HJT Log - Can I remove the ones listed as file missing?

[rapada]

SmitFraudFix v2.144

Scan done at 11:57:48.42, Sat 02/24/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\winstall.exe
Problem while deleting C:\WINDOWS\ads.js
Problem while deleting C:\WINDOWS\avpcc.dll
Problem while deleting C:\WINDOWS\BTGrab.dll
Problem while deleting C:\WINDOWS\dlmax.dll
Problem while deleting C:\WINDOWS\olehelp.exe
Problem while deleting C:\WINDOWS\Pynix.dll
Problem while deleting C:\WINDOWS\svchost.exe
Problem while deleting C:\WINDOWS\ZServ.dll
Problem while deleting C:\WINDOWS\system32\anti_troj.exe
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
Problem while deleting C:\WINDOWS\system32\dfrgsrv.exe
Problem while deleting C:\WINDOWS\system32\dxmpp.dll
Problem while deleting C:\WINDOWS\system32\ginuerep.dll
Problem while deleting C:\WINDOWS\system32\intmon.exe
Problem while deleting C:\WINDOWS\system32\ishost.exe
Problem while deleting C:\WINDOWS\system32\ismon.exe
Problem while deleting C:\WINDOWS\system32\isnotify.exe
Problem while deleting C:\WINDOWS\system32\issearch.exe
Problem while deleting C:\WINDOWS\system32\msbe.dll
Problem while deleting C:\WINDOWS\system32\mscornet.exe
Problem while deleting C:\WINDOWS\system32\mssearchnet.exe
Problem while deleting C:\WINDOWS\system32\msmsgs.exe
Problem while deleting C:\WINDOWS\system32\MTC.dll
Problem while deleting C:\WINDOWS\system32\nvctrl.exe
Problem while deleting C:\WINDOWS\system32\nuclabdll.dll
Problem while deleting C:\WINDOWS\system32\nvms.dll
Problem while deleting C:\WINDOWS\system32\regperf.exe
Problem while deleting C:\WINDOWS\system32\replmap.dll
Problem while deleting C:\WINDOWS\system32\shnlog.exe
Problem while deleting C:\WINDOWS\system32\twain32.dll
Problem while deleting C:\WINDOWS\system32\wiatwain.dll
Problem while deleting C:\WINDOWS\system32\zlbw.dll
Problem while deleting C:\Program Files\MMediaCodec\
C:\Program Files\SpyKiller\ Deleted
C:\Program Files\SpywareStrike\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

Problem while deleting C:\winstall.exe
Problem while deleting C:\WINDOWS\BTGrab.dll
Problem while deleting C:\WINDOWS\dlmax.dll
Problem while deleting C:\WINDOWS\Pynix.dll
Problem while deleting C:\WINDOWS\ZServ.dll
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
Problem while deleting C:\WINDOWS\system32\dfrgsrv.exe
Problem while deleting C:\WINDOWS\system32\dxmpp.dll
Problem while deleting C:\WINDOWS\system32\ginuerep.dll
Problem while deleting C:\WINDOWS\system32\ishost.exe
Problem while deleting C:\WINDOWS\system32\ismon.exe
Problem while deleting C:\WINDOWS\system32\isnotify.exe
Problem while deleting C:\WINDOWS\system32\issearch.exe
Problem while deleting C:\WINDOWS\system32\mscornet.exe
Problem while deleting C:\WINDOWS\system32\mssearchnet.exe
Problem while deleting C:\WINDOWS\system32\nvctrl.exe
Problem while deleting C:\WINDOWS\system32\regperf.exe
Problem while deleting C:\WINDOWS\system32\replmap.dll
Problem while deleting C:\WINDOWS\system32\twain32.dll
Problem while deleting C:\WINDOWS\system32\wiatwain.dll
Problem while deleting C:\WINDOWS\system32\zlbw.dll
Problem while deleting C:\Program Files\MMediaCodec


»»»»»»»»»»»»»»»»»»»»»»»» End

[rapada]

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.6

Scan started at 8:56:50 AM 2/24/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

[rapada]

I didn't get the brute force uninstaller done yet.. should I go on or wait?

[Ried]

Quote:

Ok.. now my wrist hurts. LOL

I know how you feel...

We can hold off on the BFU for now as the entries that will take care of are 'small potatoes' compared to the Smitfraud infection that still remains.

Boot into Safe Mode and run SmitfraudFix Option 2 once again.

Then run AVG Anti-Spyware, allowing it to Quarantine what it finds.

Reboot into Normal Mode and run ComboScan.exe and post the ComboScan.txt here along with the rapport.txt, and AVG A-S results.

[rapada]

ComboScan v20070221.16 run by Owner on 2007-02-24 at 16:35:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:35:23 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Owner\Desktop\comboscan.exe
C:\HJT\Owner.exe

R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-24 08:56:50 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-24 08:17:04 0 d-------- C:\BFU
2007-02-23 16:28:18 4282 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-23 16:27:47 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-23 16:27:47 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-23 16:27:47 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-23 16:27:47 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-23 16:27:47 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-23 16:27:47 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-23 16:27:42 0 d-------- C:\Documents and Settings\Owner\SmitfraudFix<SMITFR~1>
2007-02-22 08:16:21 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-21 15:57:58 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-21 15:57:10 0 d-------- C:\Documents and Settings\Owner\.housecall6.6<HOUSEC~1.6>
2007-02-13 11:04:48 0 d-------- C:\Program Files\Common Files\Skype
2007-02-08 19:36:20 0 d-------- C:\Program Files\Lavasoft
2007-02-04 13:52:43 33584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-02-04 13:52:43 70896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-02-04 13:52:33 1716224 --a------ C:\WINDOWS\system32\winsflte.dll
2007-02-04 13:52:33 1187840 --a------ C:\WINDOWS\system32\winsflt.dll
2007-02-04 13:52:33 1236992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2007-02-04 13:52:33 0 d-------- C:\WINDOWS\rnapxs
2007-02-04 13:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-02-02 16:37:25 0 d-------- C:\Program Files\CCleaner
2007-01-29 10:07:07 0 d-------- C:\Documents and Settings\Owner\smilies
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-24 12:07:45 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-22 12:34:11 0 d-------- C:\Program Files\Multimedia Card Reader<MULTIM~1>
2007-02-22 12:31:28 0 d-------- C:\Program Files\Microsoft IntelliPoint<MIFB84~1>
2007-02-22 12:27:54 0 d-------- C:\Program Files\iTunes
2007-02-22 12:23:45 0 d-------- C:\Program Files\Google
2007-02-22 08:16:18 0 d-------- C:\Program Files\Grisoft
2007-02-13 11:14:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-02-13 11:04:49 0 d-------- C:\Program Files\Skype
2007-02-08 19:36:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-02-04 13:52:14 0 d-------- C:\Program Files\Shaw Secure<SHAWSE~1>
2007-02-02 16:37:37 0 d-------- C:\Program Files\Yahoo!
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zangoclient<ZANGOC~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango programs<ZANGOP~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango games<ZANGOG~1>
2007-01-17 11:00:58 238 -r-h----- C:\Program Files\mmediacodec<MMEDIA~1>
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick<SURFSI~1>
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick 2<SURFSI~2>
2007-01-17 11:00:56 242 -r-h----- C:\Program Files\spywarestrike<SPYWAR~4>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\need2find<NEED2F~1>
2007-01-17 11:00:55 226 -r-h----- C:\Program Files\ncase
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads<MEDIAL~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads enhanced<MEDIAL~2>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\media gateway<MEDIAG~1>
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flt
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fln
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flcp
2007-01-17 11:00:50 226 -r-h----- C:\Program Files\ezurl
2007-01-17 11:00:50 248 -r-h----- C:\Program Files\exact
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2give
2007-01-14 12:01:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>
2007-01-14 12:01:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-14 12:01:13 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-14 11:58:05 0 d-------- C:\Program Files\iPod
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-09 19:59:48 117092 --a------ C:\WINDOWS\hpoins11.dat
2006-12-06 22:29:34 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"VTTimer"="VTTimer.exe"
"LTMSG"="LTMSG.exe 7"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"F-Secure Manager"="\"C:\\Program Files\\Shaw Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Shaw Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\ispnews.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"mswspl"="C:\\Program Files\\Windows Media Player\\wmplayer.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480


-- End of ComboScan: finished at 2007-02-24 at 16:35:54 -------------------------

[rapada]

SmitFraudFix v2.144

Scan done at 13:45:01.68, Sat 02/24/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\winstall.exe
Problem while deleting C:\WINDOWS\ads.js
Problem while deleting C:\WINDOWS\avpcc.dll
Problem while deleting C:\WINDOWS\BTGrab.dll
Problem while deleting C:\WINDOWS\dlmax.dll
Problem while deleting C:\WINDOWS\olehelp.exe
Problem while deleting C:\WINDOWS\Pynix.dll
Problem while deleting C:\WINDOWS\svchost.exe
Problem while deleting C:\WINDOWS\ZServ.dll
Problem while deleting C:\WINDOWS\system32\anti_troj.exe
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
Problem while deleting C:\WINDOWS\system32\dfrgsrv.exe
Problem while deleting C:\WINDOWS\system32\dxmpp.dll
Problem while deleting C:\WINDOWS\system32\ginuerep.dll
Problem while deleting C:\WINDOWS\system32\intmon.exe
Problem while deleting C:\WINDOWS\system32\ishost.exe
Problem while deleting C:\WINDOWS\system32\ismon.exe
Problem while deleting C:\WINDOWS\system32\isnotify.exe
Problem while deleting C:\WINDOWS\system32\issearch.exe
Problem while deleting C:\WINDOWS\system32\msbe.dll
Problem while deleting C:\WINDOWS\system32\mscornet.exe
Problem while deleting C:\WINDOWS\system32\mssearchnet.exe
Problem while deleting C:\WINDOWS\system32\msmsgs.exe
Problem while deleting C:\WINDOWS\system32\MTC.dll
Problem while deleting C:\WINDOWS\system32\nvctrl.exe
Problem while deleting C:\WINDOWS\system32\nuclabdll.dll
Problem while deleting C:\WINDOWS\system32\nvms.dll
Problem while deleting C:\WINDOWS\system32\regperf.exe
Problem while deleting C:\WINDOWS\system32\replmap.dll
Problem while deleting C:\WINDOWS\system32\shnlog.exe
Problem while deleting C:\WINDOWS\system32\twain32.dll
Problem while deleting C:\WINDOWS\system32\wiatwain.dll
Problem while deleting C:\WINDOWS\system32\zlbw.dll
Problem while deleting C:\Program Files\MMediaCodec\
C:\Program Files\SpywareStrike\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

Problem while deleting C:\winstall.exe
Problem while deleting C:\WINDOWS\BTGrab.dll
Problem while deleting C:\WINDOWS\dlmax.dll
Problem while deleting C:\WINDOWS\Pynix.dll
Problem while deleting C:\WINDOWS\ZServ.dll
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
Problem while deleting C:\WINDOWS\system32\dfrgsrv.exe
Problem while deleting C:\WINDOWS\system32\dxmpp.dll
Problem while deleting C:\WINDOWS\system32\ginuerep.dll
Problem while deleting C:\WINDOWS\system32\ishost.exe
Problem while deleting C:\WINDOWS\system32\ismon.exe
Problem while deleting C:\WINDOWS\system32\isnotify.exe
Problem while deleting C:\WINDOWS\system32\issearch.exe
Problem while deleting C:\WINDOWS\system32\mscornet.exe
Problem while deleting C:\WINDOWS\system32\mssearchnet.exe
Problem while deleting C:\WINDOWS\system32\nvctrl.exe
Problem while deleting C:\WINDOWS\system32\regperf.exe
Problem while deleting C:\WINDOWS\system32\replmap.dll
Problem while deleting C:\WINDOWS\system32\twain32.dll
Problem while deleting C:\WINDOWS\system32\wiatwain.dll
Problem while deleting C:\WINDOWS\system32\zlbw.dll
Problem while deleting C:\Program Files\MMediaCodec


»»»»»»»»»»»»»»»»»»»»»»»» End

[rapada]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:31:34 PM 2/24/2007

+ Scan result:



C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\nail.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drpmon.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mssearchnet.exe -> Hijacker.SpyAxe : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1vp33fd7.Britt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxmpp.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ginuerep.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

[rapada]

There is something wrong with my firefox now.. :(

[Ried]

Please describe what is wrong with FireFox.

Before I proceed, I need to see the Supplementary.txt. Go to C:\ComboScan and in that folder you will see the Supplementary.txt. Post that here please.

[rapada]

I get a Entry Point Not Found error

The procedure enty point SEC_ASN1EndoceUnsignedInteger could not be located in the dynamic link library nss3.dll

[rapada]

There isn't a supplementary.txt file.. there is only the one from yesterday.

[rapada]

I tried running the combo scan again and again it didn't show a supplementary.txt file.

[Ried]

No worries about the Supplementary.txt. Let's finish removing the malware and we'll address the FireFox issue at that point if the issue still remains.

We're going to try another Smitfraud tool and see if it will be able to successfully clean the infection:

Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

*Note* Alternate download sites for smitrem... http://www.downloads.subratam.org/smitRem.exe
http://www.bleepingcomputer.com/file...ar/smitRem.exe

-----------------------------------------------

Reboot into Safe Mode.

-----------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folders if they still exist.

C:\Program Files\ e2give
C:\Program Files\ exact
C:\Program Files\ ezurl
C:\Program Files\ flcp
C:\Program Files\ fln
C:\Program Files\ flt
C:\Program Files\ media gateway
C:\Program Files\ medialoads
C:\Program Files\ medialoads enhanced
C:\Program Files\ ncase
C:\Program Files\ need2find
C:\Program Files\ surfsidekick
C:\Program Files\ surfsidekick 2
C:\Program Files\ zango
C:\Program Files\ zango games
C:\Program Files\ zango programs
C:\Program Files\ zangoclient
C:\WINDOWS\system32\ dxmpp.dll

--------------------------------------------------------------------

Run the smitRem.exe tool you downloaded earlier. There should be a folder called smitrem created on your desktop. Open it and double click on the RunThis file. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log along with all others requested in your next reply.

--------------------------------------------------------------------

Reboot your system.

--------------------------------------------------------------------

I'd like to verify the removal of that infection. We're switching now to the SmitfraudFix tool you first downloaded:

Double-click smitfraudfix.exe to start the tool.

• Select option #1 - Search by typing 1 and press "Enter"
• A text file will appear which lists infected files (if present).
• Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so

--------------------------------------------------------------------

Run another online scan at Panda and save the results.

--------------------------------------------------------------------

Run ComboScan.exe once again.

--------------------------------------------------------------------

Include the following in your next reply:

C:\smitfiles.txt
SmitfraudFix report
Panda results
New ComboScan.txt

[rapada]

smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="7.0000"
The current date is: Sat 02/24/2007
The current time is: 18:16:41.76

Running from
C:\Documents and Settings\Owner\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\setup\\HPZnet01.exe"="F:\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe"
"F:\\setup\\hponicifs01.exe"="F:\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Shaw Secure\\backweb\\3875767\\Program\\fspex.exe"="C:\\Program Files\\Shaw Secure\\backweb\\3875767\\Program\\fspex.exe:*:Enabled:Shaw Secure"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

MMediaCodec
SpywareStrike


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

anti_troj.exe
amcompat.tlb
atmtd.dll
atmtd.dll._
dcomcfg.exe
intmon.exe
ishost.exe
ismon.exe
isnotify.exe
issearch.exe
lcch.dat
lut.dat
mscornet.exe
msmsgs.exe
nscompat.tlb
regperf.exe
replmap.dll
shnlog.exe
tconini.dat
ticads.exe
ticont.dll
tisa.cnf
tisa.dll
twain32.dll
wiatwain.dll
zlbw.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

avpcc.dll
olehelp.exe
ads.js
BTGrab.dll
dlmax.dll
Pynix.dll
ZServ.dll


~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 804 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~

MMediaCodec
SpywareStrike


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

anti_troj.exe
atmtd.dll
atmtd.dll._
dcomcfg.exe
intmon.exe
ishost.exe
ismon.exe
isnotify.exe
issearch.exe
lcch.dat
lut.dat
mscornet.exe
msmsgs.exe
regperf.exe
replmap.dll
shnlog.exe
tconini.dat
ticads.exe
ticont.dll
tisa.cnf
tisa.dll
twain32.dll
wiatwain.dll
zlbw.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

avpcc.dll
olehelp.exe
ads.js
BTGrab.dll
dlmax.dll
Pynix.dll
ZServ.dll


~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

[rapada]

SmitFraudFix v2.144

Scan done at 18:29:17.70, Sat 02/24/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\winstall.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\ads.js FOUND !
C:\WINDOWS\avpcc.dll FOUND !
C:\WINDOWS\BTGrab.dll FOUND !
C:\WINDOWS\dlmax.dll FOUND !
C:\WINDOWS\olehelp.exe FOUND !
C:\WINDOWS\Pynix.dll FOUND !
C:\WINDOWS\svchost.exe FOUND !
C:\WINDOWS\ZServ.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\anti_troj.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\intmon.exe FOUND !
C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\msbe.dll FOUND !
C:\WINDOWS\system32\mscornet.exe FOUND !
C:\WINDOWS\system32\msmsgs.exe FOUND !
C:\WINDOWS\system32\MTC.dll FOUND !
C:\WINDOWS\system32\nuclabdll.dll FOUND !
C:\WINDOWS\system32\nvms.dll FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\replmap.dll FOUND !
C:\WINDOWS\system32\shnlog.exe FOUND !
C:\WINDOWS\system32\twain32.dll FOUND !
C:\WINDOWS\system32\wiatwain.dll FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\MMediaCodec\ FOUND !
C:\Program Files\SpywareStrike\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[rapada]

Incident Status Location

Adware:adware/superspider Not disinfected c:\windows\system32\services
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

[rapada]

ComboScan v20070221.16 run by Owner on 2007-02-24 at 21:37:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:37:42 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Owner\Desktop\comboscan.exe
C:\HJT\Owner.exe

R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\Program Files\IETB\sh.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disney.go.com/games/download...areControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images...ntUpload19.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-24 18:31:07 0 d-------- C:\WINDOWS\LastGood
2007-02-24 08:56:50 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-24 08:17:04 0 d-------- C:\BFU
2007-02-23 16:28:18 4282 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-23 16:27:47 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-23 16:27:47 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-23 16:27:47 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-23 16:27:47 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-23 16:27:47 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-23 16:27:47 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-23 16:27:42 0 d-------- C:\Documents and Settings\Owner\SmitfraudFix<SMITFR~1>
2007-02-22 08:16:21 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-21 15:57:58 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-02-21 15:57:10 0 d-------- C:\Documents and Settings\Owner\.housecall6.6<HOUSEC~1.6>
2007-02-13 11:04:48 0 d-------- C:\Program Files\Common Files\Skype
2007-02-08 19:36:20 0 d-------- C:\Program Files\Lavasoft
2007-02-04 13:52:43 33584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-02-04 13:52:43 70896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-02-04 13:52:33 1716224 --a------ C:\WINDOWS\system32\winsflte.dll
2007-02-04 13:52:33 1187840 --a------ C:\WINDOWS\system32\winsflt.dll
2007-02-04 13:52:33 1236992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2007-02-04 13:52:33 0 d-------- C:\WINDOWS\rnapxs
2007-02-04 13:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-02-02 16:37:25 0 d-------- C:\Program Files\CCleaner
2007-01-29 10:07:07 0 d-------- C:\Documents and Settings\Owner\smilies
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-24 19:27:34 0 d-------- C:\Program Files\Multimedia Card Reader<MULTIM~1>
2007-02-24 19:25:41 0 d-------- C:\Program Files\Microsoft IntelliPoint<MIFB84~1>
2007-02-24 19:22:28 0 d-------- C:\Program Files\iTunes
2007-02-24 19:18:26 0 d-------- C:\Program Files\Google
2007-02-24 18:35:36 0 d-------- C:\Documents and Settings\Owner\Application Data\ispnews
2007-02-24 12:07:45 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-22 08:16:18 0 d-------- C:\Program Files\Grisoft
2007-02-13 11:14:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-02-13 11:04:49 0 d-------- C:\Program Files\Skype
2007-02-08 19:36:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-02-04 13:52:14 0 d-------- C:\Program Files\Shaw Secure<SHAWSE~1>
2007-02-02 16:37:37 0 d-------- C:\Program Files\Yahoo!
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zangoclient<ZANGOC~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango programs<ZANGOP~1>
2007-01-17 11:00:58 226 -r-h----- C:\Program Files\zango games<ZANGOG~1>
2007-01-17 11:00:58 238 -r-h----- C:\Program Files\mmediacodec<MMEDIA~1>
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick<SURFSI~1>
2007-01-17 11:00:57 240 -r-h----- C:\Program Files\surfsidekick 2<SURFSI~2>
2007-01-17 11:00:56 242 -r-h----- C:\Program Files\spywarestrike<SPYWAR~4>
2007-01-17 11:00:55 234 -r-h----- C:\Program Files\need2find<NEED2F~1>
2007-01-17 11:00:55 226 -r-h----- C:\Program Files\ncase
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads<MEDIAL~1>
2007-01-17 11:00:54 236 -r-h----- C:\Program Files\medialoads enhanced<MEDIAL~2>
2007-01-17 11:00:53 242 -r-h----- C:\Program Files\media gateway<MEDIAG~1>
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flt
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\fln
2007-01-17 11:00:51 236 -r-h----- C:\Program Files\flcp
2007-01-17 11:00:50 226 -r-h----- C:\Program Files\ezurl
2007-01-17 11:00:50 248 -r-h----- C:\Program Files\exact
2007-01-17 11:00:50 228 -r-h----- C:\Program Files\e2give
2007-01-14 12:01:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>
2007-01-14 12:01:32 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-14 12:01:13 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-14 11:58:05 0 d-------- C:\Program Files\iPod
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-09 19:59:48 117092 --a------ C:\WINDOWS\hpoins11.dat
2006-12-06 22:29:34 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"VTTimer"="VTTimer.exe"
"LTMSG"="LTMSG.exe 7"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"F-Secure Manager"="\"C:\\Program Files\\Shaw Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Shaw Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\ispnews.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"mswspl"="C:\\Program Files\\Windows Media Player\\wmplayer.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72a3e30e-6590-11d8-b7c5-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480


-- End of ComboScan: finished at 2007-02-24 at 21:38:10 -------------------------

[Ried]

Did you run into any problems manually deleting those folders and file I had listed in my last post--they're all still on the system as well.

[Ried]

Another quick question--did you by any chance use a program called Malware Immunizer?

[rapada]

Quote:

Originally Posted by Ried

Did you run into any problems manually deleting those folders and file I had listed in my last post--they're all still on the system as well.

I checked and they weren't listed..