« previous next »
Pages: [1] 2

Author Topic: SmartSecurity and other problems  (Read 8198 times)

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« on: October 18, 2005, 05:15:14 PM »
May main problem is I've been aflicted with SmartSecurity and after a search of the web, seem to have similar symtons to other patients. The symtons are:
Red and black wallpaper, which can't be removed.
Doubling up of new icons.
Right-click on desktop inoperative (a real pain!) http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

I've had this problem for a little while, but now new problems persist:
- MS Word fails to open, producing a windows error report.
Reinstalling Office does not correct this problem. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
- McAfee Virus scan does not open with same problem as above.
Reinstalled McAfee Internet Security (5.0) and updated firewall. Virus scan worked at first, but then failed to open again once updated.
- Explorer home page has just been hijacked (sorry will need to reboot to get IP address). I managed to fix a similar problem here some time ago, but I'm being attacked again. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
- Notepad doesn't seem to open.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
- Excel crashes when opening a previously saved document.

I've run Ad-aware and Spybot, and fixed anything that came up.

Please can anyone help me with these problems? Help would be really gratefully received.
I've run HijackThis and got a huge list of processes that seem to be running. I save the log, but now am unable to open or access it, so I can't even post the results here. Tried attaching the log, but don't know how that works. I really don't know where else to start! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

P.S. I'm new to this  techy stuff, so please bear with me. Thanks.
P.P.S. I also have Kazaa (the "pop-up free" version you pay for) plus associated P2P, but I believe this is a big no-no. Will happily get rid of, if advised.

Managed to copy HijackThis log using wordpad:
Logfile of HijackThis v1.99.1
Scan saved at 11:03:46 PM, on 10/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\Program Files\LeechGet 2005\LeechGet.exe
C:\PROGRA~1\McAfee.com\Agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/1076/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/1076/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/1076/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/1076/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/1076/search.php?qq=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Qbf] C:\WINDOWS\System32\Oek.exe
O4 - HKLM\..\Run: [Bln] C:\WINDOWS\Tnf.exe
O4 - HKLM\..\Run: [Ijs] C:\WINDOWS\System32\Rto.exe
O4 - HKLM\..\Run: [Hds] C:\WINDOWS\System32\Som.exe
O4 - HKLM\..\Run: [Eun] C:\WINDOWS\System32\Utb.exe
O4 - HKLM\..\Run: [Mrd] C:\WINDOWS\Vor.exe
O4 - HKLM\..\Run: [Jvt] C:\WINDOWS\System32\Lot.exe
O4 - HKLM\..\Run: [Mhd] C:\WINDOWS\System32\Lnb.exe
O4 - HKLM\..\Run: [Inp] C:\WINDOWS\Fmj.exe
O4 - HKLM\..\Run: [Ivk] C:\WINDOWS\System32\Ndb.exe
O4 - HKLM\..\Run: [Ksu] C:\WINDOWS\System32\Vde.exe
O4 - HKLM\..\Run: [Eha] C:\WINDOWS\Lcv.exe
O4 - HKLM\..\Run: [Rhj] C:\WINDOWS\System32\Jlf.exe
O4 - HKLM\..\Run: [Iha] C:\WINDOWS\System32\Ajv.exe
O4 - HKLM\..\Run: [Klq] C:\WINDOWS\System32\Ptf.exe
O4 - HKLM\..\Run: [Lot] C:\WINDOWS\System32\Mjo.exe
O4 - HKLM\..\Run: [Scm] C:\WINDOWS\System32\Dkm.exe
O4 - HKLM\..\Run: [Esk] C:\WINDOWS\System32\Niu.exe
O4 - HKLM\..\Run: [Bcc] C:\WINDOWS\Jcd.exe
O4 - HKLM\..\Run: [Tmj] C:\WINDOWS\Mlq.exe
O4 - HKLM\..\Run: [Mva] C:\WINDOWS\System32\Crb.exe
O4 - HKLM\..\Run: [Iea] C:\WINDOWS\Stk.exe
O4 - HKLM\..\Run: [Tpe] C:\WINDOWS\System32\Umd.exe
O4 - HKLM\..\Run: [Jdp] C:\WINDOWS\Gbb.exe
O4 - HKLM\..\Run: [Fhn] C:\WINDOWS\Atd.exe
O4 - HKLM\..\Run: [Omc] C:\WINDOWS\Hlu.exe
O4 - HKLM\..\Run: [Ohq] C:\WINDOWS\System32\Afp.exe
O4 - HKLM\..\Run: [Tos] C:\WINDOWS\Bcv.exe
O4 - HKLM\..\Run: [Nfe] C:\WINDOWS\System32\Uuj.exe
O4 - HKLM\..\Run: [Vgv] C:\WINDOWS\Lpq.exe
O4 - HKLM\..\Run: [Ihk] C:\WINDOWS\System32\Lve.exe
O4 - HKLM\..\Run: [Pva] C:\WINDOWS\Mvp.exe
O4 - HKLM\..\Run: [Jpo] C:\WINDOWS\Ljv.exe
O4 - HKLM\..\Run: [Eqo] C:\WINDOWS\System32\Gbp.exe
O4 - HKLM\..\Run: [Iid] C:\WINDOWS\Pue.exe
O4 - HKLM\..\Run: [Tnb] C:\WINDOWS\Evb.exe
O4 - HKLM\..\Run: [Ver] C:\WINDOWS\System32\Ndc.exe
O4 - HKLM\..\Run: [Dct] C:\WINDOWS\System32\Sds.exe
O4 - HKLM\..\Run: [Kqi] C:\WINDOWS\Kss.exe
O4 - HKLM\..\Run: [Opj] C:\WINDOWS\System32\Ibr.exe
O4 - HKLM\..\Run: [Hht] C:\WINDOWS\System32\Mki.exe
O4 - HKLM\..\Run: [Gst] C:\WINDOWS\System32\Rhf.exe
O4 - HKLM\..\Run: [Nbp] C:\WINDOWS\System32\Vre.exe
O4 - HKLM\..\Run: [Ujc] C:\WINDOWS\Chc.exe
O4 - HKLM\..\Run: [Pju] C:\WINDOWS\Fsk.exe
O4 - HKLM\..\Run: [Hig] C:\WINDOWS\System32\Hgm.exe
O4 - HKLM\..\Run: [Vim] C:\WINDOWS\System32\Ufn.exe
O4 - HKLM\..\Run: [Obt] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Qfo] C:\WINDOWS\Bjd.exe
O4 - HKLM\..\Run: [Nnh] C:\WINDOWS\Fhp.exe
O4 - HKLM\..\Run: [Qmt] C:\WINDOWS\System32\Hgf.exe
O4 - HKLM\..\Run: [Hvl] C:\WINDOWS\System32\Kef.exe
O4 - HKLM\..\Run: [Fsn] C:\WINDOWS\Fic.exe
O4 - HKLM\..\Run: [Kpd] C:\WINDOWS\Evn.exe
O4 - HKLM\..\Run: [Ocr] C:\WINDOWS\System32\Por.exe
O4 - HKLM\..\Run: [Hdv] C:\WINDOWS\Rrf.exe
O4 - HKLM\..\Run: [Erk] C:\WINDOWS\System32\Jsb.exe
O4 - HKLM\..\Run: [Cng] C:\WINDOWS\Ffj.exe
O4 - HKLM\..\Run: [Fcb] C:\WINDOWS\Kpq.exe
O4 - HKLM\..\Run: [Frf] C:\WINDOWS\System32\Rpe.exe
O4 - HKLM\..\Run: [Bvr] C:\WINDOWS\Fun.exe
O4 - HKLM\..\Run: [Pma] C:\WINDOWS\System32\Gdt.exe
O4 - HKLM\..\Run: [Etr] C:\WINDOWS\Mep.exe
O4 - HKLM\..\Run: [Rjp] C:\WINDOWS\Igd.exe
O4 - HKLM\..\Run: [Boj] C:\WINDOWS\System32\Pnu.exe
O4 - HKLM\..\Run: [Obl] C:\WINDOWS\System32\Nli.exe
O4 - HKLM\..\Run: [Nem] C:\WINDOWS\System32\Pdh.exe
O4 - HKLM\..\Run: [Nnj] C:\WINDOWS\Nog.exe
O4 - HKLM\..\Run: [Lar] C:\WINDOWS\System32\Vvk.exe
O4 - HKLM\..\Run: [Npm] C:\WINDOWS\Mst.exe
O4 - HKLM\..\Run: [Tmq] C:\WINDOWS\System32\Uam.exe
O4 - HKLM\..\Run: [Kct] C:\WINDOWS\Hkk.exe
O4 - HKLM\..\Run: [Gml] C:\WINDOWS\Vea.exe
O4 - HKLM\..\Run: [Hfu] C:\WINDOWS\System32\Cft.exe
O4 - HKLM\..\Run: [Fef] C:\WINDOWS\Nff.exe
O4 - HKLM\..\Run: [Dao] C:\WINDOWS\System32\Sld.exe
O4 - HKLM\..\Run: [Csc] C:\WINDOWS\System32\Jtc.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\Ehf.exe
O4 - HKLM\..\Run: [Tnc] C:\WINDOWS\System32\Rnl.exe
O4 - HKLM\..\Run: [Tkd] C:\WINDOWS\System32\Tfq.exe
O4 - HKLM\..\Run: [Cuf] C:\WINDOWS\Ijl.exe
O4 - HKLM\..\Run: [Ebk] C:\WINDOWS\System32\Vqr.exe
O4 - HKLM\..\Run: [Vep] C:\WINDOWS\System32\Rih.exe
O4 - HKLM\..\Run: [Odr] C:\WINDOWS\System32\Fti.exe
O4 - HKLM\..\Run: [Vsr] C:\WINDOWS\Ptp.exe
O4 - HKLM\..\Run: [Ker] C:\WINDOWS\System32\Olh.exe
O4 - HKLM\..\Run: [Oaa] C:\WINDOWS\System32\Ukl.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\Buc.exe
O4 - HKLM\..\Run: [Eed] C:\WINDOWS\System32\Lpi.exe
O4 - HKLM\..\Run: [Oae] C:\WINDOWS\System32\Geq.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Fem.exe
O4 - HKLM\..\Run: [Vmp] C:\WINDOWS\Fve.exe
O4 - HKLM\..\Run: [Hba] C:\WINDOWS\Tpm.exe
O4 - HKLM\..\Run: [Chs] C:\WINDOWS\Pjf.exe
O4 - HKLM\..\Run: [Tup] C:\WINDOWS\Hcu.exe
O4 - HKLM\..\Run: [Blg] C:\WINDOWS\System32\Vae.exe
O4 - HKLM\..\Run: [Ljh] C:\WINDOWS\Bun.exe
O4 - HKLM\..\Run: [Jom] C:\WINDOWS\System32\Tov.exe
O4 - HKLM\..\Run: [Mlm] C:\WINDOWS\System32\Fdt.exe
O4 - HKLM\..\Run: [Ehp] C:\WINDOWS\System32\Fnf.exe
O4 - HKLM\..\Run: [Jsr] C:\WINDOWS\System32\Uem.exe
O4 - HKLM\..\Run: [Sit] C:\WINDOWS\System32\Gjr.exe
O4 - HKLM\..\Run: [Erm] C:\WINDOWS\Min.exe
O4 - HKLM\..\Run: [Flc] C:\WINDOWS\System32\Lre.exe
O4 - HKLM\..\Run: [Rar] C:\WINDOWS\System32\Vba.exe
O4 - HKLM\..\Run: [Mej] C:\WINDOWS\System32\Ftg.exe
O4 - HKLM\..\Run: [Vkl] C:\WINDOWS\Jfo.exe
O4 - HKLM\..\Run: [Hns] C:\WINDOWS\System32\Mta.exe
O4 - HKLM\..\Run: [Ukv] C:\WINDOWS\System32\Gqr.exe
O4 - HKLM\..\Run: [Oaf] C:\WINDOWS\Rfj.exe
O4 - HKLM\..\Run: [Ace] C:\WINDOWS\Jjn.exe
O4 - HKLM\..\Run: [Jag] C:\WINDOWS\Ldj.exe
O4 - HKLM\..\Run: [Llq] C:\WINDOWS\Nat.exe
O4 - HKLM\..\Run: [Qce] C:\WINDOWS\Uoj.exe
O4 - HKLM\..\Run: [Pmg] C:\WINDOWS\Erc.exe
O4 - HKLM\..\Run: [Jog] C:\WINDOWS\Dvd.exe
O4 - HKLM\..\Run: [Pba] C:\WINDOWS\System32\Iol.exe
O4 - HKLM\..\Run: [Vau] C:\WINDOWS\System32\Mpf.exe
O4 - HKLM\..\Run: [Gub] C:\WINDOWS\Rtf.exe
O4 - HKLM\..\Run: [Sjt] C:\WINDOWS\System32\Luc.exe
O4 - HKLM\..\Run: [Mel] C:\WINDOWS\Tch.exe
O4 - HKLM\..\Run: [Nal] C:\WINDOWS\System32\Ipc.exe
O4 - HKLM\..\Run: [Nok] C:\WINDOWS\Ial.exe
O4 - HKLM\..\Run: [Pto] C:\WINDOWS\Dda.exe
O4 - HKLM\..\Run: [Tko] C:\WINDOWS\Bfi.exe
O4 - HKLM\..\Run: [Ugl] C:\WINDOWS\System32\Vbg.exe
O4 - HKLM\..\Run: [Brm] C:\WINDOWS\System32\Oaq.exe
O4 - HKLM\..\Run: [Fio] C:\WINDOWS\Agb.exe
O4 - HKLM\..\Run: [Ohe] C:\WINDOWS\Rvu.exe
O4 - HKLM\..\Run: [Gut] C:\WINDOWS\Qbj.exe
O4 - HKLM\..\Run: [Iuu] C:\WINDOWS\Lkp.exe
O4 - HKLM\..\Run: [Cre] C:\WINDOWS\System32\Adk.exe
O4 - HKLM\..\Run: [Oqe] C:\WINDOWS\System32\Qut.exe
O4 - HKLM\..\Run: [Nci] C:\WINDOWS\Ejj.exe
O4 - HKLM\..\Run: [Fmn] C:\WINDOWS\Hnu.exe
O4 - HKLM\..\Run: [Pni] C:\WINDOWS\Uve.exe
O4 - HKLM\..\Run: [Qak] C:\WINDOWS\System32\Joo.exe
O4 - HKLM\..\Run: [Gpk] C:\WINDOWS\Fpn.exe
O4 - HKLM\..\Run: [Ntr] C:\WINDOWS\Fpc.exe
O4 - HKLM\..\Run: [Fjv] C:\WINDOWS\System32\Nbn.exe
O4 - HKLM\..\Run: [Fce] C:\WINDOWS\Hph.exe
O4 - HKLM\..\Run: [Gjs] C:\WINDOWS\System32\Jld.exe
O4 - HKLM\..\Run: [Rfb] C:\WINDOWS\System32\Vhh.exe
O4 - HKLM\..\Run: [Ihq] C:\WINDOWS\Uvh.exe
O4 - HKLM\..\Run: [Tvk] C:\WINDOWS\Llv.exe
O4 - HKLM\..\Run: [Afe] C:\WINDOWS\System32\Api.exe
O4 - HKLM\..\Run: [Pkd] C:\WINDOWS\Hor.exe
O4 - HKLM\..\Run: [Gvc] C:\WINDOWS\Lnc.exe
O4 - HKLM\..\Run: [Uub] C:\WINDOWS\Ark.exe
O4 - HKLM\..\Run: [Ugp] C:\WINDOWS\Mbo.exe
O4 - HKLM\..\Run: [Rbb] C:\WINDOWS\Eug.exe
O4 - HKLM\..\Run: [Udk] C:\WINDOWS\Opa.exe
O4 - HKLM\..\Run: [Htk] C:\WINDOWS\System32\Atd.exe
O4 - HKLM\..\Run: [Gsd] C:\WINDOWS\Scd.exe
O4 - HKLM\..\Run: [Bdm] C:\WINDOWS\System32\Lev.exe
O4 - HKLM\..\Run: [Utp] C:\WINDOWS\System32\Ikf.exe
O4 - HKLM\..\Run: [Qqf] C:\WINDOWS\Oun.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\Rhp.exe
O4 - HKLM\..\Run: [Jji] C:\WINDOWS\Cjc.exe
O4 - HKLM\..\Run: [Aki] C:\WINDOWS\System32\Sbg.exe
O4 - HKLM\..\Run: [Jcl] C:\WINDOWS\System32\Ihv.exe
O4 - HKLM\..\Run: [Mcc] C:\WINDOWS\Vmq.exe
O4 - HKLM\..\Run: [Kui] C:\WINDOWS\Bjh.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\Kqc.exe
O4 - HKLM\..\Run: [Fgv] C:\WINDOWS\System32\Usr.exe
O4 - HKLM\..\Run: [Stv] C:\WINDOWS\System32\Egl.exe
O4 - HKLM\..\Run: [Sth] C:\WINDOWS\System32\Pro.exe
O4 - HKLM\..\Run: [Pei] C:\WINDOWS\Bqp.exe
O4 - HKLM\..\Run: [Men] C:\WINDOWS\System32\Mfs.exe
O4 - HKLM\..\Run: [Qmb] C:\WINDOWS\System32\Prs.exe
O4 - HKLM\..\Run: [Jlq] C:\WINDOWS\Kpp.exe
O4 - HKLM\..\Run: [Avp] C:\WINDOWS\Nlp.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\Dqo.exe
O4 - HKLM\..\Run: [Iar] C:\WINDOWS\System32\Chb.exe
O4 - HKLM\..\Run: [Igo] C:\WINDOWS\System32\Ctt.exe
O4 - HKLM\..\Run: [Aak] C:\WINDOWS\Efv.exe
O4 - HKLM\..\Run: [Son] C:\WINDOWS\Ghd.exe
O4 - HKLM\..\Run: [Dep] C:\WINDOWS\Vpi.exe
O4 - HKLM\..\Run: [Lto] C:\WINDOWS\Naj.exe
O4 - HKLM\..\Run: [Svh] C:\WINDOWS\Nht.exe
O4 - HKLM\..\Run: [Hou] C:\WINDOWS\Bcn.exe
O4 - HKLM\..\Run: [Isj] C:\WINDOWS\Upu.exe
O4 - HKLM\..\Run: [Bsn] C:\WINDOWS\Imj.exe
O4 - HKLM\..\Run: [Qcc] C:\WINDOWS\Hvn.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\Hct.exe
O4 - HKLM\..\Run: [Ttn] C:\WINDOWS\Bpv.exe
O4 - HKLM\..\Run: [Gah] C:\WINDOWS\Qvt.exe
O4 - HKLM\..\Run: [Pjv] C:\WINDOWS\Ebg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINDOWS\Bhb.exe
O4 - HKLM\..\Run: [Evd] C:\WINDOWS\Fik.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\Gha.exe
O4 - HKLM\..\Run: [Qol] C:\WINDOWS\Jid.exe
O4 - HKLM\..\Run: [Fag] C:\WINDOWS\System32\Sme.exe
O4 - HKLM\..\Run: [Peo] C:\WINDOWS\Bms.exe
O4 - HKLM\..\Run: [Lhd] C:\WINDOWS\System32\Ktc.exe
O4 - HKLM\..\Run: [Mjr] C:\WINDOWS\Dch.exe
O4 - HKLM\..\Run: [Knl] C:\WINDOWS\System32\Qlg.exe
O4 - HKLM\..\Run: [Emp] C:\WINDOWS\System32\Ord.exe
O4 - HKLM\..\Run: [Aru] C:\WINDOWS\Hpk.exe
O4 - HKLM\..\Run: [Jcn] C:\WINDOWS\System32\Iqg.exe
O4 - HKLM\..\Run: [Rlf] C:\WINDOWS\System32\Knn.exe
O4 - HKLM\..\Run: [Kjv] C:\WINDOWS\Mqq.exe
O4 - HKLM\..\Run: [Vda] C:\WINDOWS\Gqi.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\System32\Vjl.exe
O4 - HKLM\..\Run: [Eob] C:\WINDOWS\System32\Tms.exe
O4 - HKLM\..\Run: [Eav] C:\WINDOWS\System32\Nnr.exe
O4 - HKLM\..\Run: [Vil] C:\WINDOWS\Npt.exe
O4 - HKLM\..\Run: [Fvi] C:\WINDOWS\Tik.exe
O4 - HKLM\..\Run: [Ifl] C:\WINDOWS\Kln.exe
O4 - HKLM\..\Run: [Old] C:\WINDOWS\Lol.exe
O4 - HKLM\..\Run: [Jao] C:\WINDOWS\System32\Ehi.exe
O4 - HKLM\..\Run: [Mte] C:\WINDOWS\Rtl.exe
O4 - HKLM\..\Run: [Qrm] C:\WINDOWS\System32\Lrk.exe
O4 - HKLM\..\Run: [Dfi] C:\WINDOWS\Usa.exe
O4 - HKLM\..\Run: [Tih] C:\WINDOWS\Nio.exe
O4 - HKLM\..\Run: [Ssc] C:\WINDOWS\Idp.exe
O4 - HKLM\..\Run: [Uqt] C:\WINDOWS\Ton.exe
O4 - HKLM\..\Run: [Bjd] C:\WINDOWS\System32\Qch.exe
O4 - HKLM\..\Run: [Uhb] C:\WINDOWS\System32\Ktt.exe
O4 - HKLM\..\Run: [Eti] C:\WINDOWS\System32\Qae.exe
O4 - HKLM\..\Run: [Gpb] C:\WINDOWS\System32\Vsq.exe
O4 - HKLM\..\Run: [Olf] C:\WINDOWS\Bfc.exe
O4 - HKLM\..\Run: [Ecp] C:\WINDOWS\Giu.exe
O4 - HKLM\..\Run: [Ere] C:\WINDOWS\System32\Fua.exe
O4 - HKLM\..\Run: [Jhb] C:\WINDOWS\System32\Bro.exe
O4 - HKLM\..\Run: [Sqv] C:\WINDOWS\System32\Pts.exe
O4 - HKLM\..\Run: [Aso] C:\WINDOWS\Gdd.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Kvc.exe
O4 - HKLM\..\Run: [Odf] C:\WINDOWS\Mki.exe
O4 - HKLM\..\Run: [Kaj] C:\WINDOWS\Ivn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Mhd] C:\WINDOWS\System32\Lnb.exe
O4 - HKCU\..\Run: [Inp] C:\WINDOWS\Fmj.exe
O4 - HKCU\..\Run: [Ivk] C:\WINDOWS\System32\Ndb.exe
O4 - HKCU\..\Run: [Ksu] C:\WINDOWS\System32\Vde.exe
O4 - HKCU\..\Run: [Eha] C:\WINDOWS\Lcv.exe
O4 - HKCU\..\Run: [Rhj] C:\WINDOWS\System32\Jlf.exe
O4 - HKCU\..\Run: [Iha] C:\WINDOWS\System32\Ajv.exe
O4 - HKCU\..\Run: [Klq] C:\WINDOWS\System32\Ptf.exe
O4 - HKCU\..\Run: [Lot] C:\WINDOWS\System32\Mjo.exe
O4 - HKCU\..\Run: [Scm] C:\WINDOWS\System32\Dkm.exe
O4 - HKCU\..\Run: [Esk] C:\WINDOWS\System32\Niu.exe
O4 - HKCU\..\Run: [Bcc] C:\WINDOWS\Jcd.exe
O4 - HKCU\..\Run: [Tmj] C:\WINDOWS\Mlq.exe
O4 - HKCU\..\Run: [Mva] C:\WINDOWS\System32\Crb.exe
O4 - HKCU\..\Run: [Iea] C:\WINDOWS\Stk.exe
O4 - HKCU\..\Run: [Tpe] C:\WINDOWS\System32\Umd.exe
O4 - HKCU\..\Run: [Jdp] C:\WINDOWS\Gbb.exe
O4 - HKCU\..\Run: [Fhn] C:\WINDOWS\Atd.exe
O4 - HKCU\..\Run: [Omc] C:\WINDOWS\Hlu.exe
O4 - HKCU\..\Run: [Ohq] C:\WINDOWS\System32\Afp.exe
O4 - HKCU\..\Run: [Tos] C:\WINDOWS\Bcv.exe
O4 - HKCU\..\Run: [Nfe] C:\WINDOWS\System32\Uuj.exe
O4 - HKCU\..\Run: [Vgv] C:\WINDOWS\Lpq.exe
O4 - HKCU\..\Run: [Ihk] C:\WINDOWS\System32\Lve.exe
O4 - HKCU\..\Run: [Pva] C:\WINDOWS\Mvp.exe
O4 - HKCU\..\Run: [Jpo] C:\WINDOWS\Ljv.exe
O4 - HKCU\..\Run: [Eqo] C:\WINDOWS\System32\Gbp.exe
O4 - HKCU\..\Run: [Iid] C:\WINDOWS\Pue.exe
O4 - HKCU\..\Run: [Tnb] C:\WINDOWS\Evb.exe
O4 - HKCU\..\Run: [Ujc] C:\WINDOWS\Chc.exe
O4 - HKCU\..\Run: [Hig] C:\WINDOWS\System32\Hgm.exe
O4 - HKCU\..\Run: [Obt] C:\WINDOWS\Aas.exe
O4 - HKCU\..\Run: [Nnh] C:\WINDOWS\Fhp.exe
O4 - HKCU\..\Run: [Hvl] C:\WINDOWS\System32\Kef.exe
O4 - HKCU\..\Run: [Vmp] C:\WINDOWS\Fve.exe
O4 - HKCU\..\Run: [Chs] C:\WINDOWS\Pjf.exe
O4 - HKCU\..\Run: [Blg] C:\WINDOWS\System32\Vae.exe
O4 - HKCU\..\Run: [Jom] C:\WINDOWS\System32\Tov.exe
O4 - HKCU\..\Run: [Ehp] C:\WINDOWS\System32\Fnf.exe
O4 - HKCU\..\Run: [Sit] C:\WINDOWS\System32\Gjr.exe
O4 - HKCU\..\Run: [Flc] C:\WINDOWS\System32\Lre.exe
O4 - HKCU\..\Run: [Mej] C:\WINDOWS\System32\Ftg.exe
O4 - HKCU\..\Run: [Hns] C:\WINDOWS\System32\Mta.exe
O4 - HKCU\..\Run: [Oaf] C:\WINDOWS\Rfj.exe
O4 - HKCU\..\Run: [Jag] C:\WINDOWS\Ldj.exe
O4 - HKCU\..\Run: [Jhb] C:\WINDOWS\System32\Bro.exe
O4 - HKCU\..\Run: [Aso] C:\WINDOWS\Gdd.exe
O4 - HKCU\..\Run: [Odf] C:\WINDOWS\Mki.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2005\\Parser.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O21 - SSODL: MSMserv - {06FAF956-6F4E-4861-92AD-6B990F0E9205} - C:\WINDOWS\System32\nvapopen.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)
« Last Edit: October 18, 2005, 06:10:58 PM by Jarcy »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #1 on: October 18, 2005, 10:22:38 PM »
I would uninstall P2Pnetworking from Add/remove programs

Afterwards, do the following

==Download and save too desktop or a folder
The Standalone version of CWShredder.exe
We'll need this later

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Give the link time to load or try it twice, it may be busy
Don't run this yet, we'll need it in a bit

==Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

==Download and Install the free version of Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
After it is updated, close it down, we'll run it later

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/


Now that you have the tools
Please print this out or save these instructions to notepad for reference
RESTART your Computer in SAFE MODE without networking
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DECLINE to Log off or Restart when scan is done.

==Open the SmitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Open Ad-Aware>>Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

==Open CWShredder.exe and click on the FIX button, let it finish it's scan

Reboot back to Normal mode

Afterwards
Come back here and supply a few logs
Supply a fresh hijackthis log and the Report from Ewidos
Also include the log SmitRem.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_Jarcy_*

  • Guest
SmartSecurity and other problems
« Reply #2 on: October 20, 2005, 02:53:06 AM »
Hi Guestolo,

Many thanks for your help! It's so much appreciated. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

I've followed all of the directions so far.
I couldn't open your link to smitRem, so searched the net for an alternative link and downloaded from there. Hope that's ok. Only problem is that I couldn't seem to find a log once finished running. I didn't complete the Disk Cleanup utility that it launches once complete.

I've now got rid of the SmartSecurity Red and Black screen  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />  - but right click & double icons still broken.

I was surprised that my version of Ad-Aware 6 appears to be out of date, as no updates were available and previously I was getting clean scans. Ad-aware SE found 72 bugs!

My notepad doesn't work and when I looked at the log from Ewido, I'm guessing that this has been hijacked as well. Notepad.exe appears to be missing.

I had saved the Ewido log to desktop, but it now appears to be missing. Do you want me to run this again?

Here's my new HijackThis log (amazingly captured from a Notepad window produced):

Thanks again!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Logfile of HijackThis v1.99.1
Scan saved at 8:42:19 AM, on 10/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/1076/search.php?qq=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Qbf] C:\WINDOWS\System32\Oek.exe
O4 - HKLM\..\Run: [Bln] C:\WINDOWS\Tnf.exe
O4 - HKLM\..\Run: [Ijs] C:\WINDOWS\System32\Rto.exe
O4 - HKLM\..\Run: [Hds] C:\WINDOWS\System32\Som.exe
O4 - HKLM\..\Run: [Eun] C:\WINDOWS\System32\Utb.exe
O4 - HKLM\..\Run: [Mrd] C:\WINDOWS\Vor.exe
O4 - HKLM\..\Run: [Jvt] C:\WINDOWS\System32\Lot.exe
O4 - HKLM\..\Run: [Mhd] C:\WINDOWS\System32\Lnb.exe
O4 - HKLM\..\Run: [Inp] C:\WINDOWS\Fmj.exe
O4 - HKLM\..\Run: [Ivk] C:\WINDOWS\System32\Ndb.exe
O4 - HKLM\..\Run: [Ksu] C:\WINDOWS\System32\Vde.exe
O4 - HKLM\..\Run: [Eha] C:\WINDOWS\Lcv.exe
O4 - HKLM\..\Run: [Rhj] C:\WINDOWS\System32\Jlf.exe
O4 - HKLM\..\Run: [Iha] C:\WINDOWS\System32\Ajv.exe
O4 - HKLM\..\Run: [Klq] C:\WINDOWS\System32\Ptf.exe
O4 - HKLM\..\Run: [Lot] C:\WINDOWS\System32\Mjo.exe
O4 - HKLM\..\Run: [Scm] C:\WINDOWS\System32\Dkm.exe
O4 - HKLM\..\Run: [Esk] C:\WINDOWS\System32\Niu.exe
O4 - HKLM\..\Run: [Bcc] C:\WINDOWS\Jcd.exe
O4 - HKLM\..\Run: [Tmj] C:\WINDOWS\Mlq.exe
O4 - HKLM\..\Run: [Mva] C:\WINDOWS\System32\Crb.exe
O4 - HKLM\..\Run: [Iea] C:\WINDOWS\Stk.exe
O4 - HKLM\..\Run: [Tpe] C:\WINDOWS\System32\Umd.exe
O4 - HKLM\..\Run: [Jdp] C:\WINDOWS\Gbb.exe
O4 - HKLM\..\Run: [Fhn] C:\WINDOWS\Atd.exe
O4 - HKLM\..\Run: [Omc] C:\WINDOWS\Hlu.exe
O4 - HKLM\..\Run: [Ohq] C:\WINDOWS\System32\Afp.exe
O4 - HKLM\..\Run: [Tos] C:\WINDOWS\Bcv.exe
O4 - HKLM\..\Run: [Nfe] C:\WINDOWS\System32\Uuj.exe
O4 - HKLM\..\Run: [Vgv] C:\WINDOWS\Lpq.exe
O4 - HKLM\..\Run: [Ihk] C:\WINDOWS\System32\Lve.exe
O4 - HKLM\..\Run: [Pva] C:\WINDOWS\Mvp.exe
O4 - HKLM\..\Run: [Jpo] C:\WINDOWS\Ljv.exe
O4 - HKLM\..\Run: [Eqo] C:\WINDOWS\System32\Gbp.exe
O4 - HKLM\..\Run: [Iid] C:\WINDOWS\Pue.exe
O4 - HKLM\..\Run: [Tnb] C:\WINDOWS\Evb.exe
O4 - HKLM\..\Run: [Ver] C:\WINDOWS\System32\Ndc.exe
O4 - HKLM\..\Run: [Dct] C:\WINDOWS\System32\Sds.exe
O4 - HKLM\..\Run: [Kqi] C:\WINDOWS\Kss.exe
O4 - HKLM\..\Run: [Opj] C:\WINDOWS\System32\Ibr.exe
O4 - HKLM\..\Run: [Hht] C:\WINDOWS\System32\Mki.exe
O4 - HKLM\..\Run: [Gst] C:\WINDOWS\System32\Rhf.exe
O4 - HKLM\..\Run: [Nbp] C:\WINDOWS\System32\Vre.exe
O4 - HKLM\..\Run: [Ujc] C:\WINDOWS\Chc.exe
O4 - HKLM\..\Run: [Pju] C:\WINDOWS\Fsk.exe
O4 - HKLM\..\Run: [Hig] C:\WINDOWS\System32\Hgm.exe
O4 - HKLM\..\Run: [Vim] C:\WINDOWS\System32\Ufn.exe
O4 - HKLM\..\Run: [Obt] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Qfo] C:\WINDOWS\Bjd.exe
O4 - HKLM\..\Run: [Nnh] C:\WINDOWS\Fhp.exe
O4 - HKLM\..\Run: [Qmt] C:\WINDOWS\System32\Hgf.exe
O4 - HKLM\..\Run: [Hvl] C:\WINDOWS\System32\Kef.exe
O4 - HKLM\..\Run: [Fsn] C:\WINDOWS\Fic.exe
O4 - HKLM\..\Run: [Kpd] C:\WINDOWS\Evn.exe
O4 - HKLM\..\Run: [Ocr] C:\WINDOWS\System32\Por.exe
O4 - HKLM\..\Run: [Hdv] C:\WINDOWS\Rrf.exe
O4 - HKLM\..\Run: [Erk] C:\WINDOWS\System32\Jsb.exe
O4 - HKLM\..\Run: [Cng] C:\WINDOWS\Ffj.exe
O4 - HKLM\..\Run: [Fcb] C:\WINDOWS\Kpq.exe
O4 - HKLM\..\Run: [Frf] C:\WINDOWS\System32\Rpe.exe
O4 - HKLM\..\Run: [Bvr] C:\WINDOWS\Fun.exe
O4 - HKLM\..\Run: [Pma] C:\WINDOWS\System32\Gdt.exe
O4 - HKLM\..\Run: [Etr] C:\WINDOWS\Mep.exe
O4 - HKLM\..\Run: [Rjp] C:\WINDOWS\Igd.exe
O4 - HKLM\..\Run: [Boj] C:\WINDOWS\System32\Pnu.exe
O4 - HKLM\..\Run: [Obl] C:\WINDOWS\System32\Nli.exe
O4 - HKLM\..\Run: [Nem] C:\WINDOWS\System32\Pdh.exe
O4 - HKLM\..\Run: [Nnj] C:\WINDOWS\Nog.exe
O4 - HKLM\..\Run: [Lar] C:\WINDOWS\System32\Vvk.exe
O4 - HKLM\..\Run: [Npm] C:\WINDOWS\Mst.exe
O4 - HKLM\..\Run: [Tmq] C:\WINDOWS\System32\Uam.exe
O4 - HKLM\..\Run: [Kct] C:\WINDOWS\Hkk.exe
O4 - HKLM\..\Run: [Gml] C:\WINDOWS\Vea.exe
O4 - HKLM\..\Run: [Hfu] C:\WINDOWS\System32\Cft.exe
O4 - HKLM\..\Run: [Fef] C:\WINDOWS\Nff.exe
O4 - HKLM\..\Run: [Dao] C:\WINDOWS\System32\Sld.exe
O4 - HKLM\..\Run: [Csc] C:\WINDOWS\System32\Jtc.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\Ehf.exe
O4 - HKLM\..\Run: [Tnc] C:\WINDOWS\System32\Rnl.exe
O4 - HKLM\..\Run: [Tkd] C:\WINDOWS\System32\Tfq.exe
O4 - HKLM\..\Run: [Cuf] C:\WINDOWS\Ijl.exe
O4 - HKLM\..\Run: [Ebk] C:\WINDOWS\System32\Vqr.exe
O4 - HKLM\..\Run: [Vep] C:\WINDOWS\System32\Rih.exe
O4 - HKLM\..\Run: [Odr] C:\WINDOWS\System32\Fti.exe
O4 - HKLM\..\Run: [Vsr] C:\WINDOWS\Ptp.exe
O4 - HKLM\..\Run: [Ker] C:\WINDOWS\System32\Olh.exe
O4 - HKLM\..\Run: [Oaa] C:\WINDOWS\System32\Ukl.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\Buc.exe
O4 - HKLM\..\Run: [Eed] C:\WINDOWS\System32\Lpi.exe
O4 - HKLM\..\Run: [Oae] C:\WINDOWS\System32\Geq.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Fem.exe
O4 - HKLM\..\Run: [Vmp] C:\WINDOWS\Fve.exe
O4 - HKLM\..\Run: [Hba] C:\WINDOWS\Tpm.exe
O4 - HKLM\..\Run: [Chs] C:\WINDOWS\Pjf.exe
O4 - HKLM\..\Run: [Tup] C:\WINDOWS\Hcu.exe
O4 - HKLM\..\Run: [Blg] C:\WINDOWS\System32\Vae.exe
O4 - HKLM\..\Run: [Ljh] C:\WINDOWS\Bun.exe
O4 - HKLM\..\Run: [Jom] C:\WINDOWS\System32\Tov.exe
O4 - HKLM\..\Run: [Mlm] C:\WINDOWS\System32\Fdt.exe
O4 - HKLM\..\Run: [Ehp] C:\WINDOWS\System32\Fnf.exe
O4 - HKLM\..\Run: [Jsr] C:\WINDOWS\System32\Uem.exe
O4 - HKLM\..\Run: [Sit] C:\WINDOWS\System32\Gjr.exe
O4 - HKLM\..\Run: [Erm] C:\WINDOWS\Min.exe
O4 - HKLM\..\Run: [Flc] C:\WINDOWS\System32\Lre.exe
O4 - HKLM\..\Run: [Rar] C:\WINDOWS\System32\Vba.exe
O4 - HKLM\..\Run: [Mej] C:\WINDOWS\System32\Ftg.exe
O4 - HKLM\..\Run: [Vkl] C:\WINDOWS\Jfo.exe
O4 - HKLM\..\Run: [Hns] C:\WINDOWS\System32\Mta.exe
O4 - HKLM\..\Run: [Ukv] C:\WINDOWS\System32\Gqr.exe
O4 - HKLM\..\Run: [Oaf] C:\WINDOWS\Rfj.exe
O4 - HKLM\..\Run: [Ace] C:\WINDOWS\Jjn.exe
O4 - HKLM\..\Run: [Jag] C:\WINDOWS\Ldj.exe
O4 - HKLM\..\Run: [Llq] C:\WINDOWS\Nat.exe
O4 - HKLM\..\Run: [Qce] C:\WINDOWS\Uoj.exe
O4 - HKLM\..\Run: [Pmg] C:\WINDOWS\Erc.exe
O4 - HKLM\..\Run: [Jog] C:\WINDOWS\Dvd.exe
O4 - HKLM\..\Run: [Pba] C:\WINDOWS\System32\Iol.exe
O4 - HKLM\..\Run: [Vau] C:\WINDOWS\System32\Mpf.exe
O4 - HKLM\..\Run: [Gub] C:\WINDOWS\Rtf.exe
O4 - HKLM\..\Run: [Sjt] C:\WINDOWS\System32\Luc.exe
O4 - HKLM\..\Run: [Mel] C:\WINDOWS\Tch.exe
O4 - HKLM\..\Run: [Nal] C:\WINDOWS\System32\Ipc.exe
O4 - HKLM\..\Run: [Nok] C:\WINDOWS\Ial.exe
O4 - HKLM\..\Run: [Pto] C:\WINDOWS\Dda.exe
O4 - HKLM\..\Run: [Tko] C:\WINDOWS\Bfi.exe
O4 - HKLM\..\Run: [Ugl] C:\WINDOWS\System32\Vbg.exe
O4 - HKLM\..\Run: [Brm] C:\WINDOWS\System32\Oaq.exe
O4 - HKLM\..\Run: [Fio] C:\WINDOWS\Agb.exe
O4 - HKLM\..\Run: [Ohe] C:\WINDOWS\Rvu.exe
O4 - HKLM\..\Run: [Gut] C:\WINDOWS\Qbj.exe
O4 - HKLM\..\Run: [Iuu] C:\WINDOWS\Lkp.exe
O4 - HKLM\..\Run: [Cre] C:\WINDOWS\System32\Adk.exe
O4 - HKLM\..\Run: [Oqe] C:\WINDOWS\System32\Qut.exe
O4 - HKLM\..\Run: [Nci] C:\WINDOWS\Ejj.exe
O4 - HKLM\..\Run: [Fmn] C:\WINDOWS\Hnu.exe
O4 - HKLM\..\Run: [Pni] C:\WINDOWS\Uve.exe
O4 - HKLM\..\Run: [Qak] C:\WINDOWS\System32\Joo.exe
O4 - HKLM\..\Run: [Gpk] C:\WINDOWS\Fpn.exe
O4 - HKLM\..\Run: [Ntr] C:\WINDOWS\Fpc.exe
O4 - HKLM\..\Run: [Fjv] C:\WINDOWS\System32\Nbn.exe
O4 - HKLM\..\Run: [Fce] C:\WINDOWS\Hph.exe
O4 - HKLM\..\Run: [Gjs] C:\WINDOWS\System32\Jld.exe
O4 - HKLM\..\Run: [Rfb] C:\WINDOWS\System32\Vhh.exe
O4 - HKLM\..\Run: [Ihq] C:\WINDOWS\Uvh.exe
O4 - HKLM\..\Run: [Tvk] C:\WINDOWS\Llv.exe
O4 - HKLM\..\Run: [Afe] C:\WINDOWS\System32\Api.exe
O4 - HKLM\..\Run: [Pkd] C:\WINDOWS\Hor.exe
O4 - HKLM\..\Run: [Gvc] C:\WINDOWS\Lnc.exe
O4 - HKLM\..\Run: [Uub] C:\WINDOWS\Ark.exe
O4 - HKLM\..\Run: [Ugp] C:\WINDOWS\Mbo.exe
O4 - HKLM\..\Run: [Rbb] C:\WINDOWS\Eug.exe
O4 - HKLM\..\Run: [Udk] C:\WINDOWS\Opa.exe
O4 - HKLM\..\Run: [Htk] C:\WINDOWS\System32\Atd.exe
O4 - HKLM\..\Run: [Gsd] C:\WINDOWS\Scd.exe
O4 - HKLM\..\Run: [Bdm] C:\WINDOWS\System32\Lev.exe
O4 - HKLM\..\Run: [Utp] C:\WINDOWS\System32\Ikf.exe
O4 - HKLM\..\Run: [Qqf] C:\WINDOWS\Oun.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\Rhp.exe
O4 - HKLM\..\Run: [Jji] C:\WINDOWS\Cjc.exe
O4 - HKLM\..\Run: [Aki] C:\WINDOWS\System32\Sbg.exe
O4 - HKLM\..\Run: [Jcl] C:\WINDOWS\System32\Ihv.exe
O4 - HKLM\..\Run: [Mcc] C:\WINDOWS\Vmq.exe
O4 - HKLM\..\Run: [Kui] C:\WINDOWS\Bjh.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\Kqc.exe
O4 - HKLM\..\Run: [Fgv] C:\WINDOWS\System32\Usr.exe
O4 - HKLM\..\Run: [Stv] C:\WINDOWS\System32\Egl.exe
O4 - HKLM\..\Run: [Sth] C:\WINDOWS\System32\Pro.exe
O4 - HKLM\..\Run: [Pei] C:\WINDOWS\Bqp.exe
O4 - HKLM\..\Run: [Men] C:\WINDOWS\System32\Mfs.exe
O4 - HKLM\..\Run: [Qmb] C:\WINDOWS\System32\Prs.exe
O4 - HKLM\..\Run: [Jlq] C:\WINDOWS\Kpp.exe
O4 - HKLM\..\Run: [Avp] C:\WINDOWS\Nlp.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\Dqo.exe
O4 - HKLM\..\Run: [Iar] C:\WINDOWS\System32\Chb.exe
O4 - HKLM\..\Run: [Igo] C:\WINDOWS\System32\Ctt.exe
O4 - HKLM\..\Run: [Aak] C:\WINDOWS\Efv.exe
O4 - HKLM\..\Run: [Son] C:\WINDOWS\Ghd.exe
O4 - HKLM\..\Run: [Dep] C:\WINDOWS\Vpi.exe
O4 - HKLM\..\Run: [Lto] C:\WINDOWS\Naj.exe
O4 - HKLM\..\Run: [Svh] C:\WINDOWS\Nht.exe
O4 - HKLM\..\Run: [Hou] C:\WINDOWS\Bcn.exe
O4 - HKLM\..\Run: [Isj] C:\WINDOWS\Upu.exe
O4 - HKLM\..\Run: [Bsn] C:\WINDOWS\Imj.exe
O4 - HKLM\..\Run: [Qcc] C:\WINDOWS\Hvn.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\Hct.exe
O4 - HKLM\..\Run: [Ttn] C:\WINDOWS\Bpv.exe
O4 - HKLM\..\Run: [Gah] C:\WINDOWS\Qvt.exe
O4 - HKLM\..\Run: [Pjv] C:\WINDOWS\Ebg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINDOWS\Bhb.exe
O4 - HKLM\..\Run: [Evd] C:\WINDOWS\Fik.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\Gha.exe
O4 - HKLM\..\Run: [Qol] C:\WINDOWS\Jid.exe
O4 - HKLM\..\Run: [Fag] C:\WINDOWS\System32\Sme.exe
O4 - HKLM\..\Run: [Peo] C:\WINDOWS\Bms.exe
O4 - HKLM\..\Run: [Lhd] C:\WINDOWS\System32\Ktc.exe
O4 - HKLM\..\Run: [Mjr] C:\WINDOWS\Dch.exe
O4 - HKLM\..\Run: [Knl] C:\WINDOWS\System32\Qlg.exe
O4 - HKLM\..\Run: [Emp] C:\WINDOWS\System32\Ord.exe
O4 - HKLM\..\Run: [Aru] C:\WINDOWS\Hpk.exe
O4 - HKLM\..\Run: [Jcn] C:\WINDOWS\System32\Iqg.exe
O4 - HKLM\..\Run: [Rlf] C:\WINDOWS\System32\Knn.exe
O4 - HKLM\..\Run: [Kjv] C:\WINDOWS\Mqq.exe
O4 - HKLM\..\Run: [Vda] C:\WINDOWS\Gqi.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\System32\Vjl.exe
O4 - HKLM\..\Run: [Eob] C:\WINDOWS\System32\Tms.exe
O4 - HKLM\..\Run: [Eav] C:\WINDOWS\System32\Nnr.exe
O4 - HKLM\..\Run: [Vil] C:\WINDOWS\Npt.exe
O4 - HKLM\..\Run: [Fvi] C:\WINDOWS\Tik.exe
O4 - HKLM\..\Run: [Ifl] C:\WINDOWS\Kln.exe
O4 - HKLM\..\Run: [Old] C:\WINDOWS\Lol.exe
O4 - HKLM\..\Run: [Jao] C:\WINDOWS\System32\Ehi.exe
O4 - HKLM\..\Run: [Mte] C:\WINDOWS\Rtl.exe
O4 - HKLM\..\Run: [Qrm] C:\WINDOWS\System32\Lrk.exe
O4 - HKLM\..\Run: [Dfi] C:\WINDOWS\Usa.exe
O4 - HKLM\..\Run: [Tih] C:\WINDOWS\Nio.exe
O4 - HKLM\..\Run: [Ssc] C:\WINDOWS\Idp.exe
O4 - HKLM\..\Run: [Uqt] C:\WINDOWS\Ton.exe
O4 - HKLM\..\Run: [Bjd] C:\WINDOWS\System32\Qch.exe
O4 - HKLM\..\Run: [Uhb] C:\WINDOWS\System32\Ktt.exe
O4 - HKLM\..\Run: [Eti] C:\WINDOWS\System32\Qae.exe
O4 - HKLM\..\Run: [Gpb] C:\WINDOWS\System32\Vsq.exe
O4 - HKLM\..\Run: [Olf] C:\WINDOWS\Bfc.exe
O4 - HKLM\..\Run: [Ecp] C:\WINDOWS\Giu.exe
O4 - HKLM\..\Run: [Ere] C:\WINDOWS\System32\Fua.exe
O4 - HKLM\..\Run: [Jhb] C:\WINDOWS\System32\Bro.exe
O4 - HKLM\..\Run: [Sqv] C:\WINDOWS\System32\Pts.exe
O4 - HKLM\..\Run: [Aso] C:\WINDOWS\Gdd.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Kvc.exe
O4 - HKLM\..\Run: [Odf] C:\WINDOWS\Mki.exe
O4 - HKLM\..\Run: [Kaj] C:\WINDOWS\Ivn.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Mhd] C:\WINDOWS\System32\Lnb.exe
O4 - HKCU\..\Run: [Inp] C:\WINDOWS\Fmj.exe
O4 - HKCU\..\Run: [Ivk] C:\WINDOWS\System32\Ndb.exe
O4 - HKCU\..\Run: [Ksu] C:\WINDOWS\System32\Vde.exe
O4 - HKCU\..\Run: [Eha] C:\WINDOWS\Lcv.exe
O4 - HKCU\..\Run: [Rhj] C:\WINDOWS\System32\Jlf.exe
O4 - HKCU\..\Run: [Iha] C:\WINDOWS\System32\Ajv.exe
O4 - HKCU\..\Run: [Klq] C:\WINDOWS\System32\Ptf.exe
O4 - HKCU\..\Run: [Lot] C:\WINDOWS\System32\Mjo.exe
O4 - HKCU\..\Run: [Scm] C:\WINDOWS\System32\Dkm.exe
O4 - HKCU\..\Run: [Esk] C:\WINDOWS\System32\Niu.exe
O4 - HKCU\..\Run: [Bcc] C:\WINDOWS\Jcd.exe
O4 - HKCU\..\Run: [Tmj] C:\WINDOWS\Mlq.exe
O4 - HKCU\..\Run: [Mva] C:\WINDOWS\System32\Crb.exe
O4 - HKCU\..\Run: [Iea] C:\WINDOWS\Stk.exe
O4 - HKCU\..\Run: [Tpe] C:\WINDOWS\System32\Umd.exe
O4 - HKCU\..\Run: [Jdp] C:\WINDOWS\Gbb.exe
O4 - HKCU\..\Run: [Fhn] C:\WINDOWS\Atd.exe
O4 - HKCU\..\Run: [Omc] C:\WINDOWS\Hlu.exe
O4 - HKCU\..\Run: [Ohq] C:\WINDOWS\System32\Afp.exe
O4 - HKCU\..\Run: [Tos] C:\WINDOWS\Bcv.exe
O4 - HKCU\..\Run: [Nfe] C:\WINDOWS\System32\Uuj.exe
O4 - HKCU\..\Run: [Vgv] C:\WINDOWS\Lpq.exe
O4 - HKCU\..\Run: [Ihk] C:\WINDOWS\System32\Lve.exe
O4 - HKCU\..\Run: [Pva] C:\WINDOWS\Mvp.exe
O4 - HKCU\..\Run: [Jpo] C:\WINDOWS\Ljv.exe
O4 - HKCU\..\Run: [Eqo] C:\WINDOWS\System32\Gbp.exe
O4 - HKCU\..\Run: [Iid] C:\WINDOWS\Pue.exe
O4 - HKCU\..\Run: [Tnb] C:\WINDOWS\Evb.exe
O4 - HKCU\..\Run: [Ujc] C:\WINDOWS\Chc.exe
O4 - HKCU\..\Run: [Hig] C:\WINDOWS\System32\Hgm.exe
O4 - HKCU\..\Run: [Obt] C:\WINDOWS\Aas.exe
O4 - HKCU\..\Run: [Nnh] C:\WINDOWS\Fhp.exe
O4 - HKCU\..\Run: [Hvl] C:\WINDOWS\System32\Kef.exe
O4 - HKCU\..\Run: [Vmp] C:\WINDOWS\Fve.exe
O4 - HKCU\..\Run: [Chs] C:\WINDOWS\Pjf.exe
O4 - HKCU\..\Run: [Blg] C:\WINDOWS\System32\Vae.exe
O4 - HKCU\..\Run: [Jom] C:\WINDOWS\System32\Tov.exe
O4 - HKCU\..\Run: [Ehp] C:\WINDOWS\System32\Fnf.exe
O4 - HKCU\..\Run: [Sit] C:\WINDOWS\System32\Gjr.exe
O4 - HKCU\..\Run: [Flc] C:\WINDOWS\System32\Lre.exe
O4 - HKCU\..\Run: [Mej] C:\WINDOWS\System32\Ftg.exe
O4 - HKCU\..\Run: [Hns] C:\WINDOWS\System32\Mta.exe
O4 - HKCU\..\Run: [Oaf] C:\WINDOWS\Rfj.exe
O4 - HKCU\..\Run: [Jag] C:\WINDOWS\Ldj.exe
O4 - HKCU\..\Run: [Jhb] C:\WINDOWS\System32\Bro.exe
O4 - HKCU\..\Run: [Aso] C:\WINDOWS\Gdd.exe
O4 - HKCU\..\Run: [Odf] C:\WINDOWS\Mki.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2005\\Parser.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O21 - SSODL: MSMserv - {06FAF956-6F4E-4861-92AD-6B990F0E9205} - C:\WINDOWS\System32\nvapopen.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #3 on: October 20, 2005, 11:37:07 PM »
I would of really liked to have seen the original logs I asked for
Another scan of any, doesn't help as much right now  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Can you do the following please

==Download and UNZIP to desktop or a folder
HSFIX.zip
HSFix directory will be created
We'll need this later

==Download and Unzip   The Hoster  to a folder
We'll need this later

==Navigate to the HSFix directory>>Open the folder, ensure you unzipped this
 and double-click on HSFix.bat., a window will open and close, this is normal

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/1076/search.php?qq=

O4 - HKLM\..\Run: [Qbf] C:\WINDOWS\System32\Oek.exe
O4 - HKLM\..\Run: [Bln] C:\WINDOWS\Tnf.exe
O4 - HKLM\..\Run: [Ijs] C:\WINDOWS\System32\Rto.exe
O4 - HKLM\..\Run: [Hds] C:\WINDOWS\System32\Som.exe
O4 - HKLM\..\Run: [Eun] C:\WINDOWS\System32\Utb.exe
O4 - HKLM\..\Run: [Mrd] C:\WINDOWS\Vor.exe
O4 - HKLM\..\Run: [Jvt] C:\WINDOWS\System32\Lot.exe
O4 - HKLM\..\Run: [Mhd] C:\WINDOWS\System32\Lnb.exe
O4 - HKLM\..\Run: [Inp] C:\WINDOWS\Fmj.exe
O4 - HKLM\..\Run: [Ivk] C:\WINDOWS\System32\Ndb.exe
O4 - HKLM\..\Run: [Ksu] C:\WINDOWS\System32\Vde.exe
O4 - HKLM\..\Run: [Eha] C:\WINDOWS\Lcv.exe
O4 - HKLM\..\Run: [Rhj] C:\WINDOWS\System32\Jlf.exe
O4 - HKLM\..\Run: [Iha] C:\WINDOWS\System32\Ajv.exe
O4 - HKLM\..\Run: [Klq] C:\WINDOWS\System32\Ptf.exe
O4 - HKLM\..\Run: [Lot] C:\WINDOWS\System32\Mjo.exe
O4 - HKLM\..\Run: [Scm] C:\WINDOWS\System32\Dkm.exe
O4 - HKLM\..\Run: [Esk] C:\WINDOWS\System32\Niu.exe
O4 - HKLM\..\Run: [Bcc] C:\WINDOWS\Jcd.exe
O4 - HKLM\..\Run: [Tmj] C:\WINDOWS\Mlq.exe
O4 - HKLM\..\Run: [Mva] C:\WINDOWS\System32\Crb.exe
O4 - HKLM\..\Run: [Iea] C:\WINDOWS\Stk.exe
O4 - HKLM\..\Run: [Tpe] C:\WINDOWS\System32\Umd.exe
O4 - HKLM\..\Run: [Jdp] C:\WINDOWS\Gbb.exe
O4 - HKLM\..\Run: [Fhn] C:\WINDOWS\Atd.exe
O4 - HKLM\..\Run: [Omc] C:\WINDOWS\Hlu.exe
O4 - HKLM\..\Run: [Ohq] C:\WINDOWS\System32\Afp.exe
O4 - HKLM\..\Run: [Tos] C:\WINDOWS\Bcv.exe
O4 - HKLM\..\Run: [Nfe] C:\WINDOWS\System32\Uuj.exe
O4 - HKLM\..\Run: [Vgv] C:\WINDOWS\Lpq.exe
O4 - HKLM\..\Run: [Ihk] C:\WINDOWS\System32\Lve.exe
O4 - HKLM\..\Run: [Pva] C:\WINDOWS\Mvp.exe
O4 - HKLM\..\Run: [Jpo] C:\WINDOWS\Ljv.exe
O4 - HKLM\..\Run: [Eqo] C:\WINDOWS\System32\Gbp.exe
O4 - HKLM\..\Run: [Iid] C:\WINDOWS\Pue.exe
O4 - HKLM\..\Run: [Tnb] C:\WINDOWS\Evb.exe
O4 - HKLM\..\Run: [Ver] C:\WINDOWS\System32\Ndc.exe
O4 - HKLM\..\Run: [Dct] C:\WINDOWS\System32\Sds.exe
O4 - HKLM\..\Run: [Kqi] C:\WINDOWS\Kss.exe
O4 - HKLM\..\Run: [Opj] C:\WINDOWS\System32\Ibr.exe
O4 - HKLM\..\Run: [Hht] C:\WINDOWS\System32\Mki.exe
O4 - HKLM\..\Run: [Gst] C:\WINDOWS\System32\Rhf.exe
O4 - HKLM\..\Run: [Nbp] C:\WINDOWS\System32\Vre.exe
O4 - HKLM\..\Run: [Ujc] C:\WINDOWS\Chc.exe
O4 - HKLM\..\Run: [Pju] C:\WINDOWS\Fsk.exe
O4 - HKLM\..\Run: [Hig] C:\WINDOWS\System32\Hgm.exe
O4 - HKLM\..\Run: [Vim] C:\WINDOWS\System32\Ufn.exe
O4 - HKLM\..\Run: [Obt] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Qfo] C:\WINDOWS\Bjd.exe
O4 - HKLM\..\Run: [Nnh] C:\WINDOWS\Fhp.exe
O4 - HKLM\..\Run: [Qmt] C:\WINDOWS\System32\Hgf.exe
O4 - HKLM\..\Run: [Hvl] C:\WINDOWS\System32\Kef.exe
O4 - HKLM\..\Run: [Fsn] C:\WINDOWS\Fic.exe
O4 - HKLM\..\Run: [Kpd] C:\WINDOWS\Evn.exe
O4 - HKLM\..\Run: [Ocr] C:\WINDOWS\System32\Por.exe
O4 - HKLM\..\Run: [Hdv] C:\WINDOWS\Rrf.exe
O4 - HKLM\..\Run: [Erk] C:\WINDOWS\System32\Jsb.exe
O4 - HKLM\..\Run: [Cng] C:\WINDOWS\Ffj.exe
O4 - HKLM\..\Run: [Fcb] C:\WINDOWS\Kpq.exe
O4 - HKLM\..\Run: [Frf] C:\WINDOWS\System32\Rpe.exe
O4 - HKLM\..\Run: [Bvr] C:\WINDOWS\Fun.exe
O4 - HKLM\..\Run: [Pma] C:\WINDOWS\System32\Gdt.exe
O4 - HKLM\..\Run: [Etr] C:\WINDOWS\Mep.exe
O4 - HKLM\..\Run: [Rjp] C:\WINDOWS\Igd.exe
O4 - HKLM\..\Run: [Boj] C:\WINDOWS\System32\Pnu.exe
O4 - HKLM\..\Run: [Obl] C:\WINDOWS\System32\Nli.exe
O4 - HKLM\..\Run: [Nem] C:\WINDOWS\System32\Pdh.exe
O4 - HKLM\..\Run: [Nnj] C:\WINDOWS\Nog.exe
O4 - HKLM\..\Run: [Lar] C:\WINDOWS\System32\Vvk.exe
O4 - HKLM\..\Run: [Npm] C:\WINDOWS\Mst.exe
O4 - HKLM\..\Run: [Tmq] C:\WINDOWS\System32\Uam.exe
O4 - HKLM\..\Run: [Kct] C:\WINDOWS\Hkk.exe
O4 - HKLM\..\Run: [Gml] C:\WINDOWS\Vea.exe
O4 - HKLM\..\Run: [Hfu] C:\WINDOWS\System32\Cft.exe
O4 - HKLM\..\Run: [Fef] C:\WINDOWS\Nff.exe
O4 - HKLM\..\Run: [Dao] C:\WINDOWS\System32\Sld.exe
O4 - HKLM\..\Run: [Csc] C:\WINDOWS\System32\Jtc.exe
O4 - HKLM\..\Run: [Hpn] C:\WINDOWS\Ehf.exe
O4 - HKLM\..\Run: [Tnc] C:\WINDOWS\System32\Rnl.exe
O4 - HKLM\..\Run: [Tkd] C:\WINDOWS\System32\Tfq.exe
O4 - HKLM\..\Run: [Cuf] C:\WINDOWS\Ijl.exe
O4 - HKLM\..\Run: [Ebk] C:\WINDOWS\System32\Vqr.exe
O4 - HKLM\..\Run: [Vep] C:\WINDOWS\System32\Rih.exe
O4 - HKLM\..\Run: [Odr] C:\WINDOWS\System32\Fti.exe
O4 - HKLM\..\Run: [Vsr] C:\WINDOWS\Ptp.exe
O4 - HKLM\..\Run: [Ker] C:\WINDOWS\System32\Olh.exe
O4 - HKLM\..\Run: [Oaa] C:\WINDOWS\System32\Ukl.exe
O4 - HKLM\..\Run: [Tod] C:\WINDOWS\Buc.exe
O4 - HKLM\..\Run: [Eed] C:\WINDOWS\System32\Lpi.exe
O4 - HKLM\..\Run: [Oae] C:\WINDOWS\System32\Geq.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Fem.exe
O4 - HKLM\..\Run: [Vmp] C:\WINDOWS\Fve.exe
O4 - HKLM\..\Run: [Hba] C:\WINDOWS\Tpm.exe
O4 - HKLM\..\Run: [Chs] C:\WINDOWS\Pjf.exe
O4 - HKLM\..\Run: [Tup] C:\WINDOWS\Hcu.exe
O4 - HKLM\..\Run: [Blg] C:\WINDOWS\System32\Vae.exe
O4 - HKLM\..\Run: [Ljh] C:\WINDOWS\Bun.exe
O4 - HKLM\..\Run: [Jom] C:\WINDOWS\System32\Tov.exe
O4 - HKLM\..\Run: [Mlm] C:\WINDOWS\System32\Fdt.exe
O4 - HKLM\..\Run: [Ehp] C:\WINDOWS\System32\Fnf.exe
O4 - HKLM\..\Run: [Jsr] C:\WINDOWS\System32\Uem.exe
O4 - HKLM\..\Run: [Sit] C:\WINDOWS\System32\Gjr.exe
O4 - HKLM\..\Run: [Erm] C:\WINDOWS\Min.exe
O4 - HKLM\..\Run: [Flc] C:\WINDOWS\System32\Lre.exe
O4 - HKLM\..\Run: [Rar] C:\WINDOWS\System32\Vba.exe
O4 - HKLM\..\Run: [Mej] C:\WINDOWS\System32\Ftg.exe
O4 - HKLM\..\Run: [Vkl] C:\WINDOWS\Jfo.exe
O4 - HKLM\..\Run: [Hns] C:\WINDOWS\System32\Mta.exe
O4 - HKLM\..\Run: [Ukv] C:\WINDOWS\System32\Gqr.exe
O4 - HKLM\..\Run: [Oaf] C:\WINDOWS\Rfj.exe
O4 - HKLM\..\Run: [Ace] C:\WINDOWS\Jjn.exe
O4 - HKLM\..\Run: [Jag] C:\WINDOWS\Ldj.exe
O4 - HKLM\..\Run: [Llq] C:\WINDOWS\Nat.exe
O4 - HKLM\..\Run: [Qce] C:\WINDOWS\Uoj.exe
O4 - HKLM\..\Run: [Pmg] C:\WINDOWS\Erc.exe
O4 - HKLM\..\Run: [Jog] C:\WINDOWS\Dvd.exe
O4 - HKLM\..\Run: [Pba] C:\WINDOWS\System32\Iol.exe
O4 - HKLM\..\Run: [Vau] C:\WINDOWS\System32\Mpf.exe
O4 - HKLM\..\Run: [Gub] C:\WINDOWS\Rtf.exe
O4 - HKLM\..\Run: [Sjt] C:\WINDOWS\System32\Luc.exe
O4 - HKLM\..\Run: [Mel] C:\WINDOWS\Tch.exe
O4 - HKLM\..\Run: [Nal] C:\WINDOWS\System32\Ipc.exe
O4 - HKLM\..\Run: [Nok] C:\WINDOWS\Ial.exe
O4 - HKLM\..\Run: [Pto] C:\WINDOWS\Dda.exe
O4 - HKLM\..\Run: [Tko] C:\WINDOWS\Bfi.exe
O4 - HKLM\..\Run: [Ugl] C:\WINDOWS\System32\Vbg.exe
O4 - HKLM\..\Run: [Brm] C:\WINDOWS\System32\Oaq.exe
O4 - HKLM\..\Run: [Fio] C:\WINDOWS\Agb.exe
O4 - HKLM\..\Run: [Ohe] C:\WINDOWS\Rvu.exe
O4 - HKLM\..\Run: [Gut] C:\WINDOWS\Qbj.exe
O4 - HKLM\..\Run: [Iuu] C:\WINDOWS\Lkp.exe
O4 - HKLM\..\Run: [Cre] C:\WINDOWS\System32\Adk.exe
O4 - HKLM\..\Run: [Oqe] C:\WINDOWS\System32\Qut.exe
O4 - HKLM\..\Run: [Nci] C:\WINDOWS\Ejj.exe
O4 - HKLM\..\Run: [Fmn] C:\WINDOWS\Hnu.exe
O4 - HKLM\..\Run: [Pni] C:\WINDOWS\Uve.exe
O4 - HKLM\..\Run: [Qak] C:\WINDOWS\System32\Joo.exe
O4 - HKLM\..\Run: [Gpk] C:\WINDOWS\Fpn.exe
O4 - HKLM\..\Run: [Ntr] C:\WINDOWS\Fpc.exe
O4 - HKLM\..\Run: [Fjv] C:\WINDOWS\System32\Nbn.exe
O4 - HKLM\..\Run: [Fce] C:\WINDOWS\Hph.exe
O4 - HKLM\..\Run: [Gjs] C:\WINDOWS\System32\Jld.exe
O4 - HKLM\..\Run: [Rfb] C:\WINDOWS\System32\Vhh.exe
O4 - HKLM\..\Run: [Ihq] C:\WINDOWS\Uvh.exe
O4 - HKLM\..\Run: [Tvk] C:\WINDOWS\Llv.exe
O4 - HKLM\..\Run: [Afe] C:\WINDOWS\System32\Api.exe
O4 - HKLM\..\Run: [Pkd] C:\WINDOWS\Hor.exe
O4 - HKLM\..\Run: [Gvc] C:\WINDOWS\Lnc.exe
O4 - HKLM\..\Run: [Uub] C:\WINDOWS\Ark.exe
O4 - HKLM\..\Run: [Ugp] C:\WINDOWS\Mbo.exe
O4 - HKLM\..\Run: [Rbb] C:\WINDOWS\Eug.exe
O4 - HKLM\..\Run: [Udk] C:\WINDOWS\Opa.exe
O4 - HKLM\..\Run: [Htk] C:\WINDOWS\System32\Atd.exe
O4 - HKLM\..\Run: [Gsd] C:\WINDOWS\Scd.exe
O4 - HKLM\..\Run: [Bdm] C:\WINDOWS\System32\Lev.exe
O4 - HKLM\..\Run: [Utp] C:\WINDOWS\System32\Ikf.exe
O4 - HKLM\..\Run: [Qqf] C:\WINDOWS\Oun.exe
O4 - HKLM\..\Run: [Nuf] C:\WINDOWS\Rhp.exe
O4 - HKLM\..\Run: [Jji] C:\WINDOWS\Cjc.exe
O4 - HKLM\..\Run: [Aki] C:\WINDOWS\System32\Sbg.exe
O4 - HKLM\..\Run: [Jcl] C:\WINDOWS\System32\Ihv.exe
O4 - HKLM\..\Run: [Mcc] C:\WINDOWS\Vmq.exe
O4 - HKLM\..\Run: [Kui] C:\WINDOWS\Bjh.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\Kqc.exe
O4 - HKLM\..\Run: [Fgv] C:\WINDOWS\System32\Usr.exe
O4 - HKLM\..\Run: [Stv] C:\WINDOWS\System32\Egl.exe
O4 - HKLM\..\Run: [Sth] C:\WINDOWS\System32\Pro.exe
O4 - HKLM\..\Run: [Pei] C:\WINDOWS\Bqp.exe
O4 - HKLM\..\Run: [Men] C:\WINDOWS\System32\Mfs.exe
O4 - HKLM\..\Run: [Qmb] C:\WINDOWS\System32\Prs.exe
O4 - HKLM\..\Run: [Jlq] C:\WINDOWS\Kpp.exe
O4 - HKLM\..\Run: [Avp] C:\WINDOWS\Nlp.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\Dqo.exe
O4 - HKLM\..\Run: [Iar] C:\WINDOWS\System32\Chb.exe
O4 - HKLM\..\Run: [Igo] C:\WINDOWS\System32\Ctt.exe
O4 - HKLM\..\Run: [Aak] C:\WINDOWS\Efv.exe
O4 - HKLM\..\Run: [Son] C:\WINDOWS\Ghd.exe
O4 - HKLM\..\Run: [Dep] C:\WINDOWS\Vpi.exe
O4 - HKLM\..\Run: [Lto] C:\WINDOWS\Naj.exe
O4 - HKLM\..\Run: [Svh] C:\WINDOWS\Nht.exe
O4 - HKLM\..\Run: [Hou] C:\WINDOWS\Bcn.exe
O4 - HKLM\..\Run: [Isj] C:\WINDOWS\Upu.exe
O4 - HKLM\..\Run: [Bsn] C:\WINDOWS\Imj.exe
O4 - HKLM\..\Run: [Qcc] C:\WINDOWS\Hvn.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\Hct.exe
O4 - HKLM\..\Run: [Ttn] C:\WINDOWS\Bpv.exe
O4 - HKLM\..\Run: [Gah] C:\WINDOWS\Qvt.exe
O4 - HKLM\..\Run: [Pjv] C:\WINDOWS\Ebg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINDOWS\Bhb.exe
O4 - HKLM\..\Run: [Evd] C:\WINDOWS\Fik.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\Gha.exe
O4 - HKLM\..\Run: [Qol] C:\WINDOWS\Jid.exe
O4 - HKLM\..\Run: [Fag] C:\WINDOWS\System32\Sme.exe
O4 - HKLM\..\Run: [Peo] C:\WINDOWS\Bms.exe
O4 - HKLM\..\Run: [Lhd] C:\WINDOWS\System32\Ktc.exe
O4 - HKLM\..\Run: [Mjr] C:\WINDOWS\Dch.exe
O4 - HKLM\..\Run: [Knl] C:\WINDOWS\System32\Qlg.exe
O4 - HKLM\..\Run: [Emp] C:\WINDOWS\System32\Ord.exe
O4 - HKLM\..\Run: [Aru] C:\WINDOWS\Hpk.exe
O4 - HKLM\..\Run: [Jcn] C:\WINDOWS\System32\Iqg.exe
O4 - HKLM\..\Run: [Rlf] C:\WINDOWS\System32\Knn.exe
O4 - HKLM\..\Run: [Kjv] C:\WINDOWS\Mqq.exe
O4 - HKLM\..\Run: [Vda] C:\WINDOWS\Gqi.exe
O4 - HKLM\..\Run: [Tfk] C:\WINDOWS\System32\Vjl.exe
O4 - HKLM\..\Run: [Eob] C:\WINDOWS\System32\Tms.exe
O4 - HKLM\..\Run: [Eav] C:\WINDOWS\System32\Nnr.exe
O4 - HKLM\..\Run: [Vil] C:\WINDOWS\Npt.exe
O4 - HKLM\..\Run: [Fvi] C:\WINDOWS\Tik.exe
O4 - HKLM\..\Run: [Ifl] C:\WINDOWS\Kln.exe
O4 - HKLM\..\Run: [Old] C:\WINDOWS\Lol.exe
O4 - HKLM\..\Run: [Jao] C:\WINDOWS\System32\Ehi.exe
O4 - HKLM\..\Run: [Mte] C:\WINDOWS\Rtl.exe
O4 - HKLM\..\Run: [Qrm] C:\WINDOWS\System32\Lrk.exe
O4 - HKLM\..\Run: [Dfi] C:\WINDOWS\Usa.exe
O4 - HKLM\..\Run: [Tih] C:\WINDOWS\Nio.exe
O4 - HKLM\..\Run: [Ssc] C:\WINDOWS\Idp.exe
O4 - HKLM\..\Run: [Uqt] C:\WINDOWS\Ton.exe
O4 - HKLM\..\Run: [Bjd] C:\WINDOWS\System32\Qch.exe
O4 - HKLM\..\Run: [Uhb] C:\WINDOWS\System32\Ktt.exe
O4 - HKLM\..\Run: [Eti] C:\WINDOWS\System32\Qae.exe
O4 - HKLM\..\Run: [Gpb] C:\WINDOWS\System32\Vsq.exe
O4 - HKLM\..\Run: [Olf] C:\WINDOWS\Bfc.exe
O4 - HKLM\..\Run: [Ecp] C:\WINDOWS\Giu.exe
O4 - HKLM\..\Run: [Ere] C:\WINDOWS\System32\Fua.exe
O4 - HKLM\..\Run: [Jhb] C:\WINDOWS\System32\Bro.exe
O4 - HKLM\..\Run: [Sqv] C:\WINDOWS\System32\Pts.exe
O4 - HKLM\..\Run: [Aso] C:\WINDOWS\Gdd.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Kvc.exe
O4 - HKLM\..\Run: [Odf] C:\WINDOWS\Mki.exe
O4 - HKLM\..\Run: [Kaj] C:\WINDOWS\Ivn.exe

O4 - HKCU\..\Run: [Mhd] C:\WINDOWS\System32\Lnb.exe
O4 - HKCU\..\Run: [Inp] C:\WINDOWS\Fmj.exe
O4 - HKCU\..\Run: [Ivk] C:\WINDOWS\System32\Ndb.exe
O4 - HKCU\..\Run: [Ksu] C:\WINDOWS\System32\Vde.exe
O4 - HKCU\..\Run: [Eha] C:\WINDOWS\Lcv.exe
O4 - HKCU\..\Run: [Rhj] C:\WINDOWS\System32\Jlf.exe
O4 - HKCU\..\Run: [Iha] C:\WINDOWS\System32\Ajv.exe
O4 - HKCU\..\Run: [Klq] C:\WINDOWS\System32\Ptf.exe
O4 - HKCU\..\Run: [Lot] C:\WINDOWS\System32\Mjo.exe
O4 - HKCU\..\Run: [Scm] C:\WINDOWS\System32\Dkm.exe
O4 - HKCU\..\Run: [Esk] C:\WINDOWS\System32\Niu.exe
O4 - HKCU\..\Run: [Bcc] C:\WINDOWS\Jcd.exe
O4 - HKCU\..\Run: [Tmj] C:\WINDOWS\Mlq.exe
O4 - HKCU\..\Run: [Mva] C:\WINDOWS\System32\Crb.exe
O4 - HKCU\..\Run: [Iea] C:\WINDOWS\Stk.exe
O4 - HKCU\..\Run: [Tpe] C:\WINDOWS\System32\Umd.exe
O4 - HKCU\..\Run: [Jdp] C:\WINDOWS\Gbb.exe
O4 - HKCU\..\Run: [Fhn] C:\WINDOWS\Atd.exe
O4 - HKCU\..\Run: [Omc] C:\WINDOWS\Hlu.exe
O4 - HKCU\..\Run: [Ohq] C:\WINDOWS\System32\Afp.exe
O4 - HKCU\..\Run: [Tos] C:\WINDOWS\Bcv.exe
O4 - HKCU\..\Run: [Nfe] C:\WINDOWS\System32\Uuj.exe
O4 - HKCU\..\Run: [Vgv] C:\WINDOWS\Lpq.exe
O4 - HKCU\..\Run: [Ihk] C:\WINDOWS\System32\Lve.exe
O4 - HKCU\..\Run: [Pva] C:\WINDOWS\Mvp.exe
O4 - HKCU\..\Run: [Jpo] C:\WINDOWS\Ljv.exe
O4 - HKCU\..\Run: [Eqo] C:\WINDOWS\System32\Gbp.exe
O4 - HKCU\..\Run: [Iid] C:\WINDOWS\Pue.exe
O4 - HKCU\..\Run: [Tnb] C:\WINDOWS\Evb.exe
O4 - HKCU\..\Run: [Ujc] C:\WINDOWS\Chc.exe
O4 - HKCU\..\Run: [Hig] C:\WINDOWS\System32\Hgm.exe
O4 - HKCU\..\Run: [Obt] C:\WINDOWS\Aas.exe
O4 - HKCU\..\Run: [Nnh] C:\WINDOWS\Fhp.exe
O4 - HKCU\..\Run: [Hvl] C:\WINDOWS\System32\Kef.exe
O4 - HKCU\..\Run: [Vmp] C:\WINDOWS\Fve.exe
O4 - HKCU\..\Run: [Chs] C:\WINDOWS\Pjf.exe
O4 - HKCU\..\Run: [Blg] C:\WINDOWS\System32\Vae.exe
O4 - HKCU\..\Run: [Jom] C:\WINDOWS\System32\Tov.exe
O4 - HKCU\..\Run: [Ehp] C:\WINDOWS\System32\Fnf.exe
O4 - HKCU\..\Run: [Sit] C:\WINDOWS\System32\Gjr.exe
O4 - HKCU\..\Run: [Flc] C:\WINDOWS\System32\Lre.exe
O4 - HKCU\..\Run: [Mej] C:\WINDOWS\System32\Ftg.exe
O4 - HKCU\..\Run: [Hns] C:\WINDOWS\System32\Mta.exe
O4 - HKCU\..\Run: [Oaf] C:\WINDOWS\Rfj.exe
O4 - HKCU\..\Run: [Jag] C:\WINDOWS\Ldj.exe
O4 - HKCU\..\Run: [Jhb] C:\WINDOWS\System32\Bro.exe
O4 - HKCU\..\Run: [Aso] C:\WINDOWS\Gdd.exe
O4 - HKCU\..\Run: [Odf] C:\WINDOWS\Mki.exe

O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O21 - SSODL: MSMserv - {06FAF956-6F4E-4861-92AD-6B990F0E9205} - C:\WINDOWS\System32\nvapopen.dll (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Back in Windows
==Open Hoster and
Press "Restore Original Hosts" and press "OK".
Then Exit

Run hijackthis again and post a fresh log

Also, do the following
I've uploaded a file below called Search.zip
Unzip it to desktop
Double click on Search.bat
A text file will open, copy and paste back the contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #4 on: October 23, 2005, 04:14:04 PM »
Hi Gustolo,

Thanks again for your continued support!

Here's my HijactThis log and Search.bat:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:25 PM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LeechGet 2005\LeechGet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2005\\Parser.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

SEARCH.BAT:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTHelper"="CTHELPER.EXE"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"Camera Detector"="C:\\PROGRA~1\\ACDSYS~1\\DEVDET~1\\DEVDET~1.EXE -autorun"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MCAgentExe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcupdate.exe"
"McAfee Guardian"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU"
"VirusScanMSC"="\"C:\\Program Files\\McAfee\\McAfee VirusScan\\VSStat.exe\" /EMBEDDING"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoHTMLWallPaper"=dword:00000000
"NoChangingWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoViewContextMenu"=dword:00000002
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"LoadedBefore"="1"
"ThemeActive"="1"
"LastUserLangID"="1033"
"DllName"=hex(2):25,00,00,00,53,00,00,00,79,00,00,00,73,00,00,00,74,00,00,00,\
  65,00,00,00,6d,00,00,00,52,00,00,00,6f,00,00,00,6f,00,00,00,74,00,00,00,25,\
  00,00,00,5c,00,00,00,72,00,00,00,65,00,00,00,73,00,00,00,6f,00,00,00,75,00,\
  00,00,72,00,00,00,63,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,54,00,00,\
  00,68,00,00,00,65,00,00,00,6d,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,\
  6c,00,00,00,75,00,00,00,6e,00,00,00,61,00,00,00,5c,00,00,00,6c,00,00,00,75,\
  00,00,00,6e,00,00,00,61,00,00,00,2e,00,00,00,6d,00,00,00,73,00,00,00,73,00,\
  00,00,74,00,00,00,79,00,00,00,6c,00,00,00,65,00,00,00,73,00,00,00,00,00,00,\
  00
"ColorName"="NormalColor"
"SizeName"="NormalSize"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
  00,00,01,00,00,00

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallpaper"=dword:00000000
"NoComponents"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoHTMLWallPaper"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoViewContextMenu"=dword:00000002

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000


There was plenty to check through HijackThis. Hopefully you can see the wood for the trees now!
Many thanks again.

Jarcy.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #5 on: October 23, 2005, 07:13:35 PM »
Remove your version of Smitrem.exe and the extracted folder

I'm going to upload you a couple files down below
Can you UNZIP both too desktop please
Smitrem.zip and fix.zip

So you now have a Smitfraud folder and fix.reg too desktop

Do another scan with hijackthis and fix checked these entries with all other windows closed
O9 - Extra button: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)

Reboot back to SAFE MODE
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DECLINE to Log off or Restart when scan is done.

==Open the SmitRem folder you just unzipped, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

==Double click on fix.reg and allow to merge to the registry

Reboot back to Normal mode

Back in Windows

Can you show me the following logs
A new hijackthis log and the log from Smitrem
C:\smitfiles.txt <-this log

Let me know if the right click issue is resolved or any other problems
« Last Edit: October 23, 2005, 07:15:24 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #6 on: October 24, 2005, 05:02:12 PM »
Guestolo,

Thanks again. Had a problem opening the 2 files:- Smitrem.zip and Fix.zip. Winzip failed to open these and stated "Does not appear to be a valid archive". Do I need to buy the full version of Winzip in order to open these files? I thought anyone should be able to open a downloaded zipped file.

Thanks, Jarcy.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #7 on: October 24, 2005, 09:46:00 PM »
Can you override Winzip and use the built in utility within XP
Right click on the file and left click OPEN WITH
Select Compressed (Zipped) folders
Select File in the menu bar and then Extract All
Click Next
Allow to extract to desktop
Uncheck show extracted files
We'll need this later in safe mode

Do the same thing for both files
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #8 on: October 26, 2005, 03:11:23 PM »
Gustolo,

OK, here goes with my progress:

Could open fix.zip using the windows XP tool, but not smitRem.zip, so unzipped at work, and copied to my machine by memory stick.

SmitRem ran, but the disk cleanup seemed to crash - just exited and didn't even complete the initial disc scan.
So restarted disk cleanup from System Tools. I left it running for 24 hours, but still seemed nowhere near finished, so cancelled the operation. (it seemed to have stopped doing anything, and hadn't moved for a good 12 hours). Initial scan reported 40odd gig of files to clean!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> If I restart now, still 27gig found.
Should I persevere to the end with disk cleanup? Is it ok to run it overnight repeatedly until it's worked it's way throught the files? i.e. keep starting and stopping it.

Good news is that Right Click on the desk top now works! Thanks!!

Problems that still exist are:

1. Doubled desktop icons (legacy of SmartSecurity)
2. Word crashes each time I try to start it. Unistalling Office, and reinstalling didn't solve this problem.
3. Excel crashes every time I try to open a file, although you can successfully start and work on a new file.
4. Notepad.exe seems to be missing. Notepad won't start.
5. McAfee Virus Scan crashes every time you try to enable it. Firewall appears to work fine though.

Here's Smitfile.txt


   smitRem log file
     version 2.7

     by noahdfear

The current date is: Tue 10/25/2005
The current time is: 23:08:10.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files

 ~~~ Program Files ~~~
 ~~~ Shortcuts ~~~
 ~~~ Favorites ~~~
 ~~~ system32 folder ~~~
 ~~~ Icons in System32 ~~~
 ~~~ Windows directory ~~~
 ~~~ Drive root ~~~
 ~~~ Miscellaneous Files/folders ~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Remaining Post-run Files

 ~~~ Program Files ~~~
 ~~~ Shortcuts ~~~
 ~~~ Favorites ~~~
 ~~~ system32 folder ~~~
 ~~~ Icons in System32 ~~~
 ~~~ Windows directory ~~~
 ~~~ Drive root ~~~
 ~~~ Miscellaneous Files/folders ~~~
 ~~~ Wininet.dll ~~~

 CLEAN! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

And HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:04:53 PM, on 10/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

Thanks again for your help.
Jarcy.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #9 on: October 26, 2005, 04:00:46 PM »
Let's first see if we can fix a couple problems

Download and Save Cleandesktop to your computer from this link: http://www.thespykiller.co.uk/files/cleandesktop.exe and double click on the cleandesktop.exe

It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script.

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to.

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Cannot find script file "blah blah blah" then don't worry just double click the cleandesktop.vbs script again as you sometimes get that message when a script blocker blocks the script.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up
Another vbs is included to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs.

Open C:\ (Go to Start – Run and type C: Press enter) and Open the c:\desktopclean folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

After the above is done
Sign back into your username
From below download notepad_xp.zip
UNZIP it too both of the following folders
C:\WINDOWS and C:\WINDOWS\System32
Let me know if notepad works properly afterwards

Can you also,
Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract

In Mwav
Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
Give this scan time to finish, it's very thorough
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane---  Use "CTRL and the  C" keys  on your Keyboard to copy all found in the lower pane  and paste it back here in your reply

****If prompted that a Virus was found and you need to purchase the product  to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are
« Last Edit: October 26, 2005, 04:02:25 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #10 on: October 27, 2005, 02:57:30 PM »
Guestolo,

Excellent, my desktop is restored and all of the old icons have return! No more doubling up of icons. Big thank you!

Also notepad now works.

These problems still exists: Any ideas?

2. Word crashes each time I try to start it. Unistalling Office, and reinstalling didn't solve this problem.
3. Excel crashes every time I try to open a file, although you can successfully start and work on a new file.
5. McAfee Virus Scan crashes every time you try to enable it. Firewall appears to work fine though.

Here's the result of the Mwav virus scan. - 15 viruses and 157 errors.

Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "slchost Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tsl Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Ulead Systems\MPEG\uvAC3Enc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3AN32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\Hdk3anim.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3CTNT.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCIRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MFC42.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Support\Readme (CZ).rtf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "%JavaDir%\QTJava.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\arcsoft.exe" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\arcsoft.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CDWizard.exe" refers to invalid object "c:\program files\pinnacle\studio 8\programs\CDWizard.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CLaunch.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CMGrdian.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\GS4.exe" refers to invalid object "C:\Program Files\ubi.com\GS4.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Ipe40.exe" refers to invalid object "C:\WINDOWS\Ipe40.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nvarem.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVRemote\nvarem.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NvSkins.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVDVD\NvSkins.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer.exe" refers to invalid object "C:\Program Files\Infogrames\Grand Prix 4\Racer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer95.exe" refers to invalid object "C:\Program Files\Microprose\Grand Prix 3\Racer95.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Schedwiz.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Toca2.exe" refers to invalid object "C:\Codemasters\Toca2\Toca2.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\USB Driver for Panasonic DVC (with Web Camera)" refers to invalid object "C:\WINDOWS\INF\USB Driver for Panasonic DVC (with Web Camera)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Temporary File Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".016". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".05". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".axe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".conf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dtl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MRK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nv!". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pvm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".UK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vca". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VM1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".x32". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Best Search Engine!!!". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood FX 4.6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA nForce Drivers". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Search Relevancy". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali Internet Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali_uk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "untopr1150". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows ControlAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows TaskAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{53EF6570-21A4-47ED-A40A-E6470A5677A3}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{02D892F7-E5D4-41E3-9988-B9155BF800FE}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{07B18EA2-A523-4961-B6BB-170DE4475CCA}" refers to invalid object "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487523-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487524-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{27A9F557-B690-4798-BF58-EF69433366E6}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39B7FAEB-68FE-4A52-A25F-5F896B088C7E}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B4B40F0-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{578D8287-FB03-466E-A404-DD772E6CBEAE}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F474F98-82D9-4694-9073-54FBCE4C9035}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FFC1326-E077-44E7-8935-7F09F3F19FE4}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9502B2C1-553A-46AF-8F26-FE29CED44720}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9FECC4D5-A7AC-4C85-B15A-4B933AC0CD5D}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A48985C9-9602-412D-88CD-7E3D2E111C40}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B2EA5AEB-5BA3-47C9-95F3-42D63F2326AC}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE6663AD-B0FD-4BFA-AD94-CFD678B927C3}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD0F275B-050F-4568-8578-A852AC432622}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2295278-994F-42A7-BC23-5722CECA2063}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A6FAF0-072E-44CF-8957-5838F569A31D}" refers to invalid object "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06337C1A-C69C-4371-A2F7-A41DBAEAED49}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{07293E71-EAE0-4FEA-9F92-5BD92325E790}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{18331E46-35A5-4CEE-846C-BA7DB913865B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1A39043E-45C8-4075-867E-6D0E090A5DFA}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\InlineMultimedia.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B487520-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\Program Files\Superscape\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2D81B49D-4646-4CB1-AE1B-3F3CF6429134}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3905C537-264D-4350-A328-CC2DD483A9A4}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4B4B40F2-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{65A6BB6D-78D0-4E0A-824D-2DE1E0D154AF}" refers to invalid object "C:\PROGRA~1\SEARCH~1\SearchRelevancy1.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{71C7B265-C6F6-459A-929F-1E3085A3CB4B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{758767F5-A4A5-4935-BCB5-517387C78DB8}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MARQUEELib.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{86018373-D939-4CDA-A130-A7C4C1600C0F}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\PPT8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{920ED957-862F-4CCE-B168-0BA8451F3E1C}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A5E16CA3-1C8F-4DB0-BE3F-67E8E9FD593D}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CB850722-F2D1-4236-BB9D-85BDC2D7B854}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DBD9915A-C650-4CFE-AF5E-670A05AEF680}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FA91240E-B719-42B7-BB70-5908A0A5E776}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ATLPlugin.ATL3DPage_d2.1" refers to invalid object "{cc10ddda-2452-4598-a6c4-f9f2f0b6a758
}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\LeechGet Download Queue\shell\open\command" refers to invalid object ""C:\Program Files\LeechGet 2005\LeechGet.exe" -import "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\TesCsFile\shell\open\command" refers to invalid object "C:\Program Files\Bethesda Softworks\Morrowind\\TES3 Construction Set.exe". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\System32\150468.exe infected by "Trojan.Win32.Zapchast" Virus! Action Taken: No Action Taken.

Thanks again for your help.

Jarcy
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #11 on: October 27, 2005, 05:00:19 PM »
Did you cut off the bottom of the mwav scan report
15 viruses and 157 errors

I only see 1 virus

Can you delete this file please
C:\WINDOWS\System32\150468.exe <-file
« Last Edit: October 27, 2005, 05:00:36 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #12 on: October 27, 2005, 06:52:21 PM »
I've deleted 150468.exe.
Also noticed 745625.exe in the same folder. Does this look suspicious?

Pretty sure I haven't truncated the Mwav report, but have rerun and posted the results here: This time 16 viruses and 157 errors:

Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "slchost Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tsl Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Ulead Systems\MPEG\uvAC3Enc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3AN32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\Hdk3anim.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3CTNT.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCIRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MFC42.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Support\Readme (CZ).rtf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "%JavaDir%\QTJava.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\arcsoft.exe" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\arcsoft.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CDWizard.exe" refers to invalid object "c:\program files\pinnacle\studio 8\programs\CDWizard.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CLaunch.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CMGrdian.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\GS4.exe" refers to invalid object "C:\Program Files\ubi.com\GS4.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Ipe40.exe" refers to invalid object "C:\WINDOWS\Ipe40.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nvarem.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVRemote\nvarem.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NvSkins.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVDVD\NvSkins.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer.exe" refers to invalid object "C:\Program Files\Infogrames\Grand Prix 4\Racer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer95.exe" refers to invalid object "C:\Program Files\Microprose\Grand Prix 3\Racer95.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Schedwiz.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Toca2.exe" refers to invalid object "C:\Codemasters\Toca2\Toca2.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\USB Driver for Panasonic DVC (with Web Camera)" refers to invalid object "C:\WINDOWS\INF\USB Driver for Panasonic DVC (with Web Camera)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Temporary File Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".016". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".05". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".axe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".conf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dtl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MRK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nv!". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pvm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".UK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vca". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VM1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".x32". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Best Search Engine!!!". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood FX 4.6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA nForce Drivers". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Search Relevancy". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali Internet Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali_uk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "untopr1150". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows ControlAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows TaskAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{53EF6570-21A4-47ED-A40A-E6470A5677A3}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{02D892F7-E5D4-41E3-9988-B9155BF800FE}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{07B18EA2-A523-4961-B6BB-170DE4475CCA}" refers to invalid object "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487523-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487524-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{27A9F557-B690-4798-BF58-EF69433366E6}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39B7FAEB-68FE-4A52-A25F-5F896B088C7E}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B4B40F0-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{578D8287-FB03-466E-A404-DD772E6CBEAE}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F474F98-82D9-4694-9073-54FBCE4C9035}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FFC1326-E077-44E7-8935-7F09F3F19FE4}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9502B2C1-553A-46AF-8F26-FE29CED44720}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9FECC4D5-A7AC-4C85-B15A-4B933AC0CD5D}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A48985C9-9602-412D-88CD-7E3D2E111C40}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B2EA5AEB-5BA3-47C9-95F3-42D63F2326AC}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE6663AD-B0FD-4BFA-AD94-CFD678B927C3}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD0F275B-050F-4568-8578-A852AC432622}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2295278-994F-42A7-BC23-5722CECA2063}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A6FAF0-072E-44CF-8957-5838F569A31D}" refers to invalid object "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06337C1A-C69C-4371-A2F7-A41DBAEAED49}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{07293E71-EAE0-4FEA-9F92-5BD92325E790}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{18331E46-35A5-4CEE-846C-BA7DB913865B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1A39043E-45C8-4075-867E-6D0E090A5DFA}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\InlineMultimedia.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B487520-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\Program Files\Superscape\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2D81B49D-4646-4CB1-AE1B-3F3CF6429134}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3905C537-264D-4350-A328-CC2DD483A9A4}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4B4B40F2-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{65A6BB6D-78D0-4E0A-824D-2DE1E0D154AF}" refers to invalid object "C:\PROGRA~1\SEARCH~1\SearchRelevancy1.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{71C7B265-C6F6-459A-929F-1E3085A3CB4B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{758767F5-A4A5-4935-BCB5-517387C78DB8}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MARQUEELib.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{86018373-D939-4CDA-A130-A7C4C1600C0F}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\PPT8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{920ED957-862F-4CCE-B168-0BA8451F3E1C}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A5E16CA3-1C8F-4DB0-BE3F-67E8E9FD593D}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CB850722-F2D1-4236-BB9D-85BDC2D7B854}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DBD9915A-C650-4CFE-AF5E-670A05AEF680}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FA91240E-B719-42B7-BB70-5908A0A5E776}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ATLPlugin.ATL3DPage_d2.1" refers to invalid object "{cc10ddda-2452-4598-a6c4-f9f2f0b6a758
}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\LeechGet Download Queue\shell\open\command" refers to invalid object ""C:\Program Files\LeechGet 2005\LeechGet.exe" -import "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\TesCsFile\shell\open\command" refers to invalid object "C:\Program Files\Bethesda Softworks\Morrowind\\TES3 Construction Set.exe". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.


P.S. Should I uninstall Kazaa? Have already removed P2PNetworking.
Thanks again, Jarcy.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #13 on: October 28, 2005, 09:56:27 AM »
I would opt to remove Kazaa, it came bundled with a Lot of crapware
I'll leave that up to you

Can you run that file  through
Jotti's Online Malware scan
Give this site time to load if busy

Use the browse button and navigate to the file on your hard drive
Right click on it  and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

We may have to reinstall McAfee and Office
But I would like to make sure you run a registry cleaner before you proceed
We won't do nothing with them yet
Is your subscription to McAfee's still OK?
« Last Edit: October 28, 2005, 09:57:36 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #14 on: October 31, 2005, 05:41:49 PM »
Here's the result from Jotti's malware scan of the suspicious file. Looks like a bug. Shall I delete the file?

Service  
Service load:  0%        100%  
 
File:  745625.exe  
Status:  INFECTED/MALWARE  
MD5  92ec1464b5bc22a409d7ccd16439cce6  
Packers detected:  UPX
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Dropped:Trojan.Small.DL  
ClamAV  Found Trojan.Clicker.Small-45  
Dr.Web  Found DLOADER.Trojan (probable variant)  
F-Prot Antivirus  Found unknown virus (probable variant)  
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
   
Regarding McAfee & Office, of course willing to reinstall. However tried this earlier (before asking for help here) and it made no difference.
With McAfee Internet Security, my annual subscription is due up sometime in October, so must be due for renewal now. However, when I last reinstalled (2 - 3 weeks ago) I WAS able to update Firewall. Only the Virus Scan fails to function. Whereas I usually get reminder popups from McAfee to purchase my annual renewal, these are also crashing every time I log on. This leads me to suspect that I've got a clever bug that prevents me from updating or using my virus scanner. Therefore I don't know if I'm even able to renew my McAfee license.
Why Office has started to behave in this manner, I have no idea.

Any more ideas would be gratefully received.

Many thanks again,
Jarcy.
Logged

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #15 on: November 02, 2005, 11:20:09 AM »
Guestolo,

I've also uninstalled Kazaa.
Any ideas what to try next?

Many thanks!

Jarcy
Logged

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #16 on: November 06, 2005, 10:42:40 AM »
Guestolo / Anyone,

Has anyone got any ideas as to why my McAfee Virusscan and MS Office products (Word / Excel) crash every time I try to open them?

Thanks,

Jarcy
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #17 on: November 06, 2005, 11:58:24 AM »
Did you delete this file?
745625.exe

If not, go ahead and do so

Sorry for the wait

Can you do the following
Just want to check on something
Open Hijackthis>>Open Misc tools section>>>Open Hosts file manager
Click the Open In Notepad button
A text file should open, can you copy and paste the contents back here please

Could you also
Go to this site
Jotti's Online Malware scan
Give this site time to load if busy

Use the browse button and navigate to the file on your hard drive
C:\WINDOWS\System32\Wininet.dll <-this file

Right click on it  and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scans back here please

Can you run one more scan please
From my signature below run an online scan at Panda's
Choose to scan "Local Disks"
When the scan is done, save a report and post the contents back here
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Jarcy

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
SmartSecurity and other problems
« Reply #18 on: November 06, 2005, 02:34:26 PM »
Guestolo,
Many thanks for coming back to this.

I couldn't find Host file manager with Hijackthis. The only report I could find with Misc Tools was Gerenate Startuplist Log. Did you mean this? I'm posting the result here. (I did notice that c:windows\explorer.exe is running. Is this a virus in this location?):

StartupList report, 11/6/2005, 7:10:05 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\John Canfield\My Documents\Download Software\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\John Canfield\My Documents\Download Software\HijackThis.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UpdReg = C:\WINDOWS\UpdReg.EXE
SBDrvDet = C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
CTSysVol = C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
CTHelper = CTHELPER.EXE
CTDVDDET = C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
Creative WebCam Tray = C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Camera Detector = C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
AsioReg = REGSVR32.EXE /S CTASIO.DLL
HPHUPD05 = C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 = C:\WINDOWS\System32\hphmon05.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
HP Software Update = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
VirusScanMSC = "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
IFSplash = ImmSplsh.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

RemoteCenter = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (STUDYSERVER-Adam Canfield).job
McAfee.com Update Check (STUDYSERVER-John Canfield).job
McAfee.com Update Check (STUDYSERVER-Samuel Canfield).job
McAfee.com Update Check (STUDYSERVER-Sue Canfield).job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[UploaderCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\atl_uploader.dll
CODEBASE = http://members14.clubphoto.com/_img/upload...tl_uploader.cab

[PlxInstall Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PlaxoInstall.dll
CODEBASE = http://down.plaxo.com/down/release/PlaxoInstall.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[CheckNDownload Class]
CODEBASE = http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
OSD = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\TEInstallPlugIn.osd

[TerraExplorer Class]
CODEBASE = http://www.skylinesoft.com/interactive/ter.../install/TE.cab
OSD = C:\WINDOWS\Downloaded Program Files\TE.osd

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[Secure Delivery]
CODEBASE = http://www.gamespot.com/KDX22/download/kdx.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #22: xfire_lsp_9028.dll (file MISSING)
Protocol #23: xfire_lsp_9028.dll (file MISSING)
Protocol #24: xfire_lsp_9028.dll (file MISSING)
Protocol #25: xfire_lsp_9028.dll (file MISSING)
Protocol #26: xfire_lsp_9028.dll (file MISSING)
Protocol #48: xfire_lsp_9028.dll (file MISSING)

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,424 bytes
Report generated in 0.047 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

The file in Jotti seemed OK. Here's the result:

Jotti's malware scan 2.99-TRANSITION_TO_3.00
 
File to upload & scan:          
Service  
Service load:  0%        100%  
 
File:  WININET.DLL  
Status:  OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  4f64d1df989e3aa2fad91a2f1167b9c7  
Packers detected:  -
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing

I can't run Panda! when I try to install Panda ActiveScan, my browser crashes (as with Office McAfee etc) and I get the same old "Internet Explorer has encountered a problem and needs to close".
This is so frustrating!

Any other suggestions gratefully received.

Thanks again.
Jarcy
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
SmartSecurity and other problems
« Reply #19 on: November 06, 2005, 02:56:42 PM »
Can you try the following

We'll see if we can repair IE

Go to Start, and then click Run.
In the copy and paste the following

sfc /scannow

Don't hit OK yet

Instead close down all other windows, including this one

Then go hit OK
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1] 2
« previous next »