Search:

if this helps any here is the kapersky scan:

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)...

Hello everybody, I am really grateful this forum is here to help its users fix their issues.

Weird things that have happened to my pc:

1. spybot exe file is gone, can't run it or even find...

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:06 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode:...

nope that was only problem! Thanks a lot Shaba, I really appreciate your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:38 AM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...

kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, September 19, 2007 12:02:09 AM
Operating System: Microsoft...

sorry that is so damn much, not sure if I did it correctly. if its easier for you, here is the file:

Service (registry key): WS2IFSL
Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Image path: \SystemRoot\System32\drivers\ws2ifsl.sys
Start: 1
...

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5:...

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5:...

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate...

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5:...

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative...

Uninstall Series 6 Exam Simulator ({12C7560B-AF37-4020-85C3-F54935C56A81})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program...

Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070428
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation...

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation...

--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher:...

--- Process list ---
PID: 0 ( 0) [System]
PID: 344 ( 4) \SystemRoot\System32\smss.exe
PID: 496 ( 344) \??\C:\WINDOWS\system32\csrss.exe
PID: 520 ( 344)...

--- Startup entries list ---
Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7...

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect...

--- Search result list ---
Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: star) (Cookie, nothing done)

...

and the associated fixes file:

--- Report generated: 2007-09-15 20:29 ---

Smitfraud-C.: User settings (Registry change, fixing failed)
...

Shaba, thank you for responding! I didn't save the whole report to a file...and I found the Logs for the scans. Which files do you need to see? on the day that I posted there are 8 files that are...

Hello Everybody, I followed the directions to the T. Here are my results....

So far I ran the online Kaspersky scan and ran SB in safe mode and removed all files except the smitfraud one didn't...