Hello all. Recently ran into some nasties and decided spybot would be the best place to look. I used spybot, ad-aware, and norton to remove what I could, then my search ended here.

I followed and completed all the steps of the "Smitfraud:SpyAxe, SpywareFalcon, and other desktop type hijacks" thread (which was AWSOME! :bigthumb: )

Here are my logs, i'm hoping my PC is free now :p:

SmitFraudFix report


SmitFraudFix v2.81

Scan done at 21:55:58.12, Sun 08/06/2006
Run from C:\Documents and Settings\Admin\Desktop\Smitfraud Fix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\alexaie.dll Deleted
C:\WINDOWS\alxie328.dll Deleted
C:\WINDOWS\alxtb1.dll Deleted
C:\WINDOWS\bg_bg.gif Deleted
C:\WINDOWS\big_red_x.gif Deleted
C:\WINDOWS\BTGrab.dll Deleted
C:\WINDOWS\buy_now.gif Deleted
C:\WINDOWS\click_for_free_scan.gif Deleted
C:\WINDOWS\close_ico.gif Deleted
C:\WINDOWS\dlmax.dll Deleted
C:\WINDOWS\download.gif Deleted
C:\WINDOWS\download_product.gif Deleted
C:\WINDOWS\free_scan_red_btn.gif Deleted
C:\WINDOWS\icon_warning_big.gif Deleted
C:\WINDOWS\infected.gif Deleted
C:\WINDOWS\infected_top_bg.gif Deleted
C:\WINDOWS\logo.gif Deleted
C:\WINDOWS\navibar_bg.gif Deleted
C:\WINDOWS\navibar_corner_left.gif Deleted
C:\WINDOWS\navibar_corner_right.gif Deleted
C:\WINDOWS\product_box.gif Deleted
C:\WINDOWS\Pynix.dll Deleted
C:\WINDOWS\red_warning_ico.gif Deleted
C:\WINDOWS\remove_spyware_header.gif Deleted
C:\WINDOWS\safe_and_trusted.gif Deleted
C:\WINDOWS\spyware_detected.gif Deleted
C:\WINDOWS\susp.exe Deleted
C:\WINDOWS\System32fab.exe Deleted
C:\WINDOWS\win_logo.gif Deleted
C:\WINDOWS\yellow_warning_ico.gif Deleted
C:\WINDOWS\ZServ.dll Deleted
C:\WINDOWS\system32\a.exe Deleted
C:\WINDOWS\system32\alxres.dll Deleted
C:\WINDOWS\system32\bridge.dll Deleted
C:\WINDOWS\system32\dailytoolbar.dll Deleted
C:\WINDOWS\system32\jao.dll Deleted
C:\WINDOWS\system32\mshtml32.tdb Deleted
C:\WINDOWS\system32\office_pnl.dll Deleted
C:\WINDOWS\system32\officescan.exe Deleted
C:\WINDOWS\system32\questmod.dll Deleted
C:\WINDOWS\system32\runsrv32.dll Deleted
C:\WINDOWS\system32\runsrv32.exe Deleted
C:\WINDOWS\system32\smaexp32.dll Deleted
C:\WINDOWS\system32\smartdrv.exe Deleted
C:\WINDOWS\system32\tcpservice2.exe Deleted
C:\WINDOWS\system32\txfdb32.dll Deleted
C:\WINDOWS\system32\udpmod.dll Deleted
C:\WINDOWS\system32\winblsrv.dll Deleted
C:\WINDOWS\system32\wstart.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Ewido report (deleted a few cookie entrys so it would fit, no big deal)

---------------------------------------------------------
+ Created at: 11:13:01 PM 8/6/2006
+ Scan result:
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\Documents and Settings\Admin\Desktop\Junk\BSINSTALL.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mehojhda.exe -> Downloader.VB.ajp : Cleaned with backup (quarantined).
HKU\S-1-5-21-854245398-1801674531-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-854245398-1801674531-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.33:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.38:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.396:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.397:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.398:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.399:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.367:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.368:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.369:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.53:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.390:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.92:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.93:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.321:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.427:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.87:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.88:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.101:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.93:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.116:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.117:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.118:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.119:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.120:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.121:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.122:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.123:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.124:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.125:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.126:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.142:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.226:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.40:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.43:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.244:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.245:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.50:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.246:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.264:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.265:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.266:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.267:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.268:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.37:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.277:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.278:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.279:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.280:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.291:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.292:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.293:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ipvhn044.Jeremy\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.372:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.373:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.374:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.375:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.376:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.377:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.378:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.370:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.371:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w8hpifa3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end

HiJackThis


Logfile of HijackThis v1.99.1
Scan saved at 11:41:17 PM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\svchost.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/raptisoftgameloader.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154542799718
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Crud, I think I left word wrap on...
I can repost if needed, I'm really sorry!

Welcome to the forum. Looks like Word Wrap does not come through in a "Quote". I still prefer you copy/paste all information.

You are basically clean, there is just some junk that should go, let's do this.

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe read about this one:
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
I suggest you uninstall the aol junk.

Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - Startup: PowerReg Scheduler.exe
(if you set that option you can leave it)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/ra...gameloader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...2/cpbrkpie.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post a last HJT log. Let me know all is well.

Thanks...pskelley
Safer Networking Forums

Want you to know that is the worse Smitfraud infection I have seen.

Java is out of date: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_06\ <<< out of date This will get you Vundo trojan

Thanks for the quick reply and all of the useful help, I can't tell you how much I appreciate it. :)

I Uninstalled Viewpoint media player and manager and made sure it did not reinstall itself.

Ran HJT and fixed the indicated problems, except for O4 (I set that awhile back)

Ran ATF cleaner, worked great.

All is working great, yesterday's steps from the Smitfraud thread helped tremendously. I will install a new Java version after this, and I am no longer using internet explorer; obvious loop holes and back doors that allowed this crap in...useless. I always told my dad to use Mozilla and he refused but I let him use IE anyway, which now I realize that was a mistake.

I wouldn't be surprised if this was one of the worst infections you've seen. I'm 17 and a computer freak, i've ran into some small infections here and there (nothing that I couldn't fix), but this was the worse yet. I was gone all Sunday and came home to my dad informing me "Hey, I downloaded some car pictures and now it says its infected." I saw the first message come up and knew it wasn't windows security center..lol. Kept giving phony warnings that looked convincing and sent you to a website to buy a scanning product. My dad seemed worried (He knows how to turn a comp on and look at webpages, thats about it.) He was sitting next to me when I was going through Norton's net activity log. lol and sure enough there were adult sites in it. I'm like "Dadddddddd, you've been looking at bad stufffffff!" He laughed embarrasingly and appologized for the virus crap but I didn't mind lol. I just wanted to fix it, Spybot was detecting 11 entries that it would fix, but they kept coming back constantly on rescans. SO, I hope you read that, gives you my explanation for such a bad smitfraud infection, wouldn't be surprised if it was the worst yet.

Thank you for the help!

Latest HJT scan


Logfile of HijackThis v1.99.1
Scan saved at 11:00:05 AM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154542799718
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Good job:bigthumb: except you removed the o4 and here is what it was:
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.bleepingcomputer.com/tutorials/tutorial42.html#O11Diag
In your case it may have had to do with using the computer in other countries?

This: O4 - Startup: PowerReg Scheduler.exe is explained here:
http://www.bleepingcomputer.com/startups/PowerReg_Scheduler.exe-4135.html
Don't think you needed either of them.

As far as IE, I have both Firefix and IE on my computers and use IE most of the time. Getting infected is a matter of choice if you ask me, like going to smut sites (tell Dad to buy a magazine), or surfing without the proper protection (unsafe surf)
You will read about some freeware products in the links I provide, I pay for McAfee and all the rest I use are freeware.

Since you had that major infection, you need this information.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

I will mention once more, one of the worse infections out now is Vundo, and we are about positive it comes from a script written by the hackers and executed on computer with out of date Java programs.

Safe surfing...tashi will close your topic in a day or so.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Alright,

Uninstalled the old Java version and installed the new one (5.0 Update 7)
Vundo sounds like a beast..

Used HJT to fix PowerReg Scheduler.exe
Weird, seemed like a useless item taking up resources.

Turned system restore off then back on.

Comp even seems like its running faster, I'm thinking a Defrag may help the speed even more:)

Again thank you pskelley, you've been great help :)

http://www.microsoft.com/windows/IE/community/columns/IEtopten.mspx
http://vlaurie.com/computers2/Articles/runbetter.htm
http://www.linkgrinder.com/tutorials/10_Easy_Steps_to_Speed_Up_Your_Comp_24946_Computers_article.html
http://www.techbuilder.org/recipes/59201471

Here are some great links that will be helpful:laugh:

As the problem appears to be resolved this topic has been archived. :bigthumb:

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.