Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

smithfraud-c trojan


  • Please log in to reply
4 replies to this topic

#1 xoddah

xoddah

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 13 August 2005 - 04:35 AM

Logfile of HijackThis v1.99.1
Scan saved at 2:30:18 AM, on 8/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\MYDOWN~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\DllHost.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\HIjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\MYDOWN~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Avpnpmrshscer - GRISOFT, s.r.o. - (no file)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:24 PM

Posted 15 August 2005 - 09:02 AM

Hello xoddah and welcome to the BC HijackThis fourm. I do not see any indications of smitfraud or any other virus or malware program in this log. This log is clean.

If you are having problems then post back with the specific issues that are occuring and then we can investigate that or I can then point you to the correct forum.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 xoddah

xoddah
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 15 August 2005 - 01:06 PM

spybot search and destroy has 38 instances of smithfraud-c in reg key
i can not delete or modify

i have the spybot log saved in pdf file

if this would be of any value i would be most happy to forward it
let me know .. i don't want to jam up this topic
thank you

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:24 PM

Posted 15 August 2005 - 01:14 PM

Hi xoddah. Just post the log here and I will take a look at it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 xoddah

xoddah
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 15 August 2005 - 01:59 PM

Cache: Cache (3857) (Cache, nothing done)

Adobe ImageReady 7.0: User actions history (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Adobe\ImageReady 7.0\Preferences\UserActions

Adobe ImageReady 7.0: Last save folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Adobe\ImageReady 7.0\Preferences\SaveDir\tlfd!=

Adobe ImageReady 7.0: Recent file list (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Adobe\ImageReady 7.0\Preferences\RecentFiles

Adobe ImageReady 7.0: URLs history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Adobe\ImageReady 7.0\Preferences\URLHistory

Ahead Nero Burning Rom: Last MP3 directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\ahead\Nero - Burning Rom\General\OFDLastMP3Dir!=

Ahead Nero Burning Rom: Browser directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=

Ahead Nero Burning Rom: Last Video directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\ahead\Nero - Burning Rom\General\OFDLastVideoDir!=

Ahead Nero Burning Rom: Save tracks directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Ahead\Nero - Burning Rom\SaveTrackOptions\Stdflist!=B=

Ahead Nero Burning Rom: Working directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=

Ahead NeroMIX: Last playlist folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Ahead\NeroMix\Config\PlaylistDir!=

Ahead NeroMIX: Last input folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Ahead\NeroMix\Config\InputDir!=

Ahead NeroMIX: Last output folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Ahead\NeroMix\Config\OutputDir!=

Alcohol 120%: Last recorded CD Image (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\RecordWizard\CD Image File Name!=

Alcohol 120%: Image location history (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\Images\Location

Alcohol 120%: Images history (16 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\Images

Alcohol 120%: Last created CD image (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\ImageMaker\CD Image Name!=

Alcohol 120%: Last search path (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\Basic\Image Finder\Current Dir!=

Alcohol 120%: Last selected disc type (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\Option\DiscType!=

Alcohol 120%: Last used CD image folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\ImageMaker\CD Image File Path!=

Alcohol 120%: Mounted image history (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Alcohol Soft\Alcohol 120%\MountedMRU

Common Dialogs: History (40 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Cookie: Cookie (96) (Cookie, nothing done)

Gabest Media Player Classic: Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Gabest\Media Player Classic\Recent File List

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Internet Explorer\Download Directory!=

Internet Explorer: User agent (Registry change, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MS
IE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)


HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log
Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: setuperr.log (Backup file, nothing done)
C:\WINDOWS\setuperr.log
Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt
Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name!=
MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=
MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=
MS Frontpage: Last opened web (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Settings\LastWebOpen!=
MS Management Console: Recent command list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS Media Player: Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db
MS Media Player: Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
MS Media Player: Last selected track index (Registry value, nothing done)


HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Office 10.0 (Document Scanning): Recent file list #2 (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\MSPaper\Persist File Name

MS Office 10.0 (Document Scanning): Recent file list #1 (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\MSPaper\Recent File List

MS Office 10.0 (Office Startup Assistant): Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Office\10.0\Osa\FindFile\Place!=

MS Office 10.0 (Outlook Finder): Search terms history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Office\10.0\Outlook\Office Finder

MS Office 10.0 (Outlook): Imported/exported element history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Office\10.0\Outlook\DataViz

MS Office 10.0 (Word): Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Office\10.0\Word\Data\Settings

MS Office 10.0: Access recent file (8 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Office\10.0\Access\Settings

MS Office 10.0: Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Office\10.0\Common\Internet\UseRWHlinkNavigation

MS Office 9.0 (Publisher): Save file as history (Registry value, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Publisher\Settings\Save as\File Name MR
U\Value

MS Office 9.0: Recently used files (21 files) (Directory, nothing done)
C:\Documents and Settings\tom\Application Data\Microsoft\Office\Recent\

MS Photo Editor: Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Photo Editor\3.0\File Options\Path!=

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Search Assistant\ACMru

MS Snapshot Viewer: Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Snapshot Viewer\Recent File List

MS Windows Backup 5.0: Last created backup set (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Ntbackup\Hardware\Logical Disk File!=

MusicMatch JukeBox: Last add song folder (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MusicLibraryUI\Last add song dir!=

MusicMatch JukeBox: Last radio station name (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MMRadio\LastStationName!=

MusicMatch JukeBox: Last radio station status (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MMRadio\LastStation!=UNINITIALIZED

SmartMorph: Last used image folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\MeeSoft\SmartMorph\ImagePath!=

SmartMorph: Last used animation folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\MeeSoft\SmartMorph\AnimPath!=

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\*!=W=

Smitfraud-C.: User settings (Registry change, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W
=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\
*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4


Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u48.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u46.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.co
m\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=
4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=
W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!
=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!
=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=
W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W
=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W
=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=
W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=
W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=
4


Smitfraud-C.: User settings (Registry change, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W
=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=

Smitfraud-C.: User settings (Registry change, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=
W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4

Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Explorer: Last visited history (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent wallpaper list (501 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Stream history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files (319 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097
DEACF9}\Count

Windows Explorer: User Assistant history IE (138 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA0
04AE837}\Count

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)

HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-0000000
00000}

Windows.OpenWith: Open with list - .CSV extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows.OpenWith: Open with list - .411 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.411\OpenWithList

Windows.OpenWith: Open with list - .AA extension (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AA\OpenWithList

Windows.OpenWith: Open with list - .AI extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList

Windows.OpenWith: Open with list - .API extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.API\OpenWithList

Windows.OpenWith: Open with list - .APL extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.APL\OpenWithList

Windows.OpenWith: Open with list - .ASF extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

Windows.OpenWith: Open with list - .ASX extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

Windows.OpenWith: Open with list - .AVI extension (11 files) (Registry key, nothing done)


HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BIN extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .C extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.C\OpenWithList

Windows.OpenWith: Open with list - .CAB extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

Windows.OpenWith: Open with list - .CAM extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAM\OpenWithList

Windows.OpenWith: Open with list - .CDA extension (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: Open with list - .CDR extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDR\OpenWithList

Windows.OpenWith: Open with list - .CFG extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList

Windows.OpenWith: Open with list - .CHM extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CHM\OpenWithList

Windows.OpenWith: Open with list - .CPP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPP\OpenWithList

Windows: Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=

WinRAR: Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2025429265-162531612-725345543-1003\Software\WinRAR\General\LastFolder!=

--- Spybot - Search && Destroy version: 1.3 --
2005-04-26 Includes\Cookies.sbi
2005-07-29 Includes\Dialer.sbi
2005-08-04 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-08-04 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2005-08-04 Includes\PUPS.sbi
2003-11-12 Includes\QA Tests.sbi
2005-04-27 Includes\Revision.sbi
2005-08-02 Includes\Security.sbi
2005-08-04 Includes\Spybots.sbi
2003-11-21 Includes\Temporary.sbi
2005-02-17 Includes\Tracks.uti
2005-08-04 Includes\Trojans.sbi


thanks xoddah




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users