Results 1 to 5 of 5

Thread: Need help removing command.com and smitfraud

  1. 2007-11-04, 02:06 #1
    ggorby
    ggorby is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default Need help removing command.com and smitfraud

    Spybot can't remove Smitfraud and Command.com. Below is a Hijak This log. The Kaspersky scan log is too long to add to this post. I will make a separate post under this one. Thank you!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:47:10 PM, on 11/3/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avsynmgr.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    c:\Program Files\EasyAccess Client\cvpnd.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\ePOAgent\naimas32.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\VsStat.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\Vshwin32.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\ZipToA.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avconsol.exe
    C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\ePOAgent\naimag32.exe
    C:\Program Files\Vista\Broker\Clagent.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\SightSpeed\SightSpeed.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Wacom\TabUserW.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 152.131.48.3 DHCPSERVER BROKERSERVER # 636A03
    O1 - Hosts: 152.131.113.5 MirroredTest # 636A05
    O1 - Hosts: 152.124.170.105 MGW
    O1 - Hosts: 152.131.53.129 Lincoln CPRS
    O1 - Hosts: 152.131.49.6 VHAOMARPC1
    O1 - Hosts: 152.131.50.2 VHAOMAIIS1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [RFX_auto_upgrade] rundll32.exe C:\PROGRA~1\RichFX\Player\npvpg004.dll,auto_upg_check
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [NaimAgent_UI] C:\ePOAgent\naimag32.exe
    O4 - HKLM\..\Run: [ClientAgent] C:\Program Files\Vista\Broker\Clagent.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8397] command /c del "C:\WINNT\system32\drivers\core.cache.dsk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2358] cmd /c del "C:\WINNT\system32\drivers\core.cache.dsk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8549] command /c del "C:\WINNT\system32\drivers\core.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3151] cmd /c del "C:\WINNT\system32\drivers\core.sys"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ntdll.dll] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5281] command /c del "C:\WINNT\system32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD304] cmd /c del "C:\WINNT\system32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9421] command /c del "C:\WINNT\system32\drivers\core.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8237] cmd /c del "C:\WINNT\system32\drivers\core.sys"
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Creighton University EasyAccess VPN Client.lnk = C:\Program Files\EasyAccess Client\vpngui.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\Program Files\LifeFX\LifeFXtb.dll
    O9 - Extra 'Tools' menuitem: LifeFX Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\Program Files\LifeFX\LifeFXtb.dll
    O16 - DPF: {010F6167-2C09-11D4-8738-0050DABC30E3} (AxEyematicPlayer Class) - http://www.eyematic.com/players/engl...layerAxWin.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
    O16 - DPF: {161FA781-A52C-11D0-8D7C-00A0C9034A7E} (Downloadable Whisper PC) - http://activex.microsoft.com/activex...nt2/actcnc.exe
    O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
    O16 - DPF: {1D87F5B2-05F1-11D2-AD7C-0000F8799342} (Microsoft IE Object Wrapper Sample Control) - http://activex.microsoft.com/activex...2/LhttsEng.exe
    O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) - file://E:\autorun\x86\bin\nskey.dll
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {32634F75-03FF-11D4-B346-00C04FA06E32} (LifeFX Player, version 2.50) - http://gsquared.creighton.edu/standin/lfxplr.exe
    O16 - DPF: {354154AE-9BFE-11D0-A6D0-00AA00A70FC2} (IWebAccess) - http://activex.microsoft.com/control...86/iwebacc.dll
    O16 - DPF: {3EDED642-E3C9-4E12-9883-9899820EEC3C} (DMPlayerX Control) - http://www.kiwilogic.com/3dbot/digimask/DMPlayerX.cab
    O16 - DPF: {42D16401-BA4E-4034-BEC7-17585C756622} - https://directory.sightspeed.com/cur...ated_setup.exe
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {47F591A1-8783-11D2-8343-00A0C945A819} (WGPlayer Class) - http://download.richfx.com/player/re...ate=01_17_2001
    O16 - DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} (BVXPlayer Class) - http://www.biovirtual.com/xplayer/xplayer.cab
    O16 - DPF: {53E6E8F0-D6EE-11D5-A857-525405F66B21} (AvatarX Class) - http://www.seestorm.com/COM/AvatarX/AvatarX.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0591be769e0912e...zip/RdxIE6.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gov.pe.ca/mapguide/viewers/mgaxctrl.cab
    O16 - DPF: {690D3CB0-B644-436F-BFA1-1FD109B40BC9} (DMXControl Class) - http://www.digimask.com/digidemo/dig...andlpk/dmx.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
    O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
    O16 - DPF: {80B38492-FB56-4B0E-ABDD-8B14EB05F9A7} - http://www.directxtras.com/speaksfor...mstts_mary.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/O...d/MSSurVid.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/display/PopupSh.ocx
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/engli...ayer5AxWin.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...z4/install.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B3E0F81F-73F8-470B-A56B-D895EFF19260} (ATLF3D Class) - http://www.famous3d.com/viewer/2.1.0.28/axf3d.cab
    O16 - DPF: {B8A23E08-0B26-4348-AA96-33395A51DDD9} (CantocheLivingActor Class) - http://www.cantoche.com/download/livingActor.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://activex.microsoft.com/activex...t2/tv_enua.exe
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/O...or/Outside.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://a320.g.akamai.net/7/320/1456/...layerAxWin.cab
    O16 - DPF: {D7B7E293-259E-11D4-824D-0040F6B88CAC} (FastAXCtl Class) - http://www.famous3d.com/1.0.0.31b/stream2/fastie.cab
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/o...autopricer.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab
    O16 - DPF: {E2926D57-2D14-4F13-B71B-27460B106101} (Talker Class) - http://www.lipsinc.com/lipsinctalker.cab
    O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksfor...eechplugin.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...45/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = om.cox.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = om.cox.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = om.cox.net
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = om.cox.net
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avsynmgr.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\EasyAccess Client\cvpnd.exe
    O23 - Service: Digimation Protection Server (DigiPSrv) - Digimation, Inc. - C:\3DSMAX~1\Digipsrv.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McShield - Network Associates, Inc. - C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
    O23 - Service: NAI ePolicy Orchestrator Agent (NAIMAGENT32) - Network Associates, Inc. - C:\ePOAgent\naimas32.exe
    O23 - Service: Domain Migration Administrator Agent (OnePointDomainAdminService) - NetIQ Corporation - C:\Program Files\OnePointDomainAgent\DCTAgentService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

    --
    End of file - 19368 bytes


    Thank you for any help you might offer.
  2. 2007-11-04, 02:08 #2
    ggorby
    ggorby is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default Kaspersky scan results

    Here are the results of the Kaspersky scan.

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, November 03, 2007 6:44:43 PM
    Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 4/11/2007
    Kaspersky Anti-Virus database records: 450983
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 109889
    Number of viruses found: 7
    Number of infected objects: 17
    Number of suspicious objects: 0
    Duration of the scan process: 02:40:24

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\administrator\Local Settings\Temp\~786152.tmp Infected: Trojan-Downloader.Win32.Wintool.a skipped
    C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b104.exe.bac_a01904/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b104.exe.bac_a01904/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b104.exe.bac_a01904/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b104.exe.bac_a01904 NSIS: infected - 3 skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b104.exe.bac_a01904 CryptFF.b: infected - 3 skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b136.exe.bac_a01904/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b136.exe.bac_a01904/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b136.exe.bac_a01904/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b136.exe.bac_a01904 NSIS: infected - 3 skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\b136.exe.bac_a01904 CryptFF.b: infected - 3 skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\ValueRadio.exe.bac_a01904 Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
    C:\Documents and Settings\ggorby\.housecall6.6\Quarantine\website.dll.bac_a01904 Infected: Trojan-Downloader.Win32.Agent.bls skipped
    C:\Documents and Settings\ggorby\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\ggorby\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\ggorby\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\ggorby\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\ggorby\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
    C:\Documents and Settings\ggorby\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\ggorby\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\ggorby\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\ggorby\Local Settings\History\History.IE5\MSHist012007110320071104\index.dat Object is locked skipped
    C:\Documents and Settings\ggorby\Local Settings\Temp\WCESCOMM.LOG Object is locked skipped
    C:\Documents and Settings\ggorby\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\ggorby\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\ggorby\ntuser.dat.LOG Object is locked skipped
    C:\WINNT\$_hpcst$.hpc Object is locked skipped
    C:\WINNT\CSC\00000001 Object is locked skipped
    C:\WINNT\Debug\ipsecpa.log Object is locked skipped
    C:\WINNT\Debug\oakley.log Object is locked skipped
    C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
    C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINNT\SchedLgU.Txt Object is locked skipped
    C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINNT\Sti_Trace.log Object is locked skipped
    C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\default Object is locked skipped
    C:\WINNT\system32\config\default.LOG Object is locked skipped
    C:\WINNT\system32\config\SAM Object is locked skipped
    C:\WINNT\system32\config\SAM.LOG Object is locked skipped
    C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\SECURITY Object is locked skipped
    C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINNT\system32\config\software Object is locked skipped
    C:\WINNT\system32\config\software.LOG Object is locked skipped
    C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\system Object is locked skipped
    C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
    C:\WINNT\system32\drivers\core.cache.dsk Object is locked skipped
    C:\WINNT\system32\drivers\core.sys Object is locked skipped
    C:\WINNT\system32\mmf.sys Object is locked skipped
    C:\WINNT\system32\Perflib_Perfdata_218.dat Object is locked skipped
    C:\WINNT\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  3. 2007-11-04, 14:08 #3
    ggorby
    ggorby is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Default ran spybot in safe mode

    I re-ran Spybot in safe mode and it seems to have removed Smitfraud, but it still can't remove Command Service. Here is another HiJak This log after that:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:55:59 AM, on 11/4/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avsynmgr.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    c:\Program Files\EasyAccess Client\cvpnd.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\VsStat.exe
    C:\ePOAgent\naimas32.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\Vshwin32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\ZipToA.exe
    C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avconsol.exe
    C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\ePOAgent\naimag32.exe
    C:\Program Files\Vista\Broker\Clagent.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\Program Files\SightSpeed\SightSpeed.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Wacom\TabUserW.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 152.131.48.3 DHCPSERVER BROKERSERVER # 636A03
    O1 - Hosts: 152.131.113.5 MirroredTest # 636A05
    O1 - Hosts: 152.124.170.105 MGW
    O1 - Hosts: 152.131.53.129 Lincoln CPRS
    O1 - Hosts: 152.131.49.6 VHAOMARPC1
    O1 - Hosts: 152.131.50.2 VHAOMAIIS1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [RFX_auto_upgrade] rundll32.exe C:\PROGRA~1\RichFX\Player\npvpg004.dll,auto_upg_check
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [NaimAgent_UI] C:\ePOAgent\naimag32.exe
    O4 - HKLM\..\Run: [ClientAgent] C:\Program Files\Vista\Broker\Clagent.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ntdll.dll] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Creighton University EasyAccess VPN Client.lnk = C:\Program Files\EasyAccess Client\vpngui.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\Program Files\LifeFX\LifeFXtb.dll
    O9 - Extra 'Tools' menuitem: LifeFX Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\Program Files\LifeFX\LifeFXtb.dll
    O16 - DPF: {010F6167-2C09-11D4-8738-0050DABC30E3} (AxEyematicPlayer Class) - http://www.eyematic.com/players/engl...layerAxWin.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
    O16 - DPF: {161FA781-A52C-11D0-8D7C-00A0C9034A7E} (Downloadable Whisper PC) - http://activex.microsoft.com/activex...nt2/actcnc.exe
    O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
    O16 - DPF: {1D87F5B2-05F1-11D2-AD7C-0000F8799342} (Microsoft IE Object Wrapper Sample Control) - http://activex.microsoft.com/activex...2/LhttsEng.exe
    O16 - DPF: {2646205B-878C-11D1-B07C-0000C040BCDB} (NSIEMisc Class) - file://E:\autorun\x86\bin\nskey.dll
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {32634F75-03FF-11D4-B346-00C04FA06E32} (LifeFX Player, version 2.50) - http://gsquared.creighton.edu/standin/lfxplr.exe
    O16 - DPF: {354154AE-9BFE-11D0-A6D0-00AA00A70FC2} (IWebAccess) - http://activex.microsoft.com/control...86/iwebacc.dll
    O16 - DPF: {3EDED642-E3C9-4E12-9883-9899820EEC3C} (DMPlayerX Control) - http://www.kiwilogic.com/3dbot/digimask/DMPlayerX.cab
    O16 - DPF: {42D16401-BA4E-4034-BEC7-17585C756622} - https://directory.sightspeed.com/cur...ated_setup.exe
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {47F591A1-8783-11D2-8343-00A0C945A819} (WGPlayer Class) - http://download.richfx.com/player/re...ate=01_17_2001
    O16 - DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} (BVXPlayer Class) - http://www.biovirtual.com/xplayer/xplayer.cab
    O16 - DPF: {53E6E8F0-D6EE-11D5-A857-525405F66B21} (AvatarX Class) - http://www.seestorm.com/COM/AvatarX/AvatarX.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0591be769e0912e...zip/RdxIE6.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gov.pe.ca/mapguide/viewers/mgaxctrl.cab
    O16 - DPF: {690D3CB0-B644-436F-BFA1-1FD109B40BC9} (DMXControl Class) - http://www.digimask.com/digidemo/dig...andlpk/dmx.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
    O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
    O16 - DPF: {80B38492-FB56-4B0E-ABDD-8B14EB05F9A7} - http://www.directxtras.com/speaksfor...mstts_mary.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/O...d/MSSurVid.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/display/PopupSh.ocx
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/engli...ayer5AxWin.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...z4/install.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B3E0F81F-73F8-470B-A56B-D895EFF19260} (ATLF3D Class) - http://www.famous3d.com/viewer/2.1.0.28/axf3d.cab
    O16 - DPF: {B8A23E08-0B26-4348-AA96-33395A51DDD9} (CantocheLivingActor Class) - http://www.cantoche.com/download/livingActor.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://activex.microsoft.com/activex...t2/tv_enua.exe
    O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/O...or/Outside.cab
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://a320.g.akamai.net/7/320/1456/...layerAxWin.cab
    O16 - DPF: {D7B7E293-259E-11D4-824D-0040F6B88CAC} (FastAXCtl Class) - http://www.famous3d.com/1.0.0.31b/stream2/fastie.cab
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/o...autopricer.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab
    O16 - DPF: {E2926D57-2D14-4F13-B71B-27460B106101} (Talker Class) - http://www.lipsinc.com/lipsinctalker.cab
    O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksfor...eechplugin.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...45/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = om.cox.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = om.cox.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = om.cox.net
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = om.cox.net
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avsynmgr.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\EasyAccess Client\cvpnd.exe
    O23 - Service: Digimation Protection Server (DigiPSrv) - Digimation, Inc. - C:\3DSMAX~1\Digipsrv.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McShield - Network Associates, Inc. - C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
    O23 - Service: NAI ePolicy Orchestrator Agent (NAIMAGENT32) - Network Associates, Inc. - C:\ePOAgent\naimas32.exe
    O23 - Service: Domain Migration Administrator Agent (OnePointDomainAdminService) - NetIQ Corporation - C:\Program Files\OnePointDomainAgent\DCTAgentService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

    --
    End of file - 18503 bytes
  4. 2007-11-16, 00:50 #4
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello ggorby,

    Welcome to Safer Networking Forums

    Sorry for the delay. When you reply to your own topic it looks like you're being helped, as Helpers look for topics with 0 replies. If you still need help, please post a new HijackThis log so I can be sure nothing has changed.

    Thanks,
    tea
    teacup61
  5. 2007-11-21, 22:57 #5
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,963

    Default

    This topic has been moved to archives.

    If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

    Applies only to the original poster, anyone else with similar problems please start a new topic.

    FYI:
    The Waiting Room: Post here if waiting for help longer than four days
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules