View Full Version : Smitfraud-C.
jjwest11
2007-07-28, 06:25
This thing is a pain. I got it early this morning and have literally been sitting here all day trying to remove it. I've gotten rid of about 99% of the pop-ups, but I want this thing gone for good. My computer is running much slower than it has ever before. I have a paper to write and I'm sick of dealing with this. Spybot keeps telling me I have Smitfraud-C.CoreService, and when I try to "fix selected problems" spybot can NEVER delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core
Please Help! I have a Spybot, HiJackThis, and SDFix log. I'll post them all here. I use Norton Anti-Virus Corporate Edition, Spybot, AdAware, and Windows Defender. I've also disabled my system restore, as I read that it was good to do with this particular malicious software.
SDFix Log:
SDFix: Version 1.94
Run by Jonathan W on Fri 07/27/2007 at 10:05 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\JONATH~1\Desktop\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting AppInit_DLLs value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\LocalService\Local Settings\Temp\2.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb - Deleted
C:\WINDOWS\csrss.exe - Deleted
C:\WINDOWS\system32\ldcore.dll - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\tcb.pmw - Deleted
C:\WINDOWS\wr.txt - Deleted
Folder C:\WINDOWS\system32\b06FdUe - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\The Princeton Review\\Practice Test System\\Practice Test System\\Practice Test System.exe"="C:\\Program Files\\The Princeton Review\\Practice Test System\\Practice Test System\\Practice Test System.exe:*:Enabled:Macromedia Projector"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\TEMP\\win1AB.tmp.exe"="C:\\WINDOWS\\TEMP\\win1AB.tmp.exe:*:Enabled:win1AB.tmp"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\JONATH~1\Desktop\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Jonathan W\NetHood\ftp.gcr1.com\Desktop.ini
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\gcshthpA.exe
C:\WINDOWS\system32\33ABE1A679.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Jonathan W\Application Data\Microsoft\Word\~WRL0342.tmp
C:\Documents and Settings\Jonathan W\Application Data\Microsoft\Word\~WRL0673.tmp
C:\Documents and Settings\Jonathan W\Application Data\Microsoft\Word\~WRL1848.tmp
C:\Documents and Settings\Jonathan W\Application Data\Roxio\Dragon\3.x\DiscInfoCache\TSSTcorp_DVD+-RW_TS-L532B_DE03_300_DICV018_DRGV300002C.TMP
C:\Documents and Settings\Jonathan W\Desktop\~WRL0145.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL0164.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL0386.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL0836.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL3129.tmp
Finished
jjwest11
2007-07-28, 06:26
HiJackThis Log:
SDFix: Version 1.94
Run by Jonathan W on Fri 07/27/2007 at 10:05 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\JONATH~1\Desktop\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting AppInit_DLLs value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\LocalService\Local Settings\Temp\2.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb - Deleted
C:\WINDOWS\csrss.exe - Deleted
C:\WINDOWS\system32\ldcore.dll - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\tcb.pmw - Deleted
C:\WINDOWS\wr.txt - Deleted
Folder C:\WINDOWS\system32\b06FdUe - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133234765\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\The Princeton Review\\Practice Test System\\Practice Test System\\Practice Test System.exe"="C:\\Program Files\\The Princeton Review\\Practice Test System\\Practice Test System\\Practice Test System.exe:*:Enabled:Macromedia Projector"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\TEMP\\win1AB.tmp.exe"="C:\\WINDOWS\\TEMP\\win1AB.tmp.exe:*:Enabled:win1AB.tmp"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\JONATH~1\Desktop\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Jonathan W\NetHood\ftp.gcr1.com\Desktop.ini
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\gcshthpA.exe
C:\WINDOWS\system32\33ABE1A679.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Jonathan W\Application Data\Microsoft\Word\~WRL0342.tmp
C:\Documents and Settings\Jonathan W\Application Data\Microsoft\Word\~WRL0673.tmp
C:\Documents and Settings\Jonathan W\Application Data\Microsoft\Word\~WRL1848.tmp
C:\Documents and Settings\Jonathan W\Application Data\Roxio\Dragon\3.x\DiscInfoCache\TSSTcorp_DVD+-RW_TS-L532B_DE03_300_DICV018_DRGV300002C.TMP
C:\Documents and Settings\Jonathan W\Desktop\~WRL0145.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL0164.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL0386.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL0836.tmp
C:\Documents and Settings\Jonathan W\Desktop\~WRL3129.tmp
Finished
jjwest11
2007-07-28, 06:29
SORRY SORRY SORRY I copied and pasted the wrong this in the last one.
THIS is the HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:21 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/uneworleans/support/plugins/ebraryRdr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - LxrJD31s.exe (file missing)
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6967 bytes
jjwest11
2007-07-28, 06:32
--- Search result list ---
Smitfraud-C.CoreService: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core
Smitfraud-C.CoreService: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\core
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-25 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-25 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-25 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-07-25 Includes\KeyloggersC.sbi (*)
2007-07-25 Includes\Malware.sbi (*)
2007-07-25 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-25 Includes\PUPSC.sbi (*)
2007-07-25 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-25 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-25 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-25 Includes\Trojans.sbi (*)
2007-07-25 Includes\TrojansC.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10 / SP0: Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885855
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888310
/ Windows XP / SP3: Hotfix for Windows XP (KB888795)
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890927
/ Windows XP / SP3: Hotfix for Windows XP (KB891593)
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB892627
/ Windows XP / SP3: Windows XP Hotfix - KB893056
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB899337)
/ Windows XP / SP3: Hotfix for Windows XP (KB899510)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Hotfix for Windows XP (KB902841)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
--- Startup entries list ---
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77c03bf23ae56b0a31ae4d5bb4b3d0ac
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: Startup (disabled), Adobe Acrobat Speed Launcher (DISABLED)
command: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
file: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
size: 25214
MD5: d6294d59171ac375cd142003566aa89e
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command:
file:
Located: Startup (disabled), Digital Line Detect (DISABLED)
command: C:\PROGRA~1\DIGITA~1\DLG.exe
file: C:\PROGRA~1\DIGITA~1\DLG.exe
size: 24576
MD5: b66e56733e2cd6a10fda5919625fbf46
Located: Startup (disabled), Last.fm Helper (DISABLED)
command: C:\PROGRA~1\Last.fm\LASTFM~1.EXE
file: C:\PROGRA~1\Last.fm\LASTFM~1.EXE
size: 65536
MD5: e8ac9812749f9433cb7adfffc0fc7a23
Located: Startup (disabled), Logitech SetPoint (DISABLED)
command: C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
file: C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
size: 450560
MD5: 57781b2d6c4ddbf753d820472462e445
Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~3\Office\OSA9.EXE
size: 65588
MD5: 59379189e5eafbeee30eb944d3307645
Located: Startup (disabled), TA_Start (DISABLED)
command: C:\WINDOWS\TISKY009.exe SKY009
file:
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 45056
MD5: 4bb7c5e493962b66ed97cf58da3c98e8
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, sstqo
command: C:\WINDOWS\system32\sstqo.dll
file: C:\WINDOWS\system32\sstqo.dll
size: 228960
MD5: dfcf86887c9c2dd6b9e04a0fa7a2bcfc
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, winopn32
command: winopn32.dll
file: winopn32.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wvutsqq
command: wvutsqq.dll
file: wvutsqq.dll
jjwest11
2007-07-28, 06:33
continued:
--- Browser helper object list ---
{02e69503-4d92-4a3d-b422-39f6a9b58863} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: dydbagf.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 7/27/2007 10:36:26 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{3964D8D6-86D0-493A-B460-A805B5401114} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: wvutsqq.dll
Short name:
Date (created): 7/27/2007 9:44:28 AM
Date (last access): 7/27/2007 11:03:28 PM
Date (last write): 7/27/2007 9:44:28 AM
Filesize: 31254
Attributes: archive
MD5: 9E9268C1D0108F28D76ACB4760024852
CRC32: A0A4B228
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 11/28/2005 10:12:32 PM
Date (last access): 7/27/2007 10:34:22 PM
Date (last write): 5/31/2005 2:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{6F2C9C90-529E-8145-2E89-06A7789C150D} ()
BHO name:
CLSID name:
Path:
Long name: blank
{9D43E785-F175-499E-87D4-9A3E1E940CA7} ()
BHO name:
CLSID name:
Path: C:\Program Files\Windows Plus\
Long name: hokeqo83122.dll
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 2:13:40 AM
Date (last access): 7/27/2007 10:36:26 PM
Date (last write): 12/14/2004 2:13:40 AM
Filesize: 225280
Attributes: archive
MD5: 1BA6D822A6BA2402BC5DF7F65955D3A8
CRC32: E355B594
Version: 7.0.0.0
{FD161371-8548-4B11-A5D4-D14B213EE0B5} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: sstqo.dll
Short name:
Date (created): 7/27/2007 9:49:46 AM
Date (last access): 7/27/2007 10:29:54 PM
Date (last write): 7/27/2007 9:49:50 AM
Filesize: 228960
Attributes: archive
MD5: DFCF86887C9C2DD6B9E04A0FA7A2BCFC
CRC32: A7D06DD2
--- ActiveX list ---
{001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control)
DPF name:
CLSID name: Infotl Control
Installer: C:\WINDOWS\Downloaded Program Files\ebraryRdr.inf
Codebase: http://site.ebrary.com/lib/uneworleans/support/plugins/ebraryRdr.cab
description:
classification: Open for discussion
known filename: EBRARY~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: ebraryRdr.ocx
Short name: EBRARY~1.OCX
Date (created): 11/29/2005 7:34:12 PM
Date (last access): 7/27/2007 11:03:28 PM
Date (last write): 11/29/2005 7:34:12 PM
Filesize: 823296
Attributes: archive
MD5: 5A5973364063751AB3E63313614DE39D
CRC32: B8693241
Version: 3.2.2.2
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 12/26/2005 4:06:40 AM
Date (last access): 7/27/2007 11:03:28 PM
Date (last write): 7/19/2005 5:39:26 PM
Filesize: 54976
Attributes: archive
MD5: 9AB7B8D074FF363415BD3E32F03B0E76
CRC32: 8661EA6D
Version: 10.1.0.11
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} ()
DPF name:
CLSID name:
Installer:
Codebase: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
description:
classification: Legitimate
known filename: FilePlanetDownloadCtrl.dll
info link:
info source: Safer Networking Ltd.
{5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control)
DPF name:
CLSID name: Facebook Photo Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.inf
Codebase: http://upload.facebook.com/controls/FacebookPhotoUploader.cab
description:
classification: Open for discussion
known filename: FacebookPhotoUploader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FacebookPhotoUploader.ocx
Short name: FACEBO~1.OCX
Date (created): 11/3/2005 8:17:36 PM
Date (last access): 7/27/2007 11:03:28 PM
Date (last write): 11/3/2005 8:17:36 PM
Filesize: 1935120
Attributes: archive
MD5: 5A39F109CB87893FD683F49699BCE2B4
CRC32: 729D4EBC
Version: 3.5.122.2
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update)
DPF name:
CLSID name: LinkSys Content Update
Installer: C:\WINDOWS\Downloaded Program Files\gtdownls_95.inf
Codebase: http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
description:
classification: Open for discussion
known filename: gtdownls_95.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: gtdownls_95.ocx
Short name: GTDOWN~2.OCX
Date (created): 9/6/2004 4:30:28 PM
Date (last access): 7/27/2007 11:03:28 PM
Date (last write): 9/6/2004 4:30:28 PM
Filesize: 184320
Attributes: archive
MD5: 4051D9747C3FD625E4B4A39E5D6E3AE9
CRC32: 94D55331
Version: 1.0.0.95
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 3:46:28 PM
Date (last access): 7/27/2007 11:03:28 PM
Date (last write): 11/9/2006 3:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
{DBA230D1-8467-4e69-987E-5FAE815A3B45} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class)
DPF name:
CLSID name: CTAdjust Class
Installer: C:\WINDOWS\Downloaded Program Files\clearadj.inf
Codebase: http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
description:
classification: Legitimate
known filename: clearadj.cab
info link:
info source: JavaCool
Path: C:\WINDOWS\Downloaded Program Files\
Long name: clearadjust.dll
Short name: CLEARA~1.DLL
Date (created): 4/29/2003 5:41:50 PM
Date (last access): 7/27/2007 10:24:50 PM
Date (last write): 4/29/2003 5:41:50 PM
Filesize: 32768
Attributes: archive
MD5: 939522429B24A97D57E84C2A2DAEC45E
CRC32: C91FBA03
Version: 1.0.0.4
--- Process list ---
PID: 0 ( 0) [System]
PID: 532 ( 4) \SystemRoot\System32\smss.exe
PID: 904 ( 532) \??\C:\WINDOWS\system32\csrss.exe
PID: 928 ( 532) \??\C:\WINDOWS\system32\winlogon.exe
PID: 976 ( 928) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 988 ( 928) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1136 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1224 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1272 ( 976) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 1340 ( 976) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1376 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1492 ( 976) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 434176
MD5: 6A197698A141FFE7651B962AE3172008
PID: 1632 ( 976) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 937984
MD5: 381A459D3909A382400FDA0AE1713A59
PID: 1744 (1720) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1752 ( 976) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
size: 290816
MD5: 391CA8AD835440671BCD532B4593D2F9
PID: 1868 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1932 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 492 ( 976) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 236 ( 976) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 106496
MD5: 2ACFC9242BE81AE2356E14E5E05C02BB
PID: 620 ( 976) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 1364 ( 976) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
size: 356352
MD5: 23EEB337BF684589D261F2359E19C72C
PID: 1484 ( 976) C:\Program Files\NavNT\rtvscan.exe
size: 466944
MD5: E653817964F17595C666B376E360B54D
PID: 1504 ( 976) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: F88985164ABA1650CA4DF386A731593A
PID: 1580 ( 976) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 327680
MD5: D8F61AAAE73A1FBDE6F538BECC891F2F
PID: 2024 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 188 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 524 ( 976) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 728 (1744) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 1668 (1744) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2128 (1484) C:\WINDOWS\system32\MsgSys.EXE
size: 14336
MD5: 5B51FA986FB05E4BB2D599222F3DFFA5
PID: 2648 ( 976) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 3140 (1136) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 3200 ( 976) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3240 (1340) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 3756 ( 976) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3752 (1744) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
PID: 2632 (1744) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7644008
MD5: BFFC1C8951A31B17ECF30D510A07CC33
PID: 2404 (1744) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/27/2007 11:18:50 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell4me.com/myway
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
jjwest11
2007-07-28, 06:35
Please let me know if that is enough of the Spybot report for you to go on. It's like 200000 characters long and each post can only be 20000. I'd hate to have to do 8 more posts of that info. Am I right that the relevant info is at the top of that report?
Thank you.
Hello.
Because of the amount of posts in your thread, helpers probably thought you were already being assisted. :spider: We ask for two logs only, the HJT and results of the on-line anti virus scan.
Our stickied forum topics:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)
This topic has been moved to archives.
If you need the thread re-opened, please send me a private message (pm) and provide a link.
Applies only to the original poster, anyone else with similar problems please start your own topic.