets.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.2.33/hotstreak/hotstreak-en_US.cab
    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.20/slots/scifi-ob-assets.cab
    O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.1.4.22/slots/showbiz-ob-assets.cab
    O16 - DPF: Spades by pogo - http://game3.pogo.com/applet-6.1.2.32/spades/spades-ob-assets.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.42/spider/spider-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.5.42/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.5.4.27/topdown2/topdown2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.5.29/peaks/peaks-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.28/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.1.27/turbo21/turbo21-ob-assets.cab
    O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.2.0.30/vertskater/vertskater-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://game5.pogo.com/applet-6.0.4.37/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.5.21/whackdown/whackdown-ob-assets.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.3.39/wordjong/wordjong-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.2.32/worldclass/worldclass-ob-assets.cab
    O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
    O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8E2B469B-7444-42C3-BE28-7A54E05AC049} (PrintCtrl Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPRTC.CAB
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb10.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab28578.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
     
    CherinJerry,
    #7
  9. 2006/05/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Well, your log looks clean to me - I suggest you run SmitfraudFix again - option 1 and post the log.
     
    PeteC,
    #8
  10. 2006/05/26
    CherinJerry

    CherinJerry Inactive Thread Starter

    Joined:
    2006/05/19
    Messages:
    6
    Likes Received:
    0
    SmitFraudFix v2.45

    Scan done at 16:15:26.62, Fri 05/26/2006
    Run from C:\Documents and Settings\Cheri\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cheri\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Cheri\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31} "= "AutoDisc Ware "

    [HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @= "C:\WINDOWS\system32\sbnudh.dll "

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @= "C:\WINDOWS\system32\sbnudh.dll "


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    thanks again.......
     
    CherinJerry,
    #9
  11. 2006/05/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Boot into Safe Mode and run SmitfraudFix again - this time select option #4. The program will scan and fix the Registry and delete corresponding infected files on your computer, it may take a while.

    When complete boot into normal mode and post the log (C:\rapport.txt)
     
    PeteC,
    #10
  12. 2006/05/26
    CherinJerry

    CherinJerry Inactive Thread Starter

    Joined:
    2006/05/19
    Messages:
    6
    Likes Received:
    0
    Thank you , Thank you...It is finally gone. I did have to shut off my DSL modem afterwards because something happened there. Everything was fine when I turned it back on. Here is the rapport thing. I thinks its all gone...Thanks:D

    SmitFraudFix v2.45

    Scan done at 21:28:57.73, Fri 05/26/2006
    Run from C:\Documents and Settings\Cheri\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Before GenericRenosFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{89aef01d-d237-49c7-84dc-4e1904c1fd31} "= "AutoDisc Ware "

    [HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @= "C:\WINDOWS\system32\sbnudh.dll "

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
    @= "C:\WINDOWS\system32\sbnudh.dll "


    »»»»»»»»»»»»»»»»»»»»»»»» GenericRenosFix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\sbnudh.dll -> Hoax.Win32.Renos.gen
    C:\WINDOWS\system32\sbnudh.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» After GenericRenosFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
     
    CherinJerry,
    #11
  13. 2006/05/27
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    You're welcome - glad to hear we chased down and nailed the critter - eventually :D
     
    PeteC,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...