Need Professional Help With Smitfraud, I think

H

Harui

New member
My computer went wacko a couple of weeks ago - downloading trojans, adding unknown sites to my favorites, and other stuff. I kept getting "insufficient system resources" errors. McAfee Virus Scan Plus didn't seem up to the task. Stuff just kept coming back. I tried SpyBot and it said I had Smitfraud-C.KooWo, but it couldn't delete it. I found Smitfraudfix and tried it, but that didn't seem to help. I ran Kaspersky and I'll put the report below. I then ran SpyBot in safemode and it removed a few things, but it didn't find Smitfraud this time. I then rebooted and ran HJT. I'll include that log also. So, am I fixed, and if not, what next?

Thanks so much for your help.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 16, 2001 5:33:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/12/2007
Kaspersky Anti-Virus database records: 484211
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 42342
Number of viruses found: 39
Number of infected objects: 77
Number of suspicious objects: 2
Duration of the scan process: 00:30:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Harry\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Harry\Desktop\AvertSamples.zip/AvertSamples/GenProtect.exE Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\Harry\Desktop\AvertSamples.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Harry\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Harry\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Harry\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Harry\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Harry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Temp\JETBD64.tmp Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Temp\~ROMFN_000003A0 Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\01U3S5IJ\14[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kvg skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\01U3S5IJ\5[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\01U3S5IJ\dahua[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\01U3S5IJ\hx[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\4HM7WX27\7[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kjm skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\4HM7WX27\jh[1].exe Infected: Trojan-PSW.Win32.OnLineGames.isb skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\4HM7WX27\my[1].exe Infected: Trojan-PSW.Win32.OnLineGames.laa skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\8N736S11\zt[1].exe Infected: Trojan-PSW.Win32.OnLineGames.isb skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\AHBKDGBM\11[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kjg skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\AHBKDGBM\20[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\AHBKDGBM\2[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwf skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\AHBKDGBM\cq[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\AHBKDGBM\wmgj[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwl skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\BFP7B1CW\12[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kqf skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\BFP7B1CW\wl[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kya skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\BFP7B1CW\wmsj[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\H8C7PLCX\10[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kqu skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\H8C7PLCX\18[1].exe Infected: Trojan-PSW.Win32.WOW.aha skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\H8C7PLCX\qqzyhx[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kzy skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\S1E3W9YF\6[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\S1E3W9YF\wd[1].exe Infected: Trojan-Downloader.Win32.Small.hcw skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\S1E3W9YF\wow[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\W9Y7GD63\17[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kkr skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\W9Y7GD63\8[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kqf skipped
C:\Documents and Settings\Harry\Local Settings\Temporary Internet Files\Content.IE5\W9Y7GD63\jz[1].exe Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\Documents and Settings\Harry\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Harry\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\conime8.exe Infected: Trojan-Downloader.Win32.Small.hcw skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps2 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00010002.ci Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.fid Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.hsh Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000005.sys Infected: Trojan-PSW.Win32.OnLineGames.kwb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000008.exE Infected: Trojan-PSW.Win32.OnLineGames.laa skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000010.dll Infected: Trojan-PSW.Win32.OnLineGames.kwl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000011.dll Infected: Trojan-PSW.Win32.OnLineGames.jrc skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000012.dll Infected: Trojan-PSW.Win32.OnLineGames.kwd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\change.log Object is locked skipped
C:\WINDOWS\cmdbcs.exe Infected: Trojan-PSW.Win32.OnLineGames.isb skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\LotusHlp.exe Infected: Trojan-PSW.Win32.OnLineGames.kzy skipped
C:\WINDOWS\SSLDyn.exE Infected: Trojan-PSW.Win32.OnLineGames.laa skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\about.exe Infected: Trojan-Downloader.Win32.Small.gwb skipped
C:\WINDOWS\SYSTEM32\avwghmn.dll Infected: Trojan-PSW.Win32.OnLineGames.kvp skipped
C:\WINDOWS\SYSTEM32\avwghst.exe Infected: Trojan-PSW.Win32.OnLineGames.kwf skipped
C:\WINDOWS\SYSTEM32\avwlgmn.dll Infected: Trojan-PSW.Win32.OnLineGames.kjf skipped
C:\WINDOWS\SYSTEM32\avwlgst.exe Infected: Trojan-PSW.Win32.OnLineGames.kjg skipped
C:\WINDOWS\SYSTEM32\cmdbcs.dll Infected: Trojan-PSW.Win32.OnLineGames.laz skipped
C:\WINDOWS\SYSTEM32\Com\comrepl32.exe Infected: Worm.Win32.Downloader.bq skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\nitxych.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\pcibus.sys Infected: Worm.Win32.Downloader.bq skipped
C:\WINDOWS\SYSTEM32\eyvhik.dll Infected: Trojan-PSW.Win32.OnLineGames.laz skipped
C:\WINDOWS\SYSTEM32\FTCCompress.dll Infected: Trojan-PSW.Win32.OnLineGames.kkr skipped
C:\WINDOWS\SYSTEM32\gdcqi32.dll Infected: Trojan-PSW.Win32.OnLineGames.kwh skipped
C:\WINDOWS\SYSTEM32\gddh3i32.dll Infected: Trojan-PSW.Win32.OnLineGames.kqf skipped
C:\WINDOWS\SYSTEM32\gdjzi32.dll Infected: Trojan-PSW.Win32.OnLineGames.kwd skipped
C:\WINDOWS\SYSTEM32\gdwdi32.dll Infected: Trojan-PSW.Win32.OnLineGames.kvf skipped
C:\WINDOWS\SYSTEM32\gdwmi32.dll Infected: Trojan-PSW.Win32.OnLineGames.kxe skipped
C:\WINDOWS\SYSTEM32\gdzyhxi32.dll Infected: Trojan-PSW.Win32.OnLineGames.kvc skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\ilove.sys Infected: Trojan-Spy.Win32.Agent.aqk skipped
C:\WINDOWS\SYSTEM32\inetsvr.exe Infected: Trojan-PSW.Win32.Lmir.bpm skipped
C:\WINDOWS\SYSTEM32\inf\scrsys16_071130.dll Infected: Trojan-Spy.Win32.Pophot.xs skipped
C:\WINDOWS\SYSTEM32\kv7pkg6fu.dll Object is locked skipped
C:\WINDOWS\SYSTEM32\LotusHlp.dll Infected: Trojan-PSW.Win32.OnLineGames.las skipped
C:\WINDOWS\SYSTEM32\lwisys16_071130.dll Infected: Trojan-Spy.Win32.Pophot.xs skipped
C:\WINDOWS\SYSTEM32\msrouter.dll Infected: Trojan.Win32.Agent.dbu skipped
C:\WINDOWS\SYSTEM32\mswhich.dll Infected: Trojan.Win32.Agent.dbu skipped
C:\WINDOWS\SYSTEM32\oickbosijy.dll Infected: Trojan-PSW.Win32.OnLineGames.khb skipped
C:\WINDOWS\SYSTEM32\pwskvb.dll Infected: Trojan-PSW.Win32.OnLineGames.lat skipped
C:\WINDOWS\SYSTEM32\qqsetupt.log/stream/data0002/data0003 Infected: not-a-virus:AdWare.Win32.Cinmus.arx skipped
C:\WINDOWS\SYSTEM32\qqsetupt.log/stream/data0002/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.arx skipped
C:\WINDOWS\SYSTEM32\qqsetupt.log/stream/data0002 Infected: not-a-virus:AdWare.Win32.Cinmus.arx skipped
C:\WINDOWS\SYSTEM32\qqsetupt.log/stream Infected: not-a-virus:AdWare.Win32.Cinmus.arx skipped
C:\WINDOWS\SYSTEM32\qqsetupt.log NSIS: infected - 4 skipped
C:\WINDOWS\SYSTEM32\rarjepi.dll Infected: Trojan-PSW.Win32.OnLineGames.kjm skipped
C:\WINDOWS\SYSTEM32\rarjetl.exe Infected: Trojan-PSW.Win32.OnLineGames.kjm skipped
C:\WINDOWS\SYSTEM32\sojeby.dll Infected: Trojan-PSW.Win32.OnLineGames.lat skipped
C:\WINDOWS\SYSTEM32\sqmapi32.dll Infected: Trojan-PSW.Win32.OnLineGames.kol skipped
C:\WINDOWS\SYSTEM32\SSLDyn.dll Infected: Trojan-PSW.Win32.OnLineGames.lat skipped
C:\WINDOWS\SYSTEM32\swrcfac.exe Infected: Trojan-PSW.Win32.OnLineGames.kqu skipped
C:\WINDOWS\SYSTEM32\swrcfzc.dll Infected: Trojan-PSW.Win32.OnLineGames.kqw skipped
C:\WINDOWS\SYSTEM32\tlatl.dll Infected: Trojan-PSW.Win32.OnLineGames.kok skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\upxdnd.exe Infected: Trojan-PSW.Win32.OnLineGames.isb skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF Object is locked skipped

Scan process completed.
 
my first HJT report

Here's the HJT log after doing all the stuff in my first post.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:59 PM, on 12/16/2001
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 127.0.0.2 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exE
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [comrepl32] C:\windows\system32\com\comrepl32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sqmapi32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswhich.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswhich.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1196529575390
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5185/mcfscan.cab
O20 - AppInit_DLLs: rsztmpm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6897 bytes
 
You must log in or register to reply here.
Back
Top