View Full Version : smitfraud and more
Well, i also have been hit with the smitfraud and going crazy.
I have not posted anywhere else and will now post my hjt log.
I'am new at this so please bare with me if i did something wrong.
Logfile of HijackThis v1.99.1
Scan saved at 2:02:21 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ugkxrpis.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EB27C5E-3DF4-41E2-B51A-D80F812D561D} - C:\WINDOWS\system32\opnmklk.dll
O2 - BHO: (no name) - {290A78C9-588B-4702-A499-BC46ED2B8794} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {571BA03E-4A49-4AB6-A257-3D775556E2Eb} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\kxldhiwe.dll
O2 - BHO: (no name) - {E5C301CA-DA73-4EF2-A6F0-8A209E5800E1} - C:\WINDOWS\system32\mljjk.dll
O2 - BHO: (no name) - {F009BAC0-DE5C-4B0D-A313-832881DD122e} - C:\WINDOWS\system32\kjhdesxw.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vastkitp.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\PROGRA~1\PROVID~1\LIVESU~1\PROVID~1.EXE" /profile default
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134680478468
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccrtc.com
O17 - HKLM\Software\..\Telephony: DomainName = ccrtc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccrtc.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: opnmklk - C:\WINDOWS\SYSTEM32\opnmklk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Well, i also have been hit with the smitfraud and going crazy.
I have not posted anywhere else and will now post my hjt log.
I'am new at this so please bare with me if i did something wrong.
Logfile of HijackThis v1.99.1
Scan saved at 2:02:21 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ugkxrpis.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EB27C5E-3DF4-41E2-B51A-D80F812D561D} - C:\WINDOWS\system32\opnmklk.dll
O2 - BHO: (no name) - {290A78C9-588B-4702-A499-BC46ED2B8794} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {571BA03E-4A49-4AB6-A257-3D775556E2Eb} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\kxldhiwe.dll
O2 - BHO: (no name) - {E5C301CA-DA73-4EF2-A6F0-8A209E5800E1} - C:\WINDOWS\system32\mljjk.dll
O2 - BHO: (no name) - {F009BAC0-DE5C-4B0D-A313-832881DD122e} - C:\WINDOWS\system32\kjhdesxw.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vastkitp.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\PROGRA~1\PROVID~1\LIVESU~1\PROVID~1.EXE" /profile default
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134680478468
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccrtc.com
O17 - HKLM\Software\..\Telephony: DomainName = ccrtc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccrtc.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: opnmklk - C:\WINDOWS\SYSTEM32\opnmklk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
This is my virus scan report...I guess this is needed....
3/11/2007 3:37:58 PM Engine version =5100
3/11/2007 3:37:58 PM DAT version =4981
3/11/2007 3:37:58 PM Number of virus signatures in EXTRA.DAT =None
3/11/2007 3:37:58 PM Names of viruses that EXTRA.DAT can detect =None
3/11/2007 3:37:56 PM Scan Started KD-V2RMR2223UA4\Owner On-Demand Scan
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Scan Summary
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Processes scanned : 48
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Processes detected : 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Processes cleaned : 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Boot sectors scanned : 1
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Boot sectors detected: 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Boot sectors cleaned : 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Files scanned : 46084
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Files with detections: 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner File detections : 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Files cleaned : 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Files moved : 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Files deleted : 0
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Files not scanned : 26
3/11/2007 4:05:51 PM Scan Summary KD-V2RMR2223UA4\Owner Run time : 0:27:55
3/11/2007 4:05:51 PM Scan Complete KD-V2RMR2223UA4\Owner On-Demand Scan
did i do something wrong? I have noticed that people who posted after
me are getting help and i'am yet to see help..If i posted wrong please
let me know ....i use spybot and need the help..I have a business to
run and it is being hurt
pskelley
2007-03-13, 12:33
Hello Bill and welcome to the forum, I apologize for the wait, let me help you since you are new. First, here are the directions:
"BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
If you will read those and be sure you followed them, you will understand we all are volunteers and there are no resident helpers. We help at many forums and take as much time from our real lives as we can. We we stop to help we look for O responses, meaning this member has received no help yet. We look to see the log is posted properly, and we help as many folks as time allows. Once you read that topic, you will understand more.
With that out of the way, let me say if you have not received help elsewhere, that you have a very infected computer. You mention Smitfraud, so it may be present and I see a Vundo infection. Both of these are hard to remove and my first suggestion if you wish to proceed is that you keep the computer offline as much as possible, this junk will attract more. If you wish to proceed, I need to get some information first and would like you to proceed like this.
1) Read all directions in the "Before you post" topic and do you best to follow them.
2) Post only information I request, your topic will be long anyway and this will help us control the information in it. If you have questions about the instructions or comments you think will help, please post them. Hold all other questions until we get this cleaned up, most will be answered during the process.
3) http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.
Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Restart the computer and post the C:\rapport.txt from Smitfraudfix and because two days have passed and things can change quickly, a new HJT log. I will respond with instructions as soon as possible after I see the information I requested.
Thanks
Here is Rapport per your request
SmitFraudFix v2.148
Scan done at 13:35:38.93, Wed 03/14/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
New HJT log per your request
Logfile of HijackThis v1.99.1
Scan saved at 1:37:46 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\treak.exe\bill.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {290A78C9-588B-4702-A499-BC46ED2B8794} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {571BA03E-4A49-4AB6-A257-3D775556E2Eb} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {F009BAC0-DE5C-4B0D-A313-832881DD122e} - C:\WINDOWS\system32\kjhdesxw.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vastkitp.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccrtc.com
O17 - HKLM\Software\..\Telephony: DomainName = ccrtc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccrtc.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
pskelley
2007-03-14, 21:03
The Smitfruadfix log is clean, the HJT log is run in Safe Mode? Post a HJT log run in Normal Mode and make sure everything is enabled in MSConfig (System Configuration Utility)
Thanks
This is new HJT log I hope i think i had everything checked new at this..
Logfile of HijackThis v1.99.1
Scan saved at 3:20:08 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\treak.exe\bill.exe.exe
C:\WINDOWS\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {290A78C9-588B-4702-A499-BC46ED2B8794} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {571BA03E-4A49-4AB6-A257-3D775556E2Eb} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {F009BAC0-DE5C-4B0D-A313-832881DD122e} - C:\WINDOWS\system32\kjhdesxw.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vastkitp.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccrtc.com
O17 - HKLM\Software\..\Telephony: DomainName = ccrtc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccrtc.com
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
pskelley
2007-03-14, 22:35
We have another problem, see this information:
You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
C:\Program Files\Common Files\Symantec Shared\
C:\Program Files\Network Associates\
Uninstall one of those please.
I had this set up and I do not see the vundo infection like I did? You are not removing stuff and not letting me know are you?
Go ahead and follow these directions to be sure Vundo is completely removed.
You have a Vundo infection, so you will know the hackers can call their junk anything they want. Vundofix may not recognize the files and it may have to run several times to do so. You want to watch the report and you have been sucessful when all vundo files say "Have been deleted" Then post the Vundofix report and a new HJT log so we can clean up the rest
Thanks to Atribune and any others who helped with this fix.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
Restart the computer and post the results of the Vundofix scan, and a new HJT log running one antivirus program.
Thanks
ran vundofix and txt..says this..
No infected files were found.
Beginning removal...
tried to remove the symantc shared file becasue i dont use it anymore.
received error message.... can not delete ccAlert.dlll access denied
so have not posted new HJT log until i hear from you..
No i'am not removing anything now...I did right after i made my first
post after reading some of the forum..sorry about that...
pskelley
2007-03-14, 23:32
OK, so you are saying you use Network Associates (McAfee) now and want the Symantec stuff removed, correct. Post a new HJT log and we will get the rest of the junk plus the Symantec stuff.
Thanks
Yes that is correct ...
New HJT log
Logfile of HijackThis v1.99.1
Scan saved at 4:53:45 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\treak.exe\bill.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {290A78C9-588B-4702-A499-BC46ED2B8794} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {571BA03E-4A49-4AB6-A257-3D775556E2Eb} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {F009BAC0-DE5C-4B0D-A313-832881DD122e} - C:\WINDOWS\system32\kjhdesxw.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vastkitp.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccrtc.com
O17 - HKLM\Software\..\Telephony: DomainName = ccrtc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccrtc.com
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
pskelley
2007-03-15, 00:35
Before we do this manually, I need to say it is much better if it is done with the uninstaller. Did you look in Add Remove programs to see if there is an uninstaller. If not open Start > All Programs and look for Norton or Symantec in the list of programs and click it, there may be an uninstaller there. If that fails than do this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Let's clean out the rest of the junk in the HJT log like this:
How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: (no name) - {290A78C9-588B-4702-A499-BC46ED2B8794} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: (no name) - {571BA03E-4A49-4AB6-A257-3D775556E2Eb} - C:\WINDOWS\system32\kjhdesxw.dll
O2 - BHO: (no name) - {F009BAC0-DE5C-4B0D-A313-832881DD122e} - C:\WINDOWS\system32\kjhdesxw.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vastkitp.dll",setvm G
Close all programs but HJT and all browser windows, then click on "Fix Checked"
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\vastkitp.dll <<< delete that file if there
Use the instruction in this link to run AVG Anti-spyware, make sure you delete or at least quarantine what it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the AVG Anti-Spyware scan results, the uninstall list, a new HJT log and let me know about the Symantec/Norton uninstaller.
Thanks
okay did all of the above..
Norton wont let me uninstall from add/remove programs..get an error...
uninstall log:
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.5
Adobe Stock Photos 1.0
Ares 1.9.0
AVG Anti-Spyware 7.5
BCM V.92 56K Modem
BSPlayer
ccCommon
Compaq Driver for Lexmark Z32
Creative System Information
Cucusoft AVI to DVD/VCD/SVCD/MPEG Converter Pro 4.29
DesktopServer 4.2.1.0
DivX 5.0.3 Bundle
DVDx 2.0
Dynamic Promotion Suite V3.0
GSpot Codec Information Appliance
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Indeo® software
Intel(R) Extreme Graphics Driver
Internet Explorer 7 Beta 2
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.53 Basic
Lexmark 4200 Series
Lexmark 4200 Series Fax Solutions
Live Support Chat for Web Site 4.3.0
LiveUpdate 2.7 (Symantec Corporation)
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Interactive Training
Microsoft Office Excel Viewer 2003
Microsoft Office FrontPage 2003
Microsoft Office XP Professional
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Vista Upgrade Advisor
Microsoft WSE 2.0 SP3 Runtime
Mighty Slots Fun Only
Mozilla Firefox (2.0.0.2)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
Musicmatch® Jukebox
Nero 6 Ultra Edition
Nimo Codecs Pack v5.0 (Remove Only)
Norton AntiVirus 2006
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
PowerDVD
PPMate Network TV 2.0.0.40
RunAlyzer
Satellite TV for PC Elite 4.8.8.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Sound Blaster Live!
SPBBC
Spybot - Search & Destroy 1.4
Symantec
TVAnts 1.0
TVUPlayer 2.3.2.19
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VobSub v2.05 (Remove Only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinMX
WinRAR archiver
XP Codec Pack
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
AGA Report: concerned with downloader.Agent.M and dialer...
AGA Log: (Says no action taken but showed deleted)
C:\Documents and Settings\Owner\Desktop\entertainment.exe -> Adware.Comet : No action taken.
C:\Program Files\treak.exe\backups\backup-20070314-130721-727.dll -> Adware.Coupons : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KSWF32GH\zm[1].htm -> Downloader.Agent.m : No action taken.
C:\Documents and Settings\Owner\Desktop\MigthySlotsInstaller.exe -> Heuristic.Win32.Dialer : No action taken.
C:\Program Files\Mighty Slots Fun Only\Install.exe -> Heuristic.Win32.Dialer : No action taken.
C:\Documents and Settings\Owner\My Documents\My Music\(App)-Crack Searcher.rar/CrackSearcher\CrackSearcher.exe -> Not-A-Virus.HackTool.Win32.CrackSearch.a : No action taken.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.438:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.586:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.613:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.652:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.704:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.815:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.908:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.376:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Enhance : No action taken.
:mozilla.377:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Enhance : No action taken.
:mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.327:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.328:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.329:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.330:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.338:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.340:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.341:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.343:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.345:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.860:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.447:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.834:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.798:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.682:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.684:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.705:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.723:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
AGA log cont:
:mozilla.729:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.730:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.731:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.732:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.755:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.756:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.757:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.758:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.759:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.356:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.357:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.365:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.366:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.762:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.763:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.764:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.765:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.766:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.769:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.431:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Starware : No action taken.
:mozilla.770:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.771:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.772:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.773:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.774:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.775:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.813:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.776:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.777:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.778:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.780:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.781:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.782:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.783:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.784:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.794:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.795:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.808:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.809:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.810:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.811:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubt3qco9.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
::Report end
New HJT log
Logfile of HijackThis v1.99.1
Scan saved at 7:42:55 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\treak.exe\bill.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccrtc.com
O17 - HKLM\Software\..\Telephony: DomainName = ccrtc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccrtc.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
pskelley
2007-03-15, 03:15
Norton wont let me uninstall from add/remove programs..get an error...Anytime you get an error, always post the error word for word. That's the only way Google will help.
Look here to see if you can find help:
http://basconotw.mvps.org/SymRem.htm
If you can't find information to help, than you can use this information but keep in mind it is at your own risk:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
I don't see Ghost on the computer but I should post this for you:
WARNING: If you'll use the tool above, you will also lose Norton Ghost.
Uninstall list:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Check to make sure you have the newest version then uninstall all old versions.
Uninstall if you can:
LiveUpdate 2.7 (Symantec Corporation)
Symantec
Someone seems to like to download Codec, you may want to have all users read this information:
http://forums.spybot.info/showthread.php?t=7344
Lot of folks getting infected that way.
I specified delete or at least quarantine so I would not have to look at all of those cookies. If you are sure the stuff was deleted, then run another scan and show me that clean scan.
Thanks
Okay my fault...I thought AVG would delete automatic and it does not...
AVG LOG;
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:17:37 PM 3/14/2007
+ Scan result:
Nothing found.
::Report end
Norton shared is gone HJT Log on its way
New HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:23:51 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\TVUPlayer\TVUPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\treak.exe\bill.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ccrtc.com
O17 - HKLM\Software\..\Telephony: DomainName = ccrtc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ccrtc.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
woke up this morning ran spybot and it showed i had smitfraud-c toolbar again
pskelley
2007-03-15, 12:19
Thanks for the feedback, how's the computer running. I notice you should have a Java update available, then you should be good to go.
woke up this morning ran spybot and it showed i had smitfraud-c toolbar again
See this information: FALSE POSITIVE
http://forums.spybot.info/showthread.php?t=8668
Smitfraud-C.Toolbar888
If your version of Spybot is up to date, you can ignore that item. View this tutorial:
http://www.russelltexas.com/malware/spybot13/spybot13.htm
If it continues to be located once you are sure you are totally updated, view these instructions:
exclude this detection from future scans.
Here is some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
The computer is running like a dream...Thank you so much for the help..
I am making sure spybot is updated....
pskelley
2007-03-24, 17:55
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks