Post by: resevil83 on June 14, 2006, 11:11:21 PM
Please help!
BTW IE does not work. (Using Mozilla)
Logfile of HijackThis v1.99.1
Scan saved at 11:02:12 PM, on 6/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
G:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bf33bc31.exe
C:\WINDOWS\system32\1cb16dfe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svdsrv.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\DOCUME~1\MICHAE~1\MYDOCU~1\SSTEM3~1\nslookup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bf33bc31.exe] C:\WINDOWS\system32\bf33bc31.exe
O4 - HKLM\..\Run: [1cb16dfe.exe] C:\WINDOWS\system32\1cb16dfe.exe
O4 - HKLM\..\Run: [svdsrv] C:\WINDOWS\svdsrv.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [bf33bc31.exe] C:\Documents and Settings\Michael Bert\Local Settings\Application Data\bf33bc31.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\MICHAE~1\MYDOCU~1\SSTEM3~1\nslookup.exe" -vt yazr
O4 - HKCU\..\Run: [Wlyzu] C:\DOCUME~1\MICHAE~1\APPLIC~1\CROSOF~1.NET\WAUCLT~1.EXE
O4 - HKCU\..\Run: [1cb16dfe.exe] C:\Documents and Settings\Michael Bert\Local Settings\Application Data\1cb16dfe.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB (http://\"http://support.gateway.com/support/profiler/PCPitStop.CAB\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/SymAData.cab\")
O16 - DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} (WAFDownloader Class) - https://www.web-a-file.com/webafiledownloader.cab (http://\"https://www.web-a-file.com/webafiledownloader.cab\")
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...3008c54b810aed3 (http://\"http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab?fd7767a287b2d2f76c0a95f8bda2e136957473c550bfb81e49252734af6867d26a66ecec618633058da45cb1addd0a4167fc5f33e0c071476677bb6fc6:190950799eb876e613008c54b810aed3\")
O20 - AppInit_DLLs: wowexec.dll C:\WINDOWS\system32\wowexec.dll
O20 - Winlogon Notify: winysd32 - C:\WINDOWS\SYSTEM32\winysd32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Unknown owner - C:\WINDOWS\system32\RioMSC.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Post by: guestolo on June 15, 2006, 05:28:33 PM
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
If you get a prompt from your Anti-Virus, please ALLOW this script too run
We are just collecting information
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents please
Afterwards,
Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the contents of that report also into your next reply.
Post by: resevil83 on June 17, 2006, 01:46:43 AM
I'll try restarting and doing it again.
SmitFraudFix v2.61
Scan done at 1:44:43.79, Sat 06/17/2006
Run from C:\Documents and Settings\Michael Bert\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael Bert\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"
[HKEY_CLASSES_ROOT\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Post by: guestolo on June 17, 2006, 11:52:47 AM
Can you do the following please, let's see if Norton's is interfering with installedprograms.vbs
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.
Please leave this disabled until after we have you clean please
If you still can't get it to run
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST... button
Save the list to desktop then come back here and copy, paste the whole contents please
Post by: resevil83 on June 17, 2006, 01:53:50 PM
INSTALLED SOFTWARE (211) - BERT-VVX88VYRXO - 6/17/2006 1:52:55 PM
7200 Ver: 47.0.1.000 Installed: 6/4/2005
7200Trb Ver: 47.0.1.000 Installed: 6/4/2005
Ad-Aware SE Personal Ver: 1.06
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 11/26/2004
Adobe Acrobat and Reader 6.0.3 Update Ver: 6.0.3 Installed: 2/19/2005
Adobe After Effects 6.5 Ver: 6.5 Installed: 3/1/2006
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Audition 1.5 Ver: 1.5 Installed: 4/26/2005
Adobe Bridge 1.0 Ver: 001.000.000 Installed: 4/16/2006
Adobe Common File Installer Ver: 1.00.0000 Installed: 4/16/2006
Adobe Encore DVD 1.5 Ver: 1.5
Adobe Help Center 1.0 Ver: 001.000.000 Installed: 4/16/2006
Adobe Illustrator CS Ver: 11
Adobe InDesign CS2 Ver: 004.000.000
Adobe InDesign CS2 Ver: 004.000.000 Installed: 3/4/2006
Adobe MPEG Encoder Ver: 1.03.0000 Installed: 10/12/2005
Adobe Photoshop CS Ver: CS
Adobe Photoshop CS2 Ver: 9.0
Adobe Photoshop CS2 Ver: 9.0 Installed: 4/16/2006
Adobe Premiere 6.5 Ver: 6.5
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 6/19/2004
Adobe Stock Photos 1.0 Ver: 001.000.000 Installed: 4/16/2006
Adobe SVG Viewer 3.0 Ver: 3.0
Advanced RealMedia Export Plug-in for Premiere 6.0
AiO_Scan Ver: 47.0.1.000 Installed: 6/4/2005
AiOSoftware Ver: 47.0.1.000 Installed: 6/4/2005
AnyDVD
AOL Instant Messenger
Atlantis Ver: 1.50 Installed: 8/22/2004
AutoUpdate Ver: 1.1
Azureus Ver: 2.3.0.4
BCM V.92 56K Modem
BufferChm Ver: 45.4.157.000 Installed: 6/4/2005
CC_ccStart Ver: 2.1.0.610 Installed: 8/23/2004
ccCommon Ver: 2.1.0.610 Installed: 8/23/2004
CleanUp!
ConvertXtoDVD 2.0.4 Ver: 2.0.4
Copy Ver: 45.4.157.000 Installed: 6/4/2005
Cowabanga by OIN
CP_AtenaShokunin1Config Ver: 45.4.131.000 Installed: 6/4/2005
cp_dwShrek2Albums1 Ver: 45.4.157.000 Installed: 6/4/2005
cp_dwShrek2Cards1 Ver: 45.4.157.000 Installed: 6/4/2005
Creative Jukebox Driver
Creative MediaSource Ver: 3.00
CreativeProjects Ver: 45.4.157.000 Installed: 6/4/2005
CreativeProjectsTemplates Ver: 45.4.157.000 Installed: 6/4/2005
CueTour Ver: 45.4.157.000 Installed: 6/4/2005
CuteFTP 7 Professional Ver: 7.00.0000
Dell Movie Studio Diagnostics Ver: 1.50 Installed: 8/22/2004
Dell ResourceCD
Destinations Ver: 45.4.157.000 Installed: 6/4/2005
Director Ver: 45.4.157.000 Installed: 6/4/2005
DivX Ver: 5.2.1
DivX Player Ver: 6.0
DocProc Ver: 4.5.0.0 Installed: 6/4/2005
DocumentViewer Ver: 45.4.157.000 Installed: 6/4/2005
DVD Decrypter (Remove Only)
DVD Shrink 3.2
dvdSanta 3.42
DVDuck
Elecard MPEG2 Player 2.0 Ver: 2.0 Installed: 08/25/2004
EPSON Online Reference Guide
EPSON Printer Software
Fax Ver: 47.0.1.000 Installed: 6/4/2005
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 8/8/2004
HijackThis 1.99.1 Ver: 1.99.1
HP Image Zone 4.7 Ver: 4.7
HP Product Assistant Ver: 2.0.0.0 Installed: 6/4/2005
HP PSC & OfficeJet 4.7
HP Software Update Ver: 3.0.5.001 Installed: 2/11/2006
HPSystemDiagnostics Ver: 1.6.0.0 Installed: 6/4/2005
InstantShare Ver: 45.4.157.000 Installed: 6/4/2005
Intel® PRO Ethernet Adapter and Software
iTunes Ver: 6.0.4.2 Installed: 3/14/2006
iTunes Ver: 6.0.4.2 Installed: 3/14/2006
J2SE Runtime Environment 5.0 Update 1 Ver: 1.5.0.10 Installed: 4/25/2005
J2SE Runtime Environment 5.0 Update 2 Ver: 1.5.0.20 Installed: 4/25/2005
J2SE Runtime Environment 5.0 Update 4 Ver: 1.5.0.40 Installed: 8/20/2005
LimeWire 4.8.1 Ver: 4.8.1
LiveReg (Symantec Corporation) Ver: 2.4.2.2295
LiveUpdate 3.0 (Symantec Corporation) Ver: 3.0.0.160
Macromedia Dreamweaver 8 Ver: 8.0.0.2734 Installed: 9/21/2005
Macromedia Extension Manager Ver: 1.7.240 Installed: 9/21/2005
Macromedia Flash 8 Ver: 8.00.0000 Installed: 10/26/2005
Macromedia Flash 8 Video Encoder Ver: 1.00.0000 Installed: 10/26/2005
Macromedia Flash Player 8 Ver: 8
Macromedia Flash Player 8 Ver: 8.0.22.0 Installed: 10/26/2005
Macromedia Flash Player 8 Plugin Ver: 8.0.22.0 Installed: 10/26/2005
Macromedia Shockwave Player
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 5/24/2005
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage Ver: 10.0.2627.0 Installed: 1/17/2006
Microsoft Script Debugger
Mozilla Firefox (1.0.7) Ver: 1.0.7 (en-US)
MSRedist Ver: 1.0.0.0 Installed: 8/23/2004
Nero 6 Ultra Edition
Nero 7 Demo Ver: 7.00.1461 Installed: 4/8/2006
Nikon View 5
Norton AntiVirus 2004 Ver: 10.00.13 Installed: 8/23/2004
Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.13
Norton AntiVirus Parent MSI Ver: 10.0.10 Installed: 8/23/2004
Norton AntiVirus SYMLT MSI Ver: 10.0.10 Installed: 8/23/2004
Norton WMI Update Ver: 2005.1.0.111 Installed: 8/30/2004
Palm Desktop Ver: 4.1.0300 Installed: 8/25/2004
PanoStandAlone Ver: 45.4.157.000 Installed: 6/4/2005
PCFriendly
PhotoGallery Ver: 45.4.157.000 Installed: 6/4/2005
ProductContext Ver: 47.0.1.000 Installed: 6/4/2005
QFolder Ver: 1.00.0000 Installed: 6/4/2005
Quicken 2005 Ver: 14.00.0000 Installed: 3/28/2005
Quicken 2005 Ver: 14.00.0000 Installed: 3/28/2005
QuickTime Ver: 7.0.4 Installed: 3/14/2006
QuickTime Ver: 7.0.4 Installed: 3/14/2006
Readme Ver: 47.0.1.000 Installed: 6/4/2005
RealPlayer
Roxio Easy DVD Copy Ver: 7.0.1.84 Installed: 9/30/2004
Roxio VideoWave Movie Creator Ver: 1.6.635.0 Installed: 8/22/2004
Scan Ver: 4.5.0.0 Installed: 6/4/2005
ScannerCopy Ver: 4.5.0.0 Installed: 6/4/2005
Security Update for Windows Media Player (KB911564) Installed: 2/19/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 2/19/2006
Security Update for Windows XP (KB883939) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB890046) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/14/2005
Security Update for Windows XP (KB896358) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/14/2005
Security Update for Windows XP (KB896424) Ver: 1 Installed: 11/13/2005
Security Update for Windows XP (KB896428) Ver: 1 Installed: 6/19/2005
Security Update for Windows XP (KB896688) Ver: 1 Installed: 10/16/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/14/2005
Security Update for Windows XP (KB899588) Ver: 1 Installed: 8/14/2005
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/14/2005
Security Update for Windows XP (KB900725) Ver: 1 Installed: 10/16/2005
Security Update for Windows XP (KB901017) Ver: 1 Installed: 10/16/2005
Security Update for Windows XP (KB901214) Ver: 1 Installed: 7/17/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 10/16/2005
Security Update for Windows XP (KB903235) Ver: 1 Installed: 7/17/2005
Security Update for Windows XP (KB904706) Ver: 1 Installed: 10/16/2005
Security Update for Windows XP (KB905414) Ver: 1 Installed: 10/16/2005
Security Update for Windows XP (KB905749) Ver: 1 Installed: 10/16/2005
Security Update for Windows XP (KB905915) Ver: 1 Installed: 12/18/2005
Security Update for Windows XP (KB908519) Ver: 1 Installed: 1/15/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/16/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/16/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/16/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/16/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 1/8/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 2/19/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 5/14/2006
Shockwave
SkinsHP1 Ver: 45.4.157.000 Installed: 6/4/2005
SmartFTP Client 2.0 Ver: 2.0.996 Installed: 4/8/2006
SmartFTP Client 2.0 Setup Files (remove only) Ver: "2.0"
Sony ACID Pro 5.0 Ver: 5.0.265 Installed: 5/24/2005
Sound Blaster Live!
Spybot - Search & Destroy 1.4 Ver: 1.4
SpywareBlaster v3.4 Ver: 3.4.0
Symantec Network Drivers Update Ver: 5.5.1.6 Installed: 5/10/2005
Symantec Script Blocking Installer Ver: 1.0.0 Installed: 8/23/2004
SymNet Ver: 4.7.1 Installed: 8/23/2004
TrayApp Ver: 45.4.157.000 Installed: 6/4/2005
Ultimatte AdvantEdge
Unload Ver: 4.5.0 Installed: 6/4/2005
Update for Windows XP (KB894391) Ver: 1 Installed: 8/14/2005
Update for Windows XP (KB896727) Ver: 1 Installed: 8/14/2005
Update for Windows XP (KB898461) Ver: 1 Installed: 7/3/2005
Update for Windows XP (KB900485) Ver: 2 Installed: 4/30/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 12/18/2005
VP6 VFW Codec
WebFldrs XP Ver: 9.50.6513 Installed: 6/16/2004
WebReg Ver: 45.4.157.000 Installed: 6/4/2005
WIBU-KEY Setup (WIBU-KEY Remove) Ver: Version 3.10 of 2001-Sep-27 (Setup) Installed: 3/6/2022
Winamp (remove only)
WinAVI VideoConverter
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB890923 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893066 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB893086 Ver: 1 Installed: 4/17/2005
Windows XP Service Pack 2 Ver: 20040803.231319
WinPcap 3.1 beta3 Installed: 11/24/2004
WinRAR archiver
WinZip Ver: 9.0 (6028)
WordPerfect Office 2002
WordPerfect Office 2002 Ver: 10 Installed: 6/22/2004
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
Yahoo! Toolbar
Yahoo! Toolbar
YazzleActiveX By OIN Ver: 1.0
Post by: bathfrog on June 17, 2006, 02:09:33 PM
<LOG REMOVED by guestolo>
bathfrog, please don't jump into someone else's topic, it's far too confusing
Start your own topic and supply a fresh hijackthis log
Post by: guestolo on June 17, 2006, 02:18:19 PM
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" UNCHECK
- "Install background guard"
"Install scan via context menu".
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the auto updater won't work
Please manually update from this link
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
Disable SpywareDoctor's protections as it may interfere with any fixes we try
To deactivate Spyware Doctor's OnGuard Tools
1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".
Access your add/remove programs and remove all the following
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
The above are all old versions or updates of Java, we will update this in a bit
Then continue to remove
Cowabanga by OIN
and
YazzleActiveX By OIN
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
CleanUp, may prompt to run in Demo mode the first time ran, decline, we actually want to run the cleanup portion
When it's done>>Click Close
DECLINE to Log off or Restart the computer
==Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt
If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode
==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [bf33bc31.exe] C:\WINDOWS\system32\bf33bc31.exe
O4 - HKLM\..\Run: [1cb16dfe.exe] C:\WINDOWS\system32\1cb16dfe.exe
O4 - HKLM\..\Run: [svdsrv] C:\WINDOWS\svdsrv.exe
O4 - HKCU\..\Run: [bf33bc31.exe] C:\Documents and Settings\Michael Bert\Local Settings\Application Data\bf33bc31.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\MICHAE~1\MYDOCU~1\SSTEM3~1\nslookup.exe" -vt yazr
O4 - HKCU\..\Run: [Wlyzu] C:\DOCUME~1\MICHAE~1\APPLIC~1\CROSOF~1.NET\WAUCLT~1.EXE
O4 - HKCU\..\Run: [1cb16dfe.exe] C:\Documents and Settings\Michael Bert\Local Settings\Application Data\1cb16dfe.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...3008c54b810aed3 (http://\"http://static.zangocash.com/cab/Seekmo/ie/...3008c54b810aed3\")
O20 - AppInit_DLLs: wowexec.dll C:\WINDOWS\system32\wowexec.dll
O20 - Winlogon Notify: winysd32 - C:\WINDOWS\SYSTEM32\winysd32.dll
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot back to Normal mode
Let's update Java
Go to the following link
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
Download and save to desktop the Windows OFFLINE installation
Double click on the installer and follow the prompts to install the latest version of Java
Once installed you can delete the installer saved to desktop
Post back the following:
1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
3. Post the contents of the log from Smitfraudfix located here>>C:\Rapport.txt
Post by: resevil83 on June 17, 2006, 09:00:17 PM
Scan saved at 8:59:13 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB (http://\"http://support.gateway.com/support/profiler/PCPitStop.CAB\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/SymAData.cab\")
O16 - DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} (WAFDownloader Class) - https://www.web-a-file.com/webafiledownloader.cab (http://\"https://www.web-a-file.com/webafiledownloader.cab\")
O20 - Winlogon Notify: winysd32 - winysd32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Unknown owner - C:\WINDOWS\system32\RioMSC.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:40:29 PM, 6/17/2006
+ Report-Checksum: D502F4A8
+ Scan result:
HKLM\SOFTWARE\tsvcin -> Adware.Look2Me : Cleaned with backup
HKU\S-1-5-21-527237240-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup
[216] C:\WINDOWS\system32\winysd32.dll -> Trojan.Agent.vg : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\0lql2m8c.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\0lql2m8c.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\0lql2m8c.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Michael Bert\Local Settings\Application Data\bf33bc31.exe -> Downloader.Obfuscated.a : Cleaned with backup
C:\WINDOWS\system32\bf33bc31.exe -> Downloader.Obfuscated.a : Cleaned with backup
C:\WINDOWS\system32\New Folder\rmzdzx.dll -> Not-A-Virus.Hoax.Win32.Renos.dp : Cleaned with backup
C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-1278500125.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2629912307.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2809625891.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2831234109.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-623154993.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-933574426.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-1001-77.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-1001-82.sig -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\winysd32.dll -> Trojan.Agent.vg : Cleaned with backup
::Report End
SmitFraudFix v2.61
Scan done at 19:05:47.62, Sat 06/17/2006
Run from C:\Documents and Settings\Michael Bert\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"
[HKEY_CLASSES_ROOT\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\MICHAE~1\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\rmzdzx.dll -> Missing File
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Post by: guestolo on June 17, 2006, 10:30:27 PM
Exact file names and locations
C:\WINDOWS\system32\wowexec.dll <-file>>Do NOT delete wowexec.exe
C:\WINDOWS\system32\1cb16dfe.exe <-file
C:\WINDOWS\svdsrv.exe <-file
Do a "System scan only" with Hijackthis and put a check next to these entries:
O20 - Winlogon Notify: winysd32 - winysd32.dll (file missing)
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Come back here and post one last hijackthis log and let me know how things are running please
Post by: resevil83 on June 18, 2006, 05:19:57 AM
Logfile of HijackThis v1.99.1
Scan saved at 5:19:38 AM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB (http://\"http://support.gateway.com/support/profiler/PCPitStop.CAB\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab\")
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab (http://\"http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab\")
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab (http://\"http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/SymAData.cab\")
O16 - DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} (WAFDownloader Class) - https://www.web-a-file.com/webafiledownloader.cab (http://\"https://www.web-a-file.com/webafiledownloader.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Unknown owner - C:\WINDOWS\system32\RioMSC.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Post by: guestolo on June 18, 2006, 09:43:58 AM
If everything is running better
- Go to START>>RUN>>In the open field
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b]
Your version of SpywareBlaster is out of date
Let's update it, Open SpywareBlaster 3.4>>Disable All Protection
Close SpywareBlaster
Access your add/remove programs and remove SpywareBlaster 3.4
Afterwards,
[/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
Update and do scan's with your Anti-Spyware programs on a regular basis
In addition: Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update
Most Important:
*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
+Ewido will become a free limited version after a couple weeks
Decide whether to keep it or not, it is a great scanner to update and run once a month
CleanUp!>>Again optional to hold onto, great in cleaning temp files, cookies, etc...
+You can reenable Norton's script blocking and Spyware Doctor's protections if still disabled
Stay safe
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: resevil83 on June 18, 2006, 11:09:15 PM
Post by: guestolo on June 19, 2006, 07:48:01 AM
Quote
when I restart my computer and get to the main windows screen... a thing comes up saying, installing photo galleryLet's deal with that problem
One of the programs set to run on startup appears to want to install this
Try and track down which one
Go to START>>RUN>>Type in
msconfig
Hit OK
Under the startup tab
Uncheck everything you don't need on startup
DON'T uncheck entries related too
your Anti-virus or spyware programs, they won't be the cause
Apply and close, reboot the computer
Do you still get the prompt to install photo gallery
If not, by trial and error, you will have to determine which program set to run on startup is responsible
My bet would be something related to HP's Imaging software, but that's a guess
Post by: guestolo on July 23, 2006, 10:59:43 PM
All others, please start your own topic