Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - erikh

Pages: [1]

Tech Clinic / Smitfraud and incessant popups.

« on: May 30, 2007, 07:15:50 PM »

Hi there,
My system has been working well since it was cleaned up. The only problem so far are these in-text popups but I'm getting better at avoiding them. Can they be shut off?
I have not had any recurrence of Smitfraud or the WinAntivirus advertisements and in general the machine appears cleaner than it has ever been.
Thank you again for your help.
best regards, Erik

Tech Clinic / Smitfraud and incessant popups.

« on: May 27, 2007, 08:32:03 AM »

I got rid of these five .exe files, and fixed SyBot S&D. Then downloadwed SpywareBlaster and set it up. My machine is working well now except that the in-text Vibrant Advertisements are annoying, but maybe we cannot do anything about them?

Anyway I will be able to test the system till thursday (I'll try and report then) after which I will be offline for six weeks. When I return I will check again and will report back.

Thank you very much for a most efficient clean-up process, carried out in a most professional manner. I wasted so much time initially trying to do a clean-up myself. I should have come to you right away.
Many thanks again.
regards, Erik

Tech Clinic / Smitfraud and incessant popups.

« on: May 26, 2007, 01:15:34 AM »

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Hi there,
Yikes. I just ran Spybot S&D and found the following:

[font=\"Times New Roman\"]--- Search result list ---[/font]

[font=\"Times New Roman\"]MediaPlex: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Adviva: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Smitfraud-C.Toolbar888: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]SystemDoctor2006: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]CasaleMedia: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]SystemDoctor2006: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]WebTrends live: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]DoubleClick: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Clickbank: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]TagASaurus: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]HitBox: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]HitBox: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Avenue A, Inc.: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]ReliableStats: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Statcounter: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Zedo: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]HitsLink: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"]Winsoftware: Tracking cookie (Internet Explorer: Erik Halbert) (Cookie, nothing done)[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] I fixed all of these and reran. This time the scan was clean.
[/font]

[font=\"Times New Roman\"]Erik. [/font]

Tech Clinic / Smitfraud and incessant popups.

« on: May 26, 2007, 12:37:46 AM »

Notes:
Hi there, I tested all of the files in both of the websites and attach the results. Loks like the files are all the same since the file sizes are identical and the scans are similar??

With respect to general operation. My machine sems very much cleaner. Pop-ups are now absent and the random freezing and rebooting do not occur now. I have not done a check with Spybot to see if it still shows Smitfraud. However, I will do that soon and I'll be surprised if it it is still there.

Erik

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 <script language=javascript type=text/javascript>document.getElementById('javascriptwarning').innerHTML=''; File to upload & scan:

Service Service load: 0% 100% File: 28155622ld.exe Status: [color=\"red\"]INFECTED/MALWARE[/color] MD5 c962e5a7a1406d48b3292a342210c573 Packers detected: -<script type=text/javascript> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type=text/javascript> Scanner results Scan taken on 26 May 2007 04:10:50 (GMT) A-Squared Found nothingAntiVir Found TR/Proxy.Dlena.CQ.4 ArcaVir Found nothingAvast Found nothingAVG Antivirus Found Proxy.NJQ BitDefender Found Worm.P2P.AB ClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingF-Secure Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq Fortinet Found nothingKaspersky Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq NOD32 Found Win32/TrojanProxy.Dlena Norman Virus Control Found nothingPanda Antivirus Found nothingRising Antivirus Found nothingVirusBuster Found nothingvb script:void(0)"]Feedback[/url] - Privacy policy

Page generated by JTPL

Copyright Â© 2004-2007 Jordi Bosveld <[email protected]> <script language=javascript type=text/javascript> serverbusy = false; function check_if_busy(time) { time = time - 1000; if (time <= 0) { xmlhttp.open("GET", "psv/getload.php", true); xmlhttp.onreadystatechange = verify_if_busy; xmlhttp.send(null); } else { if (!statusset) { if (serverbusy) { document.getElementById('status').innerHTML = 'The server is extremely busy at the moment, please wait (retrying in ' +time / 1000 + ' seconds)...'; } else { document.getElementById('status').innerHTML = 'Ready for scan'; } } setTimeout("check_if_busy(" + time + ")", 1000); } } function verify_if_busy() { if (xmlhttp.readyState == 4) { var response = parseInt(xmlhttp.responseText); setloadgraph(response); if (response >= 100) { set_busy(); check_if_busy(30000); } else { set_ready(); check_if_busy(30000); } } } function setloadgraph(percentage) { percentage = percentage * 2; if (percentage > 100) { percentage = 100; } var load = parseInt(percentage * 2); var load2 = parseInt(200 - load); if (load2 < 1) { // bloody IE load2 = 1; } if (percentage < 50) { var weight = '#00ff00'; } else if (percentage < 75) { var weight = '#ffff00'; } else { var weight = '#ff0000'; } document.getElementById('loadleft').style.background = weight; document.getElementById('loadleft').width = load; document.getElementById('loadright').width = load2; } function set_busy() { serverbusy = true; document.getElementById('submitbutton').disabled = true; } function set_ready() { serverbusy = false; document.getElementById('submitbutton').disabled = false; } <script language=javascript>document.getElementById('scannera2').innerHTML='Found nothing'; <script language=javascript>document.getElementById('scannerantivir').innerHTML='Found TR/Proxy.Dlena.CQ.4 '; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerarcavir').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scanneravast').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scanneravg').innerHTML='Found Proxy.NJQ '; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerbitdefender').innerHTML='Found Worm.P2P.AB '; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerclamav').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerdrweb').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerf-prot').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerf-secure').innerHTML='Found Trojan-Proxy.Win32.Dlena.cq '; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerfortinet').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerkav').innerHTML='Found Trojan-Proxy.Win32.Dlena.cq '; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannernod32').innerHTML='Found Win32/TrojanProxy.Dlena '; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannernorman').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerpanda').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannerrising').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannervb').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('scannervba32').innerHTML='Found nothing'; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('status').innerHTML='[color=\"#00ed00\"]INFECTED/MALWARE[/color] '; <script language=javascript>document.getElementById('packers').innerHTML='-'; <script language=javascript>document.getElementById('submitbutton').disabled = false;

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++

File: 18261092ld.exe Status: [color=\"red\"]INFECTED/MALWARE[/color] (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 c962e5a7a1406d48b3292a342210c573 Packers detected: -<script type=text/javascript> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type=text/javascript> Scanner results Scan taken on 26 May 2007 04:19:35 (GMT) A-Squared Found nothingAntiVir Found TR/Proxy.Dlena.CQ.4 ArcaVir Found nothingAvast Found nothingAVG Antivirus Found Proxy.NJQ BitDefender Found Worm.P2P.AB ClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingF-Secure Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq Fortinet Found nothingKaspersky Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq NOD32 Found Win32/TrojanProxy.Dlena Norman Virus Control Found nothingPanda Antivirus Found nothingRising Antivirus Found nothingVirusBuster Found nothingVBA32 Found nothing+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++

Service load: 0% 100% File: 58204682ld.exe Status: [color=\"red\"]INFECTED/MALWARE[/color] (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 c962e5a7a1406d48b3292a342210c573 Packers detected: -<script type=text/javascript> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type=text/javascript> Scanner results Scan taken on 26 May 2007 04:23:33 (GMT) A-Squared Found nothingAntiVir Found TR/Proxy.Dlena.CQ.4 ArcaVir Found nothingAvast Found nothingAVG Antivirus Found Proxy.NJQ BitDefender Found Worm.P2P.AB ClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingF-Secure Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq Fortinet Found nothingKaspersky Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq NOD32 Found Win32/TrojanProxy.Dlena Norman Virus Control Found nothingPanda Antivirus Found nothingRising Antivirus Found nothingVirusBuster Found nothingVBA32 Found nothing+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++

Service load: 0% 100% File: 38534372ld.exe Status: [color=\"red\"]INFECTED/MALWARE[/color] (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 c962e5a7a1406d48b3292a342210c573 Packers detected: -<script type=text/javascript> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type=text/javascript> Scanner results Scan taken on 26 May 2007 04:26:19 (GMT) A-Squared Found nothingAntiVir Found TR/Proxy.Dlena.CQ.4 ArcaVir Found nothingAvast Found nothingAVG Antivirus Found Proxy.NJQ BitDefender Found Worm.P2P.AB ClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingF-Secure Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq Fortinet Found nothingKaspersky Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq NOD32 Found Win32/TrojanProxy.Dlena Norman Virus Control Found nothingPanda Antivirus Found nothingRising Antivirus Found nothingVirusBuster Found nothingVBA32 Found nothing+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++

Service load: 0% 100% File: 2016152ld.exe Status: [color=\"red\"]INFECTED/MALWARE[/color] (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 c962e5a7a1406d48b3292a342210c573 Packers detected: -<script type=text/javascript> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type=text/javascript> Scanner results Scan taken on 26 May 2007 04:28:13 (GMT) A-Squared Found nothingAntiVir Found TR/Proxy.Dlena.CQ.4 ArcaVir Found nothingAvast Found nothingAVG Antivirus Found Proxy.NJQ BitDefender Found Worm.P2P.AB ClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingF-Secure Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq Fortinet Found nothingKaspersky Anti-Virus Found Trojan-Proxy.Win32.Dlena.cq NOD32 Found Win32/TrojanProxy.Dlena Norman Virus Control Found nothingPanda Antivirus Found nothingRising Antivirus Found nothingVirusBuster Found nothingVBA32 Found nothing+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

STATUS: FINISHEDComplete scanning result of "28155622ld.exe", received in VirusTotal at 05.26.2007, 06:33:56 (CET).

AntivirusVersionUpdateResultAhnLab-V32007.5.24.005.25.2007Win-Trojan/Dlena.31232.LAntiVir7.4.0.2705.25.2007TR/Proxy.Dlena.CQ.4Authentium4.93.805.23.2007 no virus foundAvast4.7.997.005.25.2007 no virus foundAVG7.5.0.46705.25.2007Proxy.NJQBitDefender7.205.26.2007Worm.P2P.ABCAT-QuickHeal9.0005.25.2007TrojanProxy.Dlena.cqClamAVdevel-2007041605.25.2007 no virus foundDrWeb4.3305.25.2007 no virus foundeSafe7.0.15.005.24.2007suspicious Trojan/WormeTrust-Vet30.7.366505.26.2007 no virus foundEwido4.005.25.2007 no virus foundFileAdvisor105.26.2007 no virus foundFortinet2.85.0.005.26.2007suspiciousF-Prot4.3.2.4805.25.2007 no virus foundF-Secure6.70.13030.005.25.2007Trojan-Proxy.Win32.Dlena.cqIkarusT3.1.1.805.25.2007 no virus foundKaspersky4.0.2.2405.26.2007Trojan-Proxy.Win32.Dlena.cqMcAfee503905.25.2007 no virus foundMicrosoft1.250305.26.2007 no virus foundNOD32v2229205.25.2007Win32/TrojanProxy.DlenaNorman5.80.0205.25.2007 no virus foundPanda9.0.0.405.25.2007 no virus foundPrevx1V205.26.2007Trojan.RPCC.PayloadSophos4.18.005.25.2007 no virus foundSunbelt2.2.907.005.24.2007VIPRE.SuspiciousSymantec1005.26.2007Trojan.Packed
.9TheHacker6.1.6.12305.25.2007 no virus foundVBA323.12.005.26.2007 no virus foundVirusBuster4.3.23:905.25.2007 no virus foundWebwasher-Gateway6.0.105.26.2007Trojan.Proxy.Dlena.CQ.4

Aditional InformationFile size: 31232 bytesMD5: c962e5a7a1406d48b3292a342210c573SHA1: 950c4e159c66aab7a32eb24a899a5a6b465b6d55Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC...94043842Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++

STATUS: FINISHEDComplete scanning result of "18261092ld.exe", received in VirusTotal at 05.26.2007, 06:40:32 (CET).

AntivirusVersionUpdateResultAhnLab-V32007.5.24.005.25.2007Win-Trojan/Dlena.31232.LAntiVir7.4.0.2705.25.2007TR/Proxy.Dlena.CQ.4Authentium4.93.805.23.2007 no virus foundAvast4.7.997.005.25.2007 no virus foundAVG7.5.0.46705.25.2007Proxy.NJQBitDefender7.205.26.2007Worm.P2P.ABCAT-QuickHeal9.0005.25.2007TrojanProxy.Dlena.cqClamAVdevel-2007041605.25.2007 no virus foundDrWeb4.3305.25.2007 no virus foundeSafe7.0.15.005.24.2007suspicious Trojan/WormeTrust-Vet30.7.366505.26.2007 no virus foundEwido4.005.25.2007 no virus foundFileAdvisor105.26.2007 no virus foundFortinet2.85.0.005.26.2007suspiciousF-Prot4.3.2.4805.25.2007 no virus foundF-Secure6.70.13030.005.25.2007Trojan-Proxy.Win32.Dlena.cqIkarusT3.1.1.805.26.2007 no virus foundKaspersky4.0.2.2405.26.2007Trojan-Proxy.Win32.Dlena.cqMcAfee503905.25.2007 no virus foundMicrosoft1.250305.26.2007 no virus foundNOD32v2229205.25.2007Win32/TrojanProxy.DlenaNorman5.80.0205.25.2007 no virus foundPanda9.0.0.405.25.2007 no virus foundPrevx1V205.26.2007Trojan.RPCC.PayloadSophos4.18.005.25.2007 no virus foundSunbelt2.2.907.005.24.2007VIPRE.SuspiciousSymantec1005.26.2007Trojan.Packed
.9TheHacker6.1.6.12305.25.2007 no virus foundVBA323.12.005.26.2007 no virus foundVirusBuster4.3.23:905.25.2007 no virus foundWebwasher-Gateway6.0.105.26.2007Trojan.Proxy.Dlena.CQ.4

Aditional InformationFile size: 31232 bytesMD5: c962e5a7a1406d48b3292a342210c573SHA1: 950c4e159c66aab7a32eb24a899a5a6b465b6d55Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC...94043842Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++

VirusTotal

VirusTotal is a free file analisys service that works using several antivirus engines.

Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.<H3 class=nod>Menu:</H3>

<LI id=menu_noticias_en>News Hot news in the virus/antivirus sector. <LI id=menu_estadisticas_en>Estadisticas Statistics of VirusTotal procesing.

Virustotal More info about Virustotal.

Tech Clinic / Smitfraud and incessant popups.

« on: May 25, 2007, 11:04:07 PM »

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Note:
This time ComboFix ran through smoothly and produced a log file in about three minutes. I have attached the file and will do the other checks in a short while.
Erik

"Erik Halbert" - 26/05/2007 13:56:20 Service Pack 4
ComboFix 07-05.26.V - Running from: "C:\Documents and Settings\Erik Halbert\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 26/0-01-07 to 26/05/2007 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [18/12/06 03:16a]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [19/01/07 10:55p]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [20/06/03 05:05a C:\WINNT\system32\mobsync.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [27/07/04 12:48p]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06/08/04 07:27a]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [06/09/04 12:50p]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [01/05/07 01:42a]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [18/12/06 08:03p]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [02/05/05 08:21p]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [17/05/07 10:12a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/06 02:57p]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/07 12:02a]
"NvCplDaemon"="RUNDLL32.exe" [08/05/01 10:00p C:\WINNT\system32\rundll32.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [20/08/06 08:48p]
"HP Lamp"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe" [24/11/98 02:00a]
"Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [05/10/00 02:23a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [20/02/01 12:09p C:\WINNT\system32\CTFMON.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [27/01/07 04:43p]
"EssentialPIM"="C:\Program Files\EssentialPIM\EssentialPIM.exe" [20/11/06 11:44p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [29/09/06 12:13a]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
WmdmPmSN

*Newly Created Service* -IPNAT
*Newly Created Service* -RASAUTO

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 13:58:27
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 26/05/2007 13:59:15
C:\ComboFix-quarantined-files.txt ... 26/05/07 01:59p
C:\ComboFix2.txt ... 26/05/07 09:05a

--- E O F ---

Tech Clinic / Smitfraud and incessant popups.

« on: May 25, 2007, 06:23:11 PM »

Note:

The only problem was when I ran Combo.fix. After five minutes the program seemed finished and I went to look for C:\profiles\install.log. (I thought that was the final log txt).
An error message came up saying that the registry size was too small and then the system rebooted, and said it was preparing c:combofix.txt. Apart from that, things went as expected, and the files follow.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2. Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 9:13:45 AM, on 26/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\ComboFix\10397.cfexe
C:\WINNT\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Desktop Service Centre] "C:\Program Files\OptusNet DSL Internet\DSC.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel® Active Monitor\imontray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe"
O4 - HKLM\..\Run: [Corel Reminder] "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Program Files\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164633796468
O17 - HKLM\System\CCS\Services\Tcpip\..\{E268C38B-2F85-40EC-8865-249169241F28}: NameServer = 203.23.236.66,203.23.236.69
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

3. AVG Antispyware log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:15:38 AM 26/05/2007

+ Scan result:

C:\VundoFix Backups\byxurqq.dll.bad -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\jkklmkk.dll.bad -> Adware.Virtumonde : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik halbert@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"][email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"]halbert@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"]halbert@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"]halbert@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik [email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"]halbert@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik halbert@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"][email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"][email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik halbert@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"][email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"][email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Erik Halbert\Cookies\erik .txt"]halbert@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

4. dss.exe text file.

DAFT Log saved on 2007-05-25 22:43:38
-----------------------------------------------------------------------
All associations okay!

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Tech Clinic / Smitfraud and incessant popups.

« on: May 25, 2007, 06:08:19 PM »

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1. Combofix Log.

"Erik Halbert" - 26/05/2007 8:49:45 Service Pack 4
ComboFix 07-05.26.V - Running from: "C:\Documents and Settings\Erik Halbert\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Program Files\install.log"

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_GB
-------\LEGACY_LDRSVC
-------\LEGACY_WINDBG48
-------\gb
-------\nm
-------\windbg48

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-26 ))))))))))))))))))))))))))))))))))

2007-05-26 09:00 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_854.dat
2007-05-26 09:00 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_278.dat
2007-05-25 22:40 465,678 --a------ C:\dss.exe
2007-05-25 18:37 <DIR> d-------- C:\DOCUME~1\ERIKHA~1\APPLIC~1\NewzToolz
2007-05-25 18:36 <DIR> d-------- C:\Program Files\NewzToolz
2007-05-25 09:25 16,384 --a------ C:\WINNT\system32\FileOps.exe
2007-05-24 23:22 <DIR> d-a------ C:\WINNT\system32\appmgmt
2007-05-24 22:41 <DIR> d-------- C:\WINNT\Corel
2007-05-24 20:38 <DIR> d-------- C:\Deckard
2007-05-23 21:14 53,248 --a------ C:\WINNT\system32\Process.exe
2007-05-23 18:48 <DIR> d-------- C:\VundoFix Backups
2007-05-23 16:50 95,232 --a------ C:\WINNT\system32\Lfkodak.dll
2007-05-23 16:50 93,184 --a------ C:\WINNT\system32\lftif70n.dll
2007-05-23 16:50 93,184 --a------ C:\WINNT\system32\hpsjvset.dll
2007-05-23 16:50 928 --a------ C:\WINNT\system32\hpsj1695.dll
2007-05-23 16:50 669,696 --a------ C:\WINNT\system32\ipeistor11.dll
2007-05-23 16:50 66,560 --a------ C:\WINNT\system32\ipeapi11.dll
2007-05-23 16:50 55,808 --a------ C:\WINNT\system32\lffax70n.dll
2007-05-23 16:50 55,296 --a------ C:\WINNT\system32\ltfil70n.DLL
2007-05-23 16:50 350,208 --a------ C:\WINNT\system32\ltkrn70n.dll
2007-05-23 16:50 35,328 --a------ C:\WINNT\system32\lffpx70n.dll
2007-05-23 16:50 324,608 --a------ C:\WINNT\system32\ipebase11.dll
2007-05-23 16:50 32,768 --a------ C:\WINNT\system32\lfgif70n.dll
2007-05-23 16:50 306,688 --a------ C:\WINNT\system32\Lffpx7.dll
2007-05-23 16:50 30,720 --a------ C:\WINNT\system32\hpsmui.dll
2007-05-23 16:50 24,576 --a------ C:\WINNT\system32\lfpcx70n.dll
2007-05-23 16:50 24,576 --a------ C:\WINNT\system32\lfbmp70n.dll
2007-05-23 16:50 224,768 --a------ C:\WINNT\system32\LFCMP70n.DLL
2007-05-23 16:50 111,104 --a------ C:\WINNT\system32\lfpng70n.dll
2007-05-23 16:50 <DIR> d-------- C:\WINNT\system32\Iosubsys
2007-05-23 16:50 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-05-23 16:49 312,323 --a------ C:\WINNT\IsUn040a.exe
2007-05-23 16:49 <DIR> d-------- C:\sj662
2007-05-22 18:47 57,344 --a------ C:\WINNT\uneng.exe
2007-05-22 18:46 81,408 --a------ C:\WINNT\system32\logagent.exe
2007-05-22 14:57 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-05-22 13:31 <DIR> d-------- C:\HJT
2007-05-22 12:57 90,112 --------- C:\WINNT\SDUnInst.exe
2007-05-22 11:18 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-05-22 11:18 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-05-21 23:39 <DIR> d-------- C:\WINNT\Content.IE5
2007-05-21 19:22 24,128 --a------ C:\WINNT\system32\drivers\sskbfd.sys
2007-05-21 19:22 22,080 --a------ C:\WINNT\system32\drivers\sshrmd.sys
2007-05-21 19:22 20,544 --a------ C:\WINNT\system32\drivers\SSFS0BB8.sys
2007-05-21 19:22 158,784 --a------ C:\WINNT\system32\drivers\ssidrv.sys
2007-05-21 19:22 1,515,584 --a------ C:\WINNT\WRSetup.dll
2007-05-21 19:22 <DIR> d-------- C:\Program Files\Webroot
2007-05-21 19:22 <DIR> d-------- C:\DOCUME~1\ERIKHA~1\APPLIC~1\Webroot
2007-05-21 19:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-05-21 19:10 164 --a------ C:\install.dat
2007-05-20 23:19 <DIR> d-------- C:\Program Files\Contacts Express
2007-05-20 19:56 <DIR> d-------- C:\{800186A2-0000-0000-42B1-6931FF534416}
2007-05-20 19:56 <DIR> d-------- C:\{800011F0-0000-0000-C19F-B3DADF7CDA58}
2007-05-20 17:35 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-20 16:51 3,968 --a------ C:\WINNT\system32\drivers\AvgArCln.sys
2007-05-20 15:34 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-11 08:38 <DIR> d-------- C:\Program Files\Open Contacts
2007-05-10 18:50 <DIR> d-------- C:\Program Files\Software by Design
2007-05-10 07:30 724,429 --a------ C:\WINNT\system32\dfl1z32.dll
2007-05-09 22:37 <DIR> d-------- C:\Program Files\EssentialPIM
2007-05-09 22:37 <DIR> d-------- C:\DOCUME~1\ERIKHA~1\APPLIC~1\EssentialPIM
2007-05-09 14:30 3,354 --a------ C:\WINNT\system32\tmp.reg
2007-05-09 13:07 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-09 08:06 995,056 --a------ C:\WINNT\system32\msajt200.dll
2007-05-09 08:06 910,848 --a------ C:\WINNT\system32\crpe.dll
2007-05-09 08:06 71,696 --a------ C:\WINNT\system32\pdirjet.dll
2007-05-09 08:06 398,416 --a------ C:\WINNT\system32\vbrun300.dll
2007-05-09 08:06 17,440 --a------ C:\WINNT\system32\msajt112.dll
2007-05-09 08:06 101,904 --a------ C:\WINNT\system32\pdbjet.dll
2007-05-09 08:06 <DIR> d-------- C:\Program Files\Manage Your Contacts
2007-05-08 18:20 <DIR> d-------- C:\Program Files\jv16 PowerTools
2007-05-07 22:20 <DIR> d-------- C:\Program Files\SmartDB_V34
2007-05-07 18:28 31,232 --a------ C:\WINNT\system32\28155622ld.exe
2007-05-07 18:18 31,232 --a------ C:\WINNT\system32\18261092ld.exe
2007-05-07 17:58 31,232 --a------ C:\WINNT\system32\58204682ld.exe
2007-05-07 17:38 31,232 --a------ C:\WINNT\system32\38534372ld.exe
2007-05-07 17:20 31,232 --a------ C:\WINNT\system32\2016152ld.exe
2007-05-06 22:03 <DIR> d-------- C:\dbworx
2007-05-04 10:35 <DIR> d-------- C:\Program Files\WinPIM
2007-05-03 18:51 <DIR> d-------- C:\Program Files\RegistryFix
2007-05-03 13:44 <DIR> d-------- C:\Program Files\Uniblue
2007-05-03 10:28 <DIR> d-------- C:\DOCUME~1\ERIKHA~1\APPLIC~1\CDBurnerXPP
2007-05-03 10:16 <DIR> d-------- C:\Program Files\CDBurnerXP
2007-05-02 01:01 <DIR> d-------- C:\Program Files\TreeDBNotes
2007-04-30 23:49 <DIR> d-------- C:\Program Files\BiblioExpress
2007-04-30 23:45 <DIR> d-------- C:\Program Files\BiblioExpress 3
2007-04-26 22:26 <DIR> d-------- C:\Program Files\Registrar Lite
2007-04-26 20:56 <DIR> d-------- C:\Program Files\Wise Disk Cleaner
2007-04-26 20:53 <DIR> d-------- C:\Program Files\Wise Registry Cleaner

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 12:51:40 -------- d-----w C:\Program Files\Corel
2007-05-24 12:46:27 -------- d-----w C:\DOCUME~1\ERIKHA~1\APPLIC~1\Corel
2007-05-23 06:51:06 1,480 ----a-w C:\WINNT\AUTOLNCH.REG
2007-05-22 12:17:58 -------- d-----w C:\Program Files\a-squared Free
2007-05-22 08:47:01 -------- d-----w C:\Program Files\Common Files\Adaptec Shared
2007-05-22 02:12:59 -------- d-----w C:\Program Files\Yahoo!
2007-05-21 23:27:22 -------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-05-20 12:49:32 -------- d-----w C:\Program Files\7-Zip
2007-05-20 12:49:21 -------- d-----w C:\Program Files\Apple Software Update
2007-05-20 12:48:54 -------- d-----w C:\Program Files\Family Tree Legends
2007-05-20 12:48:51 -------- d-----w C:\Program Files\ffdshow
2007-05-20 12:48:42 -------- d-----w C:\Program Files\gs
2007-05-20 12:48:40 -------- d-----w C:\Program Files\Intel Desktop Board Audio Driver
2007-05-20 12:48:19 -------- d-----w C:\Program Files\Kalender
2007-05-20 12:48:15 -------- d-----w C:\Program Files\QuickTime
2007-05-20 12:48:15 -------- d-----w C:\Program Files\On Station
2007-05-20 12:48:04 -------- d-----w C:\Program Files\RegScrubXP
2007-05-20 12:48:00 -------- d-----w C:\Program Files\tinySpell
2007-05-20 12:47:53 -------- d-----w C:\Program Files\Windows NT
2007-05-16 00:57:45 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-11 22:50:36 -------- d-----w C:\DOCUME~1\ERIKHA~1\APPLIC~1\UK's Kalender
2007-05-08 07:03:22 -------- d-----w C:\Program Files\Common Files\Art Plus Uninstall
2007-05-08 01:52:37 -------- d-----w C:\Program Files\TreePadLite
2007-05-06 22:33:39 -------- d-----w C:\Program Files\HDD Thermometer
2007-05-03 03:44:24 -------- d-----w C:\DOCUME~1\ERIKHA~1\APPLIC~1\Uniblue
2007-04-30 15:46:10 745,600 ----a-w C:\WINNT\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINNT\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINNT\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINNT\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINNT\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINNT\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINNT\system32\AVASTSS.scr
2007-04-27 02:11:52 -------- d-----w C:\DOCUME~1\ERIKHA~1\APPLIC~1\gtk-2.0
2007-04-26 11:05:54 -------- d-----w C:\Program Files\Atlantis Nova
2007-04-26 11:05:41 -------- d-----w C:\Program Files\WinCAPS
2007-04-19 04:08:23 -------- d-----w C:\Program Files\Micro-Sys Software
2007-04-11 07:33:46 -------- d-----w C:\Program Files\Ghostgum
2007-04-11 04:05:22 -------- d-----w C:\Program Files\FastStone Capture
2007-04-09 03:51:29 -------- d-----w C:\DOCUME~1\ERIKHA~1\APPLIC~1\MailFrontier
2007-04-06 04:40:52 -------- d-----w C:\Program Files\ScreenPrint32 v3
2007-04-06 04:40:23 249,856 ------w C:\WINNT\Setup1.exe
2007-04-05 07:17:39 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-03 00:25:23 4,212 ---h--w C:\WINNT\system32\zllictbl.dat
2007-04-02 07:16:35 -------- d-----w C:\DOCUME~1\ERIKHA~1\APPLIC~1\ACD Systems
2007-04-02 03:29:51 -------- d-----w C:\Program Files\Common Files\ACD Systems
2007-04-02 03:29:47 -------- d-----w C:\Program Files\ACD Systems
2007-03-15 02:23:16 497,496 ----a-w C:\WINNT\system32\XceedZip.dll
2007-03-15 02:19:58 526,184 ----a-w C:\WINNT\system32\XceedCry.dll
2007-03-13 09:44:49 245,520 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-08 14:01:42 1,087,216 ----a-w C:\WINNT\system32\zpeng24.dll
2007-03-06 11:17:48 381,200 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:17:46 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:17:46 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 06:12:21 1,641,936 ----a-w C:\WINNT\system32\WIN32K.SYS

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [06-12-18 03:16 ]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [07-01-19 22:55 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 05:05 C:\WINNT\system32\mobsync.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04-07-27 12:48 ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04-08-06 07:27 ]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [04-09-06 12:50 ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-05-01 01:42 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06-12-18 20:03 ]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [05-05-02 20:21 ]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07-05-17 10:12 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-01 14:57 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-09 00:02 ]
"NvCplDaemon"="RUNDLL32.exe" [01-05-08 22:00 C:\WINNT\system32\rundll32.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [06-08-20 20:48 ]
"HP Lamp"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe" [98-11-24 02:00 ]
"Corel Reminder"="C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" [00-10-05 02:23 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 12:09 C:\WINNT\system32\CTFMON.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07-01-27 16:43 ]
"EssentialPIM"="C:\Program Files\EssentialPIM\EssentialPIM.exe" [06-11-20 23:44 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [06-09-29 00:13 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
WmdmPmSN

*Newly Created Service* -IPNAT

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070524-113945-650
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINNT\system32\dssdll32.dll (file missing)

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{280A7B65-8F00-438F-3E5A-1F039433FE60}]

[HKEY_CLASSES_ROOT\CLSID\{280A7B65-8F00-438F-3E5A-1F039433FE60}\InprocServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,73,00,\
73,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

backup-20070524-113945-558
O2 - BHO: (no name) - {00147984-D416-4103-BA98-5313159EE782} - C:\WINNT\system32\epjclmql.dll (file missing)

backup-20070524-113945-475
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

backup-20070524-113945-255
O2 - BHO: (no name) - {9D20197E-B1C6-490B-BEB9-833851449936} - C:\WINNT\system32\vtsqo.dll (file missing)
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 09:00:55
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

********************************************************************

Completion time: 2007-05-26 9:03:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-26 09:02

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Program Files\install.log"

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_GB
-------\LEGACY_LDRSVC
-------\LEGACY_WINDBG48
-------\gb
-------\nm
-------\windbg48

((((((((((((((((((((((((((((((( Files Created from 26/0-01-07 to 26/05/2007 ))))))))))))))))))))))))))))))))))

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2.

Tech Clinic / Smitfraud and incessant popups.

« on: May 24, 2007, 05:56:28 AM »

When I ran DSS first I got an error message.

"Auto IT V3: Application error.
The instruction at 0x0043ac49 referenced memory at "0x0112e00". The memory could not be "read".
Click on OK to terminate the program.
Click on "Cancel" to debug the program.

I clicked OK and then ran rhe program again. This time it ran through completely. It did stop at one stage to request permission to access the web. I OK'd that permission.

I have attached the two logs below:

-------------------------------------------------------------------------------------------

Deckard's System Scanner v20070426.43
Run by Erik Halbert on 2007-05-24 at 20:42:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Performed disk cleanup.

-- HijackThis (run as Erik Halbert.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:42:25 PM, on 24/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Erik Halbert\Desktop\dss.exe
C:\HJT\HIJACK~1\Erik Halbert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Desktop Service Centre] "C:\Program Files\OptusNet DSL Internet\DSC.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel® Active Monitor\imontray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164633796468
O17 - HKLM\System\CCS\Services\Tcpip\..\{E268C38B-2F85-40EC-8865-249169241F28}: NameServer = 203.23.236.66,203.23.236.69
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- HijackThis Fixed Entries (C:\HJT\HIJACK~1\backups\) -------------------------

backup-20070524-113945-255 O2 - BHO: (no name) - {9D20197E-B1C6-490B-BEB9-833851449936} - C:\WINNT\system32\vtsqo.dll (file missing)
backup-20070524-113945-475 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
backup-20070524-113945-558 O2 - BHO: (no name) - {00147984-D416-4103-BA98-5313159EE782} - C:\WINNT\system32\epjclmql.dll (file missing)
backup-20070524-113945-650 O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINNT\system32\dssdll32.dll (file missing)

-- File Associations -----------------------------------------------------------

[color=\"red\"].txt - txtfile - shell\open\command - notepad.exe %1[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 giveio - c:\winnt\system32\giveio.sys
R1 sf (SFI Service) - c:\winnt\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver>
R2 SIODRV - c:\winnt\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R3 aeaudio - c:\winnt\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 SMBios (Intel ® System Management BIOS Service) - c:\winnt\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
R3 smbusp (Intel® SMBus 2.0 Driver) - c:\winnt\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>
R3 smwdm - c:\winnt\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 UPATC (USBAT Controller Driver) - c:\winnt\system32\drivers\upatc.sys <Not Verified; SCM Microsystems Inc.; USBAT Mass Storage Class Client driver>

S2 dsniff - c:\winnt\system32\drivers\dsniff.sys (file missing)
S3 FreshIO - d:\program files\freshdevices\freshdiagnose\freshio.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 imonNT (Intel® Active Monitor) - c:\program files\intel\intel® active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel® Active Monitor>
R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe <Not Verified; Analog Devices, Inc.; SoundMAX service agent>

S2 NMSAccess -

-- Files created between 2007-04-24 and 2007-05-24 -----------------------------

2007-05-24 11:43:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_27c.dat
2007-05-23 21:14:50 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-05-23 18:48:42 0 d-------- C:\VundoFix Backups
2007-05-23 16:50:16 93184 --a------ C:\WINNT\system32\hpsjvset.dll <Not Verified; Hewlett-Packard; Hewlett Packard ScanJet VendorSetup Extension Dynamic Link Library>
2007-05-23 16:50:16 928 --a------ C:\WINNT\system32\hpsj1695.dll
2007-05-23 16:50:14 30720 --a------ C:\WINNT\system32\hpsmui.dll <Not Verified; Hewlett-Packard; Biblioteca de vÃnculos dinÃ¡micos HPSCNMGR>
2007-05-23 16:50:08 350208 --a------ C:\WINNT\system32\ltkrn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:08 55296 --a------ C:\WINNT\system32\ltfil70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:08 93184 --a------ C:\WINNT\system32\lftif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:08 111104 --a------ C:\WINNT\system32\lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:08 24576 --a------ C:\WINNT\system32\lfbmp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:07 24576 --a------ C:\WINNT\system32\lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:07 95232 --a------ C:\WINNT\system32\Lfkodak.dll
2007-05-23 16:50:07 32768 --a------ C:\WINNT\system32\lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:07 35328 --a------ C:\WINNT\system32\lffpx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:07 306688 --a------ C:\WINNT\system32\Lffpx7.dll <Not Verified; ; Reference Implementation>
2007-05-23 16:50:07 55808 --a------ C:\WINNT\system32\lffax70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:06 224768 --a------ C:\WINNT\system32\LFCMP70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLSÂ® DLL for Win32>
2007-05-23 16:50:05 669696 --a------ C:\WINNT\system32\ipeistor11.dll <Not Verified; Hewlett-Packard Company; IPEISTOR Dynamic Link Library>
2007-05-23 16:50:05 324608 --a------ C:\WINNT\system32\ipebase11.dll <Not Verified; Hewlett-Packard Company; IPEBASE Dynamic Link Library>
2007-05-23 16:50:05 66560 --a------ C:\WINNT\system32\ipeapi11.dll <Not Verified; Hewlett-Packard Company; IPEAPI Dynamic Link Library>
2007-05-23 16:50:01 0 d-------- C:\WINNT\system32\Iosubsys
2007-05-23 16:50:01 0 d-------- C:\Program Files\Hewlett-Packard
2007-05-23 16:49:43 312323 --a------ C:\WINNT\IsUn040a.exe <Not Verified; InstallShield Software Corporation, Inc.; InstallShield unInstaller>
2007-05-23 16:49:24 0 d-------- C:\sj662
2007-05-23 16:08:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_594.dat
2007-05-22 18:47:01 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2007-05-22 18:36:03 1286036 ---h----- C:\WINNT\ShellIconCache
2007-05-22 16:08:42 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_564.dat
2007-05-22 13:31:28 0 d-------- C:\HJT
2007-05-22 12:57:13 90112 -----n--- C:\WINNT\SDUnInst.exe <Not Verified; Software Design; UnInstaller Utility for Windows>
2007-05-22 11:18:58 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-05-22 11:18:58 51200 --a------ C:\WINNT\system32\dumphive.exe
2007-05-22 09:28:14 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_280.dat
2007-05-21 23:39:07 0 d-------- C:\WINNT\Content.IE5
2007-05-21 19:22:17 0 d-------- C:\Program Files\Webroot
2007-05-21 19:22:17 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\Webroot
2007-05-21 19:22:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-05-21 19:10:59 164 --a------ C:\install.dat
2007-05-20 23:19:18 0 d-------- C:\Program Files\Contacts Express
2007-05-20 19:56:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4a0.dat
2007-05-20 19:56:20 0 d-------- C:\{800186A2-0000-0000-42B1-6931FF534416}
2007-05-20 19:56:20 0 d-------- C:\{800011F0-0000-0000-C19F-B3DADF7CDA58}
2007-05-20 17:35:45 0 d-------- C:\Program Files\Windows Live Safety Center
2007-05-20 15:34:16 0 d-------- C:\Program Files\Common Files\Scanner
2007-05-19 09:25:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_490.dat
2007-05-12 06:48:42 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_284.dat
2007-05-11 08:38:28 0 d-------- C:\Program Files\Open Contacts
2007-05-10 18:50:57 0 d-------- C:\Program Files\Software by Design
2007-05-10 12:37:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_6d8.dat
2007-05-10 07:30:52 724429 --a------ C:\WINNT\system32\dfl1z32.dll
2007-05-09 22:37:37 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\EssentialPIM
2007-05-09 22:37:30 0 d-------- C:\Program Files\EssentialPIM
2007-05-09 14:42:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_274.dat
2007-05-09 14:30:56 3354 --a------ C:\WINNT\system32\tmp.reg
2007-05-09 13:07:37 0 d-------- C:\Program Files\Enigma Software Group
2007-05-09 08:06:42 398416 --a------ C:\WINNT\system32\vbrun300.dll <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-05-09 08:06:42 71696 --a------ C:\WINNT\system32\pdirjet.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Windows>
2007-05-09 08:06:42 101904 --a------ C:\WINNT\system32\pdbjet.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Windows>
2007-05-09 08:06:42 995056 --a------ C:\WINNT\system32\msajt200.dll <Not Verified; Microsoft Corporation; MicrosoftÂ® Access>
2007-05-09 08:06:42 17440 --a------ C:\WINNT\system32\msajt112.dll <Not Verified; Microsoft Corporation; MicrosoftÂ® Access>
2007-05-09 08:06:42 910848 --a------ C:\WINNT\system32\crpe.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Windows>
2007-05-09 08:06:42 0 d-------- C:\Program Files\Manage Your Contacts
2007-05-09 07:25:53 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7c4.dat
2007-05-08 18:20:50 0 d-------- C:\Program Files\jv16 PowerTools
2007-05-08 07:11:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2a8.dat
2007-05-07 22:20:15 0 d-------- C:\Program Files\SmartDB_V34
2007-05-07 18:28:17 31232 --a------ C:\WINNT\system32\28155622ld.exe
2007-05-07 18:18:27 31232 --a------ C:\WINNT\system32\18261092ld.exe
2007-05-07 17:58:22 31232 --a------ C:\WINNT\system32\58204682ld.exe
2007-05-07 17:38:54 31232 --a------ C:\WINNT\system32\38534372ld.exe
2007-05-07 17:20:18 31232 --a------ C:\WINNT\system32\2016152ld.exe
2007-05-07 15:34:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2ac.dat
2007-05-07 08:35:33 2 --a------ C:\-1674251272
2007-05-06 22:03:31 0 d-------- C:\dbworx
2007-05-04 10:35:01 0 d-------- C:\Program Files\WinPIM
2007-05-03 18:51:55 0 d-------- C:\Program Files\RegistryFix
2007-05-03 13:44:18 0 d-------- C:\Program Files\Uniblue
2007-05-03 10:28:53 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\CDBurnerXPP
2007-05-03 10:16:37 0 d-------- C:\Program Files\CDBurnerXP
2007-05-02 01:01:22 0 d-------- C:\Program Files\TreeDBNotes
2007-04-30 23:49:46 0 d-------- C:\Program Files\BiblioExpress
2007-04-30 23:45:23 0 d-------- C:\Program Files\BiblioExpress 3
2007-04-26 22:26:13 0 d-------- C:\Program Files\Registrar Lite
2007-04-26 20:56:36 0 d-------- C:\Program Files\Wise Disk Cleaner
2007-04-26 20:53:49 0 d-------- C:\Program Files\Wise Registry Cleaner

-- Find3M Report ---------------------------------------------------------------

2007-05-23 16:51:06 1480 --a------ C:\WINNT\AUTOLNCH.REG
2007-05-22 22:17:58 0 d-------- C:\Program Files\a-squared Free
2007-05-22 18:47:01 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2007-05-22 12:12:59 0 d-------- C:\Program Files\Yahoo!
2007-05-22 09:27:22 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-05-20 22:49:32 0 d-------- C:\Program Files\7-Zip
2007-05-20 22:49:21 0 d-------- C:\Program Files\Apple Software Update
2007-05-20 22:48:54 0 d-------- C:\Program Files\Family Tree Legends
2007-05-20 22:48:51 0 d-------- C:\Program Files\ffdshow
2007-05-20 22:48:42 0 d-------- C:\Program Files\gs
2007-05-20 22:48:40 0 d-------- C:\Program Files\Intel Desktop Board Audio Driver
2007-05-20 22:48:19 0 d-------- C:\Program Files\Kalender
2007-05-20 22:48:15 0 d-------- C:\Program Files\QuickTime
2007-05-20 22:48:15 0 d-------- C:\Program Files\On Station
2007-05-20 22:48:04 0 d-------- C:\Program Files\RegScrubXP
2007-05-20 22:48:00 0 d-------- C:\Program Files\tinySpell
2007-05-20 22:47:53 0 d-------- C:\Program Files\Windows NT
2007-05-16 10:57:45 0 d-------- C:\Program Files\Microsoft.NET
2007-05-12 08:50:36 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\UK's Kalender
2007-05-09 19:49:25 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\Adobe
2007-05-08 17:03:22 0 d-------- C:\Program Files\Common Files\Art Plus Uninstall
2007-05-08 11:52:37 0 d-------- C:\Program Files\TreePadLite
2007-05-07 08:33:39 0 d-------- C:\Program Files\HDD Thermometer
2007-05-03 13:44:24 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\Uniblue
2007-04-27 12:11:52 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\gtk-2.0
2007-04-26 21:05:54 0 d-------- C:\Program Files\Atlantis Nova
2007-04-26 21:05:41 0 d-------- C:\Program Files\WinCAPS
2007-04-19 14:08:23 0 d-------- C:\Program Files\Micro-Sys Software
2007-04-17 18:50:12 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2a0.dat
2007-04-11 17:33:46 0 d-------- C:\Program Files\Ghostgum
2007-04-11 14:05:22 0 d-------- C:\Program Files\FastStone Capture
2007-04-09 13:51:29 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\MailFrontier
2007-04-06 14:40:52 0 d-------- C:\Program Files\ScreenPrint32 v3
2007-04-03 10:25:23 4212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-04-02 17:16:35 0 d-------- C:\Documents and Settings\Erik Halbert\Application Data\ACD Systems
2007-04-02 13:29:51 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-04-02 13:29:47 0 d-------- C:\Program Files\ACD Systems

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\""
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"Desktop Service Centre"="\"C:\\Program Files\\OptusNet DSL Internet\\DSC.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IMONTRAY"="\"C:\\Program Files\\Intel\\Intel® Active Monitor\\imontray.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"HP Lamp"="\"C:\\Program Files\\Hewlett-Packard\\HP PrecisionScan\\PrecisionScan\\HPLamp.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"EssentialPIM"="\"C:\\Program Files\\EssentialPIM\\EssentialPIM.exe\" /autorun"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9A072AA0-A30B-4717-A573-4511BB05F6AC}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0
Security Packages REG_MULTI_SZ kerberosmsv1_0schannel
Notification Packages REG_MULTI_SZ scecli

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs
wugroup REG_MULTI_SZ wuauserv
BITSgroup REG_MULTI_SZ BITS

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
gb

-- End of Deckard's System Scanner: finished at 2007-05-24 at 20:43:47 ---------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1022.73 MiB / 651.83 MiB
Pagefile Memory (total/avail): 2461.66 MiB / 2105.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1988.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 24.25 GiB free.
D: is Fixed (FAT32) - 12.29 GiB total, 2.31 GiB free.
E: is Fixed (FAT32) - 12.48 GiB total, 2.49 GiB free.
F: is Fixed (FAT32) - 12.47 GiB total, 4.6 GiB free.
G: is CDROM (No Media)
I: is Removable (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Erik Halbert\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=P4-28
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Erik Halbert
LOGONSERVER=\\P4-28
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ERIKHA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ERIKHA~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=P4-28
USERNAME=Erik Halbert
USERPROFILE=C:\Documents and Settings\Erik Halbert
windir=C:\WINNT

-- User Profiles ---------------------------------------------------------------

Erik Halbert (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
7-Zip 4.43 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
a-squared Free 2.1 --> "C:\Program Files\a-squared Free\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
ACDSee 4.0.1 Standard --> MsiExec.exe /I{4CCAE0E7-757D-4095-9A30-F6B9584459B2}
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
Atlantis Nova --> "C:\Program Files\Atlantis Nova\Atlantis.exe" -ui
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Contacts Express v1.1 --> "C:\Program Files\Contacts Express\unins000.exe"
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
dBworx ver 3.8 (Freeware) --> C:\dbworx\unins000.exe
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
Disk CleanUp --> C:\WINNT\SDUnInst.exe c:\program files\software by design\cleanup.uni
EPSON Printer Software --> C:\WINNT\system32\spool\DRIVERS\W32X86\2\EPUPDATE.EXE /r
EssentialPIM --> C:\Program Files\EssentialPIM\uninstall.exe
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~2\UNWISE.EXE C:\PROGRA~1\EUSING~2\INSTALL.LOG
Family Tree Legends --> MsiExec.exe /I{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}
FastStone Capture 4.8 --> C:\Program Files\FastStone Capture\uninst.exe
FastStone Image Viewer 2.9 Beta 2 --> C:\Program Files\FastStone Image Viewer\uninst.exe
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
ffdshow [rev 610] [2006-12-01] --> "C:\Program Files\ffdshow\unins000.exe"
FreeZip --> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\freezip.inf,Uninstall
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
FreshUI --> "C:\Program Files\FreshDevices\FreshUI\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HDD Thermometer --> C:\Program Files\HDD Thermometer\uninstall.exe
HijackThis 1.99.1 --> F:\Programs Downloaded\HijackThis\hijackthis060108\HijackThis.exe /uninstall
HP PrecisionScan --> C:\WINNT\IsUn040a.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\ISTech\OCR\OCRUninst.dll"
Intel® PRO Network Connections --> MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
jv16 PowerTools 1.3 --> "C:\Program Files\jv16 PowerTools\unins000.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 --> C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wmv9vcm.inf, Uninstall
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Open Contacts v4.0 --> "C:\Program Files\Open Contacts\unins000.exe"
Opera 9.02 --> MsiExec.exe /X{F4EE98D3-507A-4160-8F65-710C37A8FBB8}
OptusNet DSL --> C:\Program Files\OptusNet DSL Internet\Uninstall.exe
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Security Update for Microsoft .NET Framework 2.0 (KB917283) --> C:\WINNT\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770) --> C:\WINNT\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows 2000 (KB904706) -->
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\100\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
tinySpell 1.5 --> "C:\Program Files\tinySpell\unins000.exe"
UK's Kalender 2.0.1 --> "C:\Program Files\Kalender\unins000.exe"
Unlocker 1.8.4 --> C:\Program Files\Unlocker\uninst.exe
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinPad v3.04.1 --> "C:\Program Files\WinPad\unins000.exe"
Wise Disk Cleaner 2.2 --> "C:\Program Files\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 2.4 --> "C:\Program Files\Wise Registry Cleaner\unins000.exe"
Xara Xtreme --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C15B9AD0-EBC3-4903-8A7A-BB9E40C28850}\Setup.exe" -l0x9
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- End of Deckard's System Scanner: finished at 2007-05-24 at 20:43:47 ---------

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I should add tat even at this stage my machine is running much better.

regards, Erik

Tech Clinic / Smitfraud and incessant popups.

« on: May 23, 2007, 06:34:56 AM »

SmitFraudFix v2.186

Scan done at 21:32:01.78, Wed 23/05/2007
Run from C:\Documents and Settings\Erik Halbert\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINNT

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINNT\system

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINNT\Web

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\WINNT\system32

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Documents and Settings\Erik Halbert

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Documents and Settings\Erik Halbert\Application Data

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Start Menu

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\DOCUME~1\ERIKHA~1\FAVORI~1

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Desktop

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Program Files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Corrupted keys

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Desktop Components

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» pe386-msguard-lzx32-huy32

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» DNS

Description: NDIS 5.0 driver
DNS Server Search Order: 203.23.236.66
DNS Server Search Order: 203.23.236.69

Description: USB to Ethernet (LAN) Viking Driver
DNS Server Search Order: 211.29.132.12
DNS Server Search Order: 198.142.0.51

HKLM\SYSTEM\CCS\Services\Tcpip\..\{83E2AFDE-A9F1-4D59-BCED-F9D356FEF9BF}: DhcpNameServer=211.29.132.12 198.142.0.51
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E268C38B-2F85-40EC-8865-249169241F28}: NameServer=203.23.236.66,203.23.236.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83E2AFDE-A9F1-4D59-BCED-F9D356FEF9BF}: DhcpNameServer=211.29.132.12 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E268C38B-2F85-40EC-8865-249169241F28}: NameServer=203.23.236.66,203.23.236.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{83E2AFDE-A9F1-4D59-BCED-F9D356FEF9BF}: DhcpNameServer=211.29.132.12 198.142.0.51
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E268C38B-2F85-40EC-8865-249169241F28}: NameServer=203.23.236.66,203.23.236.69
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=211.29.132.12 198.142.0.51
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=211.29.132.12 198.142.0.51
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=211.29.132.12 198.142.0.51

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Scanning for wininet.dll infection

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End

---------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:23:36 PM, on 23/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {00147984-D416-4103-BA98-5313159EE782} - C:\WINNT\system32\epjclmql.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {9D20197E-B1C6-490B-BEB9-833851449936} - C:\WINNT\system32\vtsqo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Desktop Service Centre] "C:\Program Files\OptusNet DSL Internet\DSC.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel® Active Monitor\imontray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164633796468
O17 - HKLM\System\CCS\Services\Tcpip\..\{E268C38B-2F85-40EC-8865-249169241F28}: NameServer = 203.23.236.66,203.23.236.69
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINNT\system32\dssdll32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

I am resending this because the previous send may have got lost.
Looking forward to your thoughts on this.
regards, Erik

Tech Clinic / Smitfraud and incessant popups.

« on: May 23, 2007, 06:06:06 AM »

[quote name=\'erikh\' post=\'329040\' date=\'May 23 2007, 08:54 PM\']Reply.
Results so far up to end of Vundo.fix.[/quote]

I disabled SpySweeper. The tabs are labelled a bit differently because I guess it is a recent version. But I think I got them all right.
Then rebooted.
I brought down Vundo.fix.exe and ran it. It found several files and when I replied YES to delete files the screen went blank and then froze.
An error message came up saying: "Cannot import C:\Vundofix.reg. Error opening the file. There may be a disk or file system error"
I clicked OK but the screen was still frozen.
Ctrl/Alt/Del had no effect either.
I had to switch off power.
I restarted in normal mode.
redownloaded Vundo.txt and scanned again.
This time it did not find anything.
Then I copied C:\Vundofix.txt and will paste it now.

VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 6:48:42 PM 23/05/2007

Listing files found while scanning....

C:\WINNT\system32\byxurqq.dll
C:\WINNT\system32\gcrkbcwp.ini
C:\WINNT\system32\jkklmkk.dll
C:\WINNT\system32\lbpxnhqi.dll
C:\WINNT\system32\oqstv.bak1
C:\WINNT\system32\oqstv.bak2
C:\WINNT\system32\oqstv.ini
C:\WINNT\system32\pwcbkrcg.dll
C:\WINNT\system32\vtsqo.dll

Beginning removal...

Attempting to delete C:\WINNT\system32\byxurqq.dll
C:\WINNT\system32\byxurqq.dll Has been deleted!

Attempting to delete C:\WINNT\system32\gcrkbcwp.ini
C:\WINNT\system32\gcrkbcwp.ini Has been deleted!

Attempting to delete C:\WINNT\system32\jkklmkk.dll
C:\WINNT\system32\jkklmkk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\oqstv.bak1
C:\WINNT\system32\oqstv.bak1 Has been deleted!

Attempting to delete C:\WINNT\system32\oqstv.bak2
C:\WINNT\system32\oqstv.bak2 Has been deleted!

Attempting to delete C:\WINNT\system32\oqstv.ini
C:\WINNT\system32\oqstv.ini Has been deleted!

Attempting to delete C:\WINNT\system32\pwcbkrcg.dll
C:\WINNT\system32\pwcbkrcg.dll Has been deleted!

Attempting to delete C:\WINNT\system32\vtsqo.dll
C:\WINNT\system32\vtsqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Sun Java not detected
Scan started at 7:18:23 PM 23/05/2007

Listing files found while scanning....

No infected files were found.

Now I'll go back and continue.

Erik

Tech Clinic / Smitfraud and incessant popups.

« on: May 23, 2007, 05:54:20 AM »

[quote name=\'guestolo\' post=\'328930\' date=\'May 23 2007, 10:25 AM\']Please disable SpySweeper, as it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.

To disable SpySweeper:

Open it, click > Options over to the left then > click the Program tab > Uncheck "Start Spy Sweeper at Windows startup".
Over to the left click "shields"

Click the "Internet Explorer" tab and and uncheck all there.
Click the "Windows System" tab and uncheck all there.
Click the "Host File" tab and uncheck all there.
Click the "Startup Programs" tab and uncheck "Startup Items Shield".

Please leave these protections disabled till after we have you clean

Reboot your computer
Back in Windows

Download [color=\"blue\"]VundoFix.exe[/color]
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."

Post the report from Vundofix>>C:\Vundofix.txt

Also, can you delete Smitfraudfix.zip and the Smitfraudfix folder
REDownload [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Also post a fresh hijackthis log
If it takes more than one reply to post back all the info, please do so

Recap:
Post the following
1. Post the report from Vundofix>>C:\Vundofix.txt
2. Post the log from Smitfraudfix
3. Post a fresh hijackthis log[/quote]

Reply.
Results so far up to end of Vundo.fix.

1.I

Tech Clinic / Smitfraud and incessant popups.

« on: May 21, 2007, 10:57:57 PM »

Hi there,
Over the past week or so my computer has shown increasing numbers of pop-ups and I do not seem to be able to do much about them. Things get better for a short while and then more messy again.
Also I keep getting Smitfraud.Tool888 coming up when I run Spybot S&D and this appears to remove it but it comes back each time.
I had Google Toolbar but have removed it.
I have used Smitfraudfix but it cannot find Cleanup.reg.
I have run several cleanup programs but Smitfraud is really persistant.
I am using win2000.

I attach my Hijackthis log and hope that you can help me fix things.

regards, Erik

Logfile of HijackThis v1.99.1
Scan saved at 1:54:55 PM, on 22/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Desktop Service Centre] "C:\Program Files\OptusNet DSL Internet\DSC.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel® Active Monitor\imontray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [setup] "rundll32.exe" "C:\WINNT\system32\pwcbkrcg.dll",realset
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [Uniblue Registry Booster2] "C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe" /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164633796468
O17 - HKLM\System\CCS\Services\Tcpip\..\{E268C38B-2F85-40EC-8865-249169241F28}: NameServer = 203.23.236.66,203.23.236.69
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: MSN Messenger - {280A7B65-8F00-438F-3E5A-1F039433FE60} - C:\WINNT\system32\dssdll32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - erikh

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.

Tech Clinic / Smitfraud and incessant popups.