Smitfraudfix - Need help desparately
- Thread starter sonjaj
- Start date
Hi Shaba,
I came in yesterday and did all the things you said to do. Ran Spybot and it came up with 5 problems, one of them being the smitfraud. Fixed the problems and reran, nothing. Ran Kaspersky and it found 1 virsus, the smitfraud. Following is the log from that and a new HiJackThis. It appears that when reboot the problems come back.
Any suggestions?
Kaspersky Log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 12, 2007 11:53:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/03/2007
Kaspersky Anti-Virus database records: 280806
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 101891
Number of viruses found: 1
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:11:52
Infected Object Name / Virus Name / Last Action
C:\Buildsof\DV000001\INVOICE.IDS Object is locked skipped
C:\Buildsof\DV000001\INVOICE.IDX Object is locked skipped
C:\Buildsof\DV000001\INV_SREC.IDS Object is locked skipped
C:\Buildsof\DV000001\INV_SREC.IDX Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Bank Notes.xls Object is locked skipped
C:\Documents and Settings\All Users\Documents\Job Lists.xls Object is locked skipped
C:\Documents and Settings\All Users\Documents\Sonja.pst Object is locked skipped
C:\Documents and Settings\All Users\Documents\Weekly Draws and Payroll.xls Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SJK\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Microsoft\Excel\XLSTART\PDFMaker.xla Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\Audit.log Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\DoNotDel.tmp Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\eudora.log Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\EudPriv\Ads\Eudora.idx Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\OWNER.LOK Object is locked skipped
C:\Documents and Settings\SJK\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\SJK\Desktop\Timesheets 2007.xls Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\History\History.IE5\MSHist012007031220070313\index.dat Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\jar_cache44282.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF1250.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF25F3.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF4CFB.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF95A7.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DFA1D9.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SJK\My Documents\John Supervisor Pay.xls Object is locked skipped
C:\Documents and Settings\SJK\My Documents\Monthly Rentals.xls Object is locked skipped
C:\Documents and Settings\SJK\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\SJK\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SJK\UserData\index.dat Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acpinv.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acpinv.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acpinv.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acrinv.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acrinv.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acrinv.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actpay.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actpay.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actpay.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actrec.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actrec.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actrec.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Cmpany.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Cmpany.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Cmpany.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Csttyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Csttyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Fldlib.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Fldlib.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Fldlib.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lckcmp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lckcmp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lgract.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lgract.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lgract.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Mnudat.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Mnudat.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Mnudat.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Msctbl.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Msctbl.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Msctbl.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Pchtyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Pchtyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Pchtyp.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Prmchg.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Prmchg.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Prmchg.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Reqtyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Reqtyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Reqtyp.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Sbctyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Sbctyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Srvinv.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Srvinv.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Srvinv.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Tmplte.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Tmplte.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Tmplte.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Vndtyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Vndtyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Vndtyp.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Actpay.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Actpay.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Actpay.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Actrec.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Actrec.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Actrec.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Cmpany.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Cmpany.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Cmpany.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Cstcde.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Cstcde.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Cstcde.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\employ.Cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\employ.Dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\employ.Fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Eqpmnt.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Eqpmnt.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Eqpmnt.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Fldlib.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Fldlib.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Fldlib.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Jobcst.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Jobcst.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Jobcst.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Lckcmp.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Lckcmp.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Mnudat.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Mnudat.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Mnudat.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Msctbl.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Msctbl.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Msctbl.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Rptdft.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Rptdft.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Rptdft.fpt Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\PDFMaker.dot Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP536\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7C7B9C9D-FA0F-4DE7-A55F-4DA1A6E64F26}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Sage.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3f8.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_644.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I came in yesterday and did all the things you said to do. Ran Spybot and it came up with 5 problems, one of them being the smitfraud. Fixed the problems and reran, nothing. Ran Kaspersky and it found 1 virsus, the smitfraud. Following is the log from that and a new HiJackThis. It appears that when reboot the problems come back.
Any suggestions?
Kaspersky Log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 12, 2007 11:53:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/03/2007
Kaspersky Anti-Virus database records: 280806
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 101891
Number of viruses found: 1
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:11:52
Infected Object Name / Virus Name / Last Action
C:\Buildsof\DV000001\INVOICE.IDS Object is locked skipped
C:\Buildsof\DV000001\INVOICE.IDX Object is locked skipped
C:\Buildsof\DV000001\INV_SREC.IDS Object is locked skipped
C:\Buildsof\DV000001\INV_SREC.IDX Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Bank Notes.xls Object is locked skipped
C:\Documents and Settings\All Users\Documents\Job Lists.xls Object is locked skipped
C:\Documents and Settings\All Users\Documents\Sonja.pst Object is locked skipped
C:\Documents and Settings\All Users\Documents\Weekly Draws and Payroll.xls Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SJK\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Microsoft\Excel\XLSTART\PDFMaker.xla Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\Audit.log Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\DoNotDel.tmp Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\eudora.log Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\EudPriv\Ads\Eudora.idx Object is locked skipped
C:\Documents and Settings\SJK\Application Data\Qualcomm\Eudora\OWNER.LOK Object is locked skipped
C:\Documents and Settings\SJK\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\SJK\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\SJK\Desktop\Timesheets 2007.xls Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\History\History.IE5\MSHist012007031220070313\index.dat Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\jar_cache44282.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF1250.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF25F3.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF4CFB.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DF95A7.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temp\~DFA1D9.tmp Object is locked skipped
C:\Documents and Settings\SJK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SJK\My Documents\John Supervisor Pay.xls Object is locked skipped
C:\Documents and Settings\SJK\My Documents\Monthly Rentals.xls Object is locked skipped
C:\Documents and Settings\SJK\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\SJK\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SJK\UserData\index.dat Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acpinv.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acpinv.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acpinv.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acrinv.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acrinv.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Acrinv.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actpay.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actpay.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actpay.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actrec.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actrec.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Actrec.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Cmpany.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Cmpany.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Cmpany.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Csttyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Csttyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Fldlib.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Fldlib.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Fldlib.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lckcmp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lckcmp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lgract.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lgract.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Lgract.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Mnudat.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Mnudat.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Mnudat.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Msctbl.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Msctbl.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Msctbl.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Pchtyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Pchtyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Pchtyp.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Prmchg.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Prmchg.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Prmchg.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Reqtyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Reqtyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Reqtyp.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Sbctyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Sbctyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Srvinv.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Srvinv.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Srvinv.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Tmplte.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Tmplte.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Tmplte.fpt Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Vndtyp.cdx Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Vndtyp.dbf Object is locked skipped
C:\MB7\Brad Rainey Homes, Inc\Vndtyp.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Actpay.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Actpay.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Actpay.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Actrec.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Actrec.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Actrec.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Cmpany.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Cmpany.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Cmpany.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Cstcde.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Cstcde.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Cstcde.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\employ.Cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\employ.Dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\employ.Fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Eqpmnt.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Eqpmnt.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Eqpmnt.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Fldlib.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Fldlib.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Fldlib.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Jobcst.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Jobcst.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Jobcst.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Lckcmp.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Lckcmp.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Mnudat.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Mnudat.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Mnudat.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Msctbl.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Msctbl.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Msctbl.fpt Object is locked skipped
C:\MB7\Coventry Homes - Current\Rptdft.cdx Object is locked skipped
C:\MB7\Coventry Homes - Current\Rptdft.dbf Object is locked skipped
C:\MB7\Coventry Homes - Current\Rptdft.fpt Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\PDFMaker.dot Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP536\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7C7B9C9D-FA0F-4DE7-A55F-4DA1A6E64F26}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Sage.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3f8.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_644.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
HiJackThis
Logfile of HijackThis v1.99.1
Scan saved at 12:00:39 PM, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Entitlement Client\Server\Intuit.EntitlementServerService.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Intuit\Intuit Master Builder\Administration\Server\MBAdminServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Iomega\REV System Software\RevUDF.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Iomega\REV System Software\imiconxp.exe
C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\SJK\Desktop\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Iomega ImIconXP] C:\Program Files\Iomega\REV System Software\imiconxp.exe
O4 - HKLM\..\Run: [LanTalk] C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\SJK\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://netops.air2lan.net/msrdp.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: EffusiaServer - Unknown owner - C:\Program Files\Effusia Server\EffusiaServer.exe (file missing)
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Entitlement Service - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client\Server\Intuit.EntitlementServerService.exe
O23 - Service: Intuit Master Builder Administrator Service - - C:\Program Files\Intuit\Intuit Master Builder\Administration\Server\MBAdminServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RevUDFService - Iomega Corp - C:\Program Files\Iomega\REV System Software\RevUDF.exe
O23 - Service: Sage Service Host (Sage.ServiceHost.Host) - Sage Software, Inc. - C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:00:39 PM, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Entitlement Client\Server\Intuit.EntitlementServerService.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Intuit\Intuit Master Builder\Administration\Server\MBAdminServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Iomega\REV System Software\RevUDF.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Iomega\REV System Software\imiconxp.exe
C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\SJK\Desktop\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Iomega ImIconXP] C:\Program Files\Iomega\REV System Software\imiconxp.exe
O4 - HKLM\..\Run: [LanTalk] C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\SJK\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://netops.air2lan.net/msrdp.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: EffusiaServer - Unknown owner - C:\Program Files\Effusia Server\EffusiaServer.exe (file missing)
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Entitlement Service - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client\Server\Intuit.EntitlementServerService.exe
O23 - Service: Intuit Master Builder Administrator Service - - C:\Program Files\Intuit\Intuit Master Builder\Administration\Server\MBAdminServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RevUDFService - Iomega Corp - C:\Program Files\Iomega\REV System Software\RevUDF.exe
O23 - Service: Sage Service Host (Sage.ServiceHost.Host) - Sage Software, Inc. - C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
Shaba
Security Expert: Emeritus
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.