Results 1 to 10 of 10

Thread: Win32.Small.ddx found

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default Win32.Small.ddx found

    The Win32.Small.ddx trojan keeps showing up every time I run a S&D scan.

    Here is my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:08:06 PM, on 2/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\LogMeIn\RaMaint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LogMeIn\LogMeInSystray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\LogMeIn\LogMeIn.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\soundman.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerVCR II\Agent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
    O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 16 17
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com...veXClient1.cab
    O16 - DPF: {546B1745-1674-4089-A56A-171B67631F8D} - http://66.197.233.53/ImageControl.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097963696261
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138486494250
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/pro...anner37440.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.costcophotocenter.com/CostcoUpload.cab
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Network Magic Scan Helper Control) - http://scan.networkmagic.com/NmScan/...ag.1.0.0.0.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.sparedollar.com/sdImage/XUpload.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D010E729-8B30-4638-9BB2-F32338BED958}: NameServer = 208.67.222.222,208.67.220.220
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

  2. #2
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    Here is my Panda scan log:

    Incident Status Location

    Adware:adware/spysheriff Not disinfected c:\windows\system32\desktop.html
    Adware:adware/craft Not disinfected c:\windows\system32\mscnf.dll
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.qksrv.net/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.overture.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.targetnet.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.clickbank.net/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.com.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[server.iad.liveperson.net/hc/33645339]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[server.iad.liveperson.net/hc/12437531]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.entrepreneur.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.go.com/]
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.hc2.humanclick.com/]
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.hc2.humanclick.com/hc/38779756]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.maxserving.com/]

  3. #3
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Hello and welcome to the forum, here is the Google on the item you describe:
    http://www.google.com/search?sourcei...2eSmall%2eddx+

    I am not seeing anything in the HJT log, but I see these in the scan:
    Adware:adware/spysheriff Not disinfected c:\windows\system32\desktop.html
    Adware:adware/craft Not disinfected c:\windows\system32\mscnf.dll

    The first item (spysheriff) is usually part of Smitfraud infections, have you removed one lately? Let's take a look to make sure Smitfraud is not present.

    This one: c:\windows\system32\mscnf.dll is being identified as http://www.sophos.com/virusinfo/anal...jcrafteda.html
    Aliases: Trojan-Downloader.Win32.Small.avw and that might be the same item, all these AV's use different names unfortunately. Since you have AVG Anti-Spyware, I would like to look at a scan result. If it does not remove that trojan, we will do it manually, please do this.

    1) http://siri.geekstogo.com/SmitfraudFix.php <<< download and tutorial
    Download Smitfraudfix from that link and follow ONLY these directions:

    Search:
    Double-click SmitfraudFix.exe
    Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    2) Use the instructions in this link, make sure you update and then delete or at least quarantine anything the program locates.
    http://forums.security-central.us/showthread.php?t=3165


    Restart the computer and post the C:\rapport.txt from Smitfaudfix, the scan results from AVG Anti-Spyware, a new HJT log and any comments you think will help.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  4. #4
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    Thanks for your help pskelly!

    Here's my rapport.txt output:

    SmitFraudFix v2.139

    Scan done at 16:33:27.54, Mon 02/05/2007
    Run from C:\Documents and Settings\Owner\My Documents\My Downloads\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

  5. #5
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:41:37 PM 2/5/2007

    + Scan result:



    :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.811:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.832:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.833:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.834:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.835:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.836:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.837:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.775:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.776:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.781:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.782:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.783:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.560:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.620:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.621:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.622:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.647:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.648:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.649:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.650:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.651:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.678:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.679:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.680:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.681:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.682:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.684:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.686:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.689:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.742:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.743:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end

  6. #6
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 7:02:19 PM, on 2/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\LogMeIn\RaMaint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LogMeIn\LogMeInSystray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\LogMeIn\LogMeIn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\soundman.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerVCR II\Agent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
    O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 16 17
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
    O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com...veXClient1.cab
    O16 - DPF: {546B1745-1674-4089-A56A-171B67631F8D} - http://66.197.233.53/ImageControl.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097963696261
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138486494250
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/pro...anner37440.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.costcophotocenter.com/CostcoUpload.cab
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Network Magic Scan Helper Control) - http://scan.networkmagic.com/NmScan/...ag.1.0.0.0.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.sparedollar.com/sdImage/XUpload.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D010E729-8B30-4638-9BB2-F32338BED958}: NameServer = 208.67.222.222,208.67.220.220
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

  7. #7
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    At one time, you helped my remove Zlob.Downloader. As for spysheriff, I don't remember finding that on my system. Again, thanks so much for all your help!

  8. #8
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning the information, Smitfraudfix shows nothing, and welcome back Houston.

    Panda says this junk is there so let's look for it, enable all files and folders first:
    http://www.xtra.co.nz/help/0,,4155-1916458,00.html
    Now use these free scanners to scan these files:
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/flash/index_en.html

    c:\windows\system32\desktop.html

    c:\windows\system32\mscnf.dll

    If they scan as bad, navigate to them and delete them. Then let me know what C:\Program Files\Eset\nod32krn.exe and Spybot S&D both have to say.

    You should not be storing all of those junk cookies:
    http://privacy.getnetwise.org/browsi...disablecookies
    http://www.mozilla.org/projects/secu...priv_help.html

    Delete Smitfraudfix, we will not need it and it must be downloaded fresh if every needed again.

    Let me know what you find.

    Thanks...Phil
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  9. #9
    Junior Member
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    22

    Default

    Thanks Phil.

    c:\windows\system32\desktop.html came back with a virus detection (can't remember what it was now).

    c:\windows\system32\mscnf.dll came back "no virus found."

    I went ahead and deleted the desktop.html file. Ran another S&D scan, clean! Ran a NOD32 a/v scan, clean!

    Thanks so much for your help!

  10. #10
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Sounds good Houston, I may have given you this information before, but it is always good.

    System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

    Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Thanks to miekiemoes
    http://users.telenet.be/bluepatchy/m...wcomputer.html

    You ever heading this way let me know and I will buy you a beer at the Original Hooters.

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •