1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Lots of spyware on my computer

Discussion in 'Malware and Virus Removal Archive' started by sugarfree311, 2006/08/19.

  1. 2006/08/19
    sugarfree311

    sugarfree311 Inactive Thread Starter

    Joined:
    2005/07/11
    Messages:
    9
    Likes Received:
    0
    Recently, all kinds of pop-ups and stuff have been have been coming up on my computer. It runs really slowly and I get anti-spyware ads and other garbage all constantly. Here is my hijackthis log...any help would be greatly appreciated!

    Logfile of HijackThis v1.99.1
    Scan saved at 6:13:59 PM, on 8/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\80211abg\acs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\System32\TpScrLk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Media-Codec\isamonitor.exe
    C:\Program Files\Media-Codec\isamini.exe
    C:\Program Files\Media-Codec\pmsngr.exe
    C:\Program Files\Media-Codec\pmmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\yiprobpat2003\Desktop\Spyware Stuff\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://student.wfu.edu/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://student.wfu.edu/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://student.wfu.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O1 - Hosts: 152.17.2.151 codesrv1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {aafb5c85-6027-4013-9e35-117eee49b608} - C:\WINDOWS\system32\isigare.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKLM\..\Run: [ioishwa] c:\windows\system32\ioishwa.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Read It! - C:\WINDOWS\Web\toyagt.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdn32.dll
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.qwizonline.com/cabs/QOLCheck.ocx
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = deacnet.wfu.edu
    O17 - HKLM\Software\..\Telephony: DomainName = deacnet.wfu.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = deacnet.wfu.edu
    O20 - Winlogon Notify: isigare - isigare.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\System32\vwlummc.dll (file missing)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Program Files\80211abg\acs.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d= "C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
    O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
     
    sugarfree311,
    #1
  2. 2006/08/20
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Welcome to WindowsBBS Forums.

    This is one of the SmithFraud\Zlob infections, so lets use the special fix for it.

    Here is step one:

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter "; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool "; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore you may get an alert.
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2006/08/20
    sugarfree311

    sugarfree311 Inactive Thread Starter

    Joined:
    2005/07/11
    Messages:
    9
    Likes Received:
    0
    Thanks for the help. Here is the report.

    SmitFraudFix v2.81

    Scan done at 3:27:51.83, Sun 08/20/2006
    Run from C:\Documents and Settings\yiprobpat2003\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\yiprobpat2003\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\YIPROB~1\STARTM~1\Programs\SpyQuake2.com FOUND !
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\YIPROB~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Media-Codec\ FOUND !
    C:\Program Files\SpyQuake2.com\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "http://www.nba.com/media/bobcats/desktop_wallace_1.jpg "
    "SubscribedURL "= "http://www.nba.com/media/bobcats/desktop_wallace_1.jpg "
    "FriendlyName "=" "

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "hubbsi "= "{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} "


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    sugarfree311,
    #3
  5. 2006/08/20
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please follow the instructions exactly in the order listed; this is very important!

    Please download, install, and update the free version of Ewido Anti-Malware:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ".
    2. When you run Ewido for the first time, you will get a warning "Database could not be found! ". Click OK. We will fix this in a moment.
    3. From the main Ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes, the status bar at the bottom will display "Update successful "
    5. Exit Ewido. DO NOT run a scan yet.

    Reboot, into safe mode, this way:
    Turn on the computer
    Immediately begin tapping the F8 key.
    Use the arrow keys to highlight Safe Mode and press the Enter key.

    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

    The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    AFTER SmitfraudFix finishes (and after a reboot if required), please open Ewido. (If a reboot is required, please boot BACK into Safe Mode.)
    • Click on Scanner
    • Click on Complete System Scan and the scan will begin.
    • If ewido finds anything, it will pop up a notification. You can select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    • Close Ewido
    Then please restart it into Normal Windows. Please post the contents of the SmitfraudFix log located at C:\rapport.txt into this thread, along with the Ewido report and a new HijackThis log.
     
    TeMerc,
    #4
  6. 2006/08/20
    sugarfree311

    sugarfree311 Inactive Thread Starter

    Joined:
    2005/07/11
    Messages:
    9
    Likes Received:
    0
    Thanks again for your help.

    SmitfraudFix:
    SmitFraudFix v2.81

    Scan done at 14:02:35.43, Sun 08/20/2006
    Run from C:\Documents and Settings\yiprobpat2003\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Ewido Report:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:10:51 PM 8/20/2006

    + Scan result:



    C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP417\A0021812.dll -> Adware.BetterInternet : Cleaned.
    C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP417\A0021813.dll -> Adware.BetterInternet : Cleaned.
    C:\TEMP\DrTemp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned.
    C:\TEMP\DrTemp\ceres.dll -> Adware.BetterInternet : Cleaned.
    C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned.
    C:\WINDOWS\rgrt.exe -> Adware.ShopNav : Cleaned.
    C:\WINDOWS\pxwma.dll -> Adware.Webdir : Cleaned.
    C:\TEMP\ICD1.tmp\wupdt.exe -> Downloader.OneClickNetSearch.f : Cleaned.
    C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP417\A0021879.exe -> Downloader.Zlob.afl : Cleaned.
    C:\Program Files\ZTrace\zCorpSetupzip.ZIP/zSetupCorp.exe -> Heuristic.Win32.Dialer : Cleaned.
    C:\TEMP\DrTemp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned.
    C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP417\A0021816.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned.
    C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP417\A0021817.dll -> Not-A-Virus.Hoax.Win32.Renos.du : Cleaned.
    :mozilla.58:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.59:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.60:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.61:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.62:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.63:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.64:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.65:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.756:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.772:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.346:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.351:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.352:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.353:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.354:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.824:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Belstat : Cleaned.
    :mozilla.825:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Belstat : Cleaned.
    C:\TEMP\Cookies\hamrwc1@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\TEMP\Cookies\hamrwc1@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.341:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.342:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.343:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.344:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.68:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.69:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.826:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.830:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.83:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.84:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    C:\TEMP\Cookies\hamrwc1@com[2].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.582:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.583:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.584:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.585:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.823:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
    :mozilla.805:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.883:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.884:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.254:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.255:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.259:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.345:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.847:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.848:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.450:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.451:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.452:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.453:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.100:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.101:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.102:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.103:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.104:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.105:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.106:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.107:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.108:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.109:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.110:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.111:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.112:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.113:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.114:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.115:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.116:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.117:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.118:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.119:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.120:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.121:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.122:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.123:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.124:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.125:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.126:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.127:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.128:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.129:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.130:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.131:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.132:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.133:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.134:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.135:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.136:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.137:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.138:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.139:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.90:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.91:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.92:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.93:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.94:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.95:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.96:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.97:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.98:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.99:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.512:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.513:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.514:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.515:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.516:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.517:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.518:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.519:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.520:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.521:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.522:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.523:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.524:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.525:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.526:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.527:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.528:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.529:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.530:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.531:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.532:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.533:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.534:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.535:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.536:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.537:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.538:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.539:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.540:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.541:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.542:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.543:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.544:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.545:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.546:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.547:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.548:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.549:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.550:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.551:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.552:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.553:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.554:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.555:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.556:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.557:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.558:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.559:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.560:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.561:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.448:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.449:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.781:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.857:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Xhit : Cleaned.
    :mozilla.858:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Xhit : Cleaned.
    :mozilla.10:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.11:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.12:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.13:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.14:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.15:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.27:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.28:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.6:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.7:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.8:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.9:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\TEMP\Cookies\hamrwc1@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\TEMP\Cookies\hamrwc1@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.588:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.589:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.590:C:\userdata\Mozilla\zudmwfk9.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end
     
    sugarfree311,
    #5
  7. 2006/08/20
    sugarfree311

    sugarfree311 Inactive Thread Starter

    Joined:
    2005/07/11
    Messages:
    9
    Likes Received:
    0
    HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:22:50 PM, on 8/20/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\80211abg\acs.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\System32\TpScrLk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\yiprobpat2003\Desktop\Spyware Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://student.wfu.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O1 - Hosts: 152.17.2.151 codesrv1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {aafb5c85-6027-4013-9e35-117eee49b608} - C:\WINDOWS\system32\isigare.dll (file missing)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKLM\..\Run: [ioishwa] c:\windows\system32\ioishwa.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Read It! - C:\WINDOWS\Web\toyagt.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdn32.dll
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = deacnet.wfu.edu
    O17 - HKLM\Software\..\Telephony: DomainName = deacnet.wfu.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = deacnet.wfu.edu
    O20 - Winlogon Notify: isigare - isigare.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Program Files\80211abg\acs.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d= "C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
    O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
     
    sugarfree311,
    #6
  8. 2006/08/20
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, very good looks like we got about all of 'em. Just some clean up remains.

    Below you will find my results and recommendations. Please read ALL instructions carefully BEFORE proceeding.

    Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It also needs to be removed from the desktop.
    You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

    Please go to Add/Remove, and if found, uninstall the following:
    Media-Codec

    arrow: Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)

    O2 - BHO: (no name) - {aafb5c85-6027-4013-9e35-117eee49b608} - C:\WINDOWS\system32\isigare.dll (file missing)


    O4 - HKLM\..\Run: [ioishwa] c:\windows\system32\ioishwa.exe

    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe


    O20 - Winlogon Notify: isigare - isigare.dll (file missing)

    Reboot, into safe mode, this way:
    Turn on the computer
    Immediately begin tapping the <F8> key.
    Use the arrow keys to highlight Safe Mode and press the <Enter> key.

    Also, enable the 'Show Hidden Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    And search for, then delete, if found, (some may not be present after previous steps) the following files/folders:
    C:\Program Files\Media-Codec<<<<---this folder
    C:\WINDOWS\system32\isigare.dll <<<--this file
    c:\windows\system32\ioishwa.exe<<<--this file
    C:\WINDOWS\wupdt.exe<<<--this file

    To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

    Post a new HJT log back into this thread please.
     
    TeMerc,
    #7
  9. 2006/08/20
    sugarfree311

    sugarfree311 Inactive Thread Starter

    Joined:
    2005/07/11
    Messages:
    9
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 7:27:23 PM, on 8/20/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\80211abg\acs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\System32\TpScrLk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://student.wfu.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O1 - Hosts: 152.17.2.151 codesrv1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Read It! - C:\WINDOWS\Web\toyagt.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdn32.dll
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = deacnet.wfu.edu
    O17 - HKLM\Software\..\Telephony: DomainName = deacnet.wfu.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = deacnet.wfu.edu
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Program Files\80211abg\acs.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d= "C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
    O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
     
    sugarfree311,
    #8
  10. 2006/08/20
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    OK, that last log file appears to be clear of any infection indicators, is the machine running as it should at this point? Let me know.

    And for some final cleaning and recommendations:

    We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

    Empty the TIF (Temporary Internet Files)
    Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
    The app below will help with temp files.
    Index.dat Suite

    Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

    This would also be a good time to set a new system restore point for your machine.
    Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

    Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

    Here is a link which describes how security apps work with WIN XP machines.
    XP User Accts Security Apps Operation

    To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

    SpywareBlaster
    With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

    To avoid known malware infested sites from loading in IE install IESPY ADS.
    And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

    And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.1.

    Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

    Links for tutorials for all the apps I mentioned can be found on my site as well.

    Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

    And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
    Calendar of Updates

    Subscribe to update alerts for all the above security apps here.

    You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
    TeMerc Test Box Forum

    Happy surfing!!
    Tom :D
     
    TeMerc,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...