Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sysprotectscanner Pop-up Issues


  • Please log in to reply
34 replies to this topic

#16 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 20 June 2006 - 06:41 PM

Wow I really need a new camera phone, sorry about the picture quality on those last shots.
Here are a couple of screen shots that may be easier to read.

Thanks again for all your help!

Posted Image

Posted Image

Posted Image

BC AdBot (Login to Remove)

 


#17 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 21 June 2006 - 08:47 AM

Hum - GenericRenosFix is where process.exe should be - rename it to process.exe or try the DL again
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#18 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 June 2006 - 12:07 PM

Thanks MFDnSC,

I'm still unable to use the smitfraud program and here's what I've tried to do so far.
I've deleted all the previous smitfraud files and went straight to the website by s!ri to try to download a fresh original copy from there. Same issue when I attempt to open the program I receive the same error screen as before. "process.exe file missing" I even tried to download the file on another computer hoping to copy it to a disk but ended up with the same problems unable to use the program and receiving the same red error screen.

I've tried to rename the file as you mentioned in your last post but still no luck running the program.

Are there any other programs available to download that can also find and remove the smitfraud from my system?

Thanks for all your assistance!

#19 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 21 June 2006 - 12:30 PM

Lets look at this another way

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#20 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 June 2006 - 03:12 PM

Thanks for hanging in there with me MFDnSC!

Okay I ran the SpySweeper program exactly as you instructed and also ran another HJT scan, here are the results.

********
11:15 AM: | Start of Session, Wednesday, June 21, 2006 |
11:15 AM: Spy Sweeper started
11:15 AM: Sweep initiated using definitions version 703
11:15 AM: Starting Memory Sweep
11:18 AM: BHO Shield: found: -- BHO installation denied at user request
11:22 AM: Memory Sweep Complete, Elapsed Time: 00:06:53
11:22 AM: Starting Registry Sweep
11:22 AM: Registry Sweep Complete, Elapsed Time:00:00:25
11:22 AM: Starting Cookie Sweep
11:22 AM: Found Spy Cookie: adjuggler cookie
11:22 AM: bob@adjuggler[2].txt (ID = 2069)
11:22 AM: bob@rotator.adjuggler[1].txt (ID = 2071)
11:22 AM: Found Spy Cookie: tribalfusion cookie
11:22 AM: bob@tribalfusion[1].txt (ID = 3589)
11:22 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:22 AM: Starting File Sweep
11:23 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\uninstalling norton tips.doc". Access is denied
11:23 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\vundofix.exe:zone.identifier". Access is denied
11:23 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\how to install nod32.doc". Access is denied
11:23 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\cookbook1.xls". Access is denied
11:24 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\norton 2004 id info.doc". Access is denied
11:24 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\smitfiles.jpg". Access is denied
11:25 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\vundofix.exe". Access is denied
11:25 AM: Found Adware: sysprotect
11:25 AM: usyp_0001_n76m1005netinstaller.exe (ID = 308694)
11:31 AM: usyp_0001_n76m1005netinstaller.exe (ID = 308694)
11:35 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\add remove error message.doc". Access is denied
11:35 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\kerio firewall\kerio download 3.15.06.exe:zone.identifier". Access is denied
11:38 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\norton 2004 id info2.doc". Access is denied
11:39 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\norton 2004 id info3.doc". Access is denied
11:44 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\sysprotectscannerinstall 6 16 06.doc". Access is denied
11:49 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\spyware\spybotsd14.exe:zone.identifier". Access is denied
11:55 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\screenshot instructions.doc". Access is denied
12:02 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\smiterrorscreen.jpg". Access is denied
12:05 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\your system is infected with the vundo trojan.doc". Access is denied
12:05 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\smitdesktop.jpg". Access is denied
12:10 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\kerio firewall\rmls kerio page.doc". Access is denied
12:11 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\sysprotect message 6 17 06.doc". Access is denied
12:13 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\spybotlog.jpg". Access is denied
12:25 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\kerio firewall\kerio download 3.15.06.exe". Access is denied
12:29 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\nod32 install manual_v2_ig.pdf". Access is denied
12:30 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\spyware\spybotsd14.exe". Access is denied
12:36 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\temp\nod32\nod32 install manual_v2_ig.pdf". Access is denied
12:37 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\security\nod32\nod32 install manual_v2_ig.pdf". Access is denied
12:38 PM: Warning: Failed to open file "c:\documents and settings\bob\local settings\temporary internet files\content.ie5\ipwfqtux\box_tl[1].gif". The system cannot find the file specified
12:40 PM: Found System Monitor: potentially rootkit-masked files
12:40 PM: ciflfffd.002 (ID = 0)
12:40 PM: ciflfffd.001 (ID = 0)
12:41 PM: File Sweep Complete, Elapsed Time: 01:18:11
12:41 PM: Full Sweep has completed. Elapsed time 01:25:35
12:41 PM: Traces Found: 7
12:54 PM: Removal process initiated
12:54 PM: Quarantining All Traces: potentially rootkit-masked files
12:54 PM: Quarantining All Traces: sysprotect
12:54 PM: Quarantining All Traces: adjuggler cookie
12:54 PM: Quarantining All Traces: tribalfusion cookie
12:54 PM: Removal process completed. Elapsed time 00:00:05
********
11:10 AM: | Start of Session, Wednesday, June 21, 2006 |
11:10 AM: Spy Sweeper started
11:11 AM: Your spyware definitions have been updated.
11:15 AM: | End of Session, Wednesday, June 21, 2006 |

-----------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:01:09 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Bob\My Documents\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.legendhomes.com/exchange/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Super Pop Up Ad Killer] C:\Program Files\NET2SOFT\Spk\Super Pop Up Ad Killer.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Downloads - {165D4F02-312C-4303-ABCA-AD6B35A2BE4D} - http://www.downloadalot.com (file missing) (HKCU)
O9 - Extra button: Searchalot - {BF6D715B-3F1D-449B-9842-8F1C14798B5C} - http://www.searchalot.com (file missing) (HKCU)
O14 - IERESET.INF: SearchAssistant=
O15 - Trusted Zone: *.rmlsweb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} (FormLoader.Loader) - http://forms.orefonline.com/OLF/Runtime/FormLoader_RMLS.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.rmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#21 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 21 June 2006 - 03:42 PM

Fix

O15 - Trusted Zone: *.rmlsweb.com

You have multiple AV's active - there should only be one - I'd keep nod32 and remove the rest

I am thinking that one of the AV's is preventing the install of smitrem
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#22 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 June 2006 - 03:54 PM

Thanks MFDnSC,

How do I fix (O15 - Trusted Zone: *.rmlsweb.com) and this may be a necessary program I need for access to a website that I know & trust. They require this setting in order to properly use their map pop-up features and other services and I've been using this website for several years without any problems before.

If you think it's causing me the sysprotect problems then I will go ahead and fix it following your instruction on how to fix it. Do I go into hijackthis and check on the appropriate box and let it do the work?
Sorry for such a newbie questions but this is all new to me.

Thanks again!

#23 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 21 June 2006 - 04:09 PM

If you know it and have that restriction then leave it
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#24 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 June 2006 - 04:22 PM

Thank you for all of your help!

I was feeling pretty good and not getting any more pop-ups until all of a sudden while checking my e-mails just now on Yahoo the darn SysProtectScanner ad popped up and this time SpySweeper caught it and prompted me for an action. I went ahead and denied the download but there was actually already a screen to run the download for SysProtect on my desktop this time which is new. This is one persistent and pesky adware program.

I've scaled back my AV programs to just NOD32 and I have the others disabled.

Would you recommend I run more scans again or do the system restore as you mentioned in an earlier post?

#25 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 21 June 2006 - 04:41 PM

Try the smitfraudfix again - if it doesn't work, disconnect from the net disable nod and try to install again

Edited by MFDnSC, 21 June 2006 - 04:41 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#26 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 June 2006 - 05:22 PM

No luck with smitfraud again :thumbsup:

I've tried to download it directly from s!ri site and again same missing process.exe file error screen.
I deleted all previous downloads before attempting the new ones and still nothing.
I downloaded a fresh copy and disabled NOD32 and still unable to run the program.
I'm trying to be as persistent as the smitfraud virus but it's not easy.

Since my own computer will not let me run this program, what do you think about me trying to download a copy of the program onto a disk from another computer? Would this even be possible to run the program directly from the disk in the safe mode on my system? I may be hopeful but at this point I'm getting desperate to wrap this up on move on.

Thanks for all your patience with me and my awnry computer MFDnSC!

#27 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 21 June 2006 - 05:26 PM

try it
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#28 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 22 June 2006 - 12:19 AM

Well here we go...I finally downloaded a clean copy of the smitfraud file to a CD on another computer and tested the program on that computer first. It worked just as it was supposed to so on this other computer so then I turned off all of my security programs, AV, Spywares, everything that might interfere with a download to my own computer. Still unable to run the program after downloading it to my desktop and still receiving the same red screen missing process.exe file error. SO I deleted the downloaded files and tried running the program straight from the CD just to see what might happen and sure enough the program started and I could finally see the blue menu screen.

Next I restarted my system in the safe-mode and I stared at a blank black screen for 20 minutes? I could not get to any programs or desktop to try to run the CD? Finally I opened the task manager (control-Alt-delete) and proceeded to run a new task by asking for the D drive to open the CD program. It opened and I ran the program but I noticed most of the scrolling text lines indicated it was unable to access a lot of the files. When it was done running I was staring at the same blank black screen and did a manual restart through the task manager.

I'm not sure what the report should look like after a good scan but here is what mine read.
I'm also including a new ActiveScan, Vundo and Hijack scan in case you need it.

Thanks for all your help and guidance MFDnSC!

SmitFraudFix v2.63

Scan done at 17:50:19.18, Wed 06/21/2006
Run from D:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

-----------------------------------------------------------------------------------------------------------
ActiveScan
Incident/Status/Location

Adware:adware/swimsuitnetwork Not disinfected c:\windows\system32\MYDLL.dll
Adware:adware/brands Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bob\Cookies\bob@doubleclick[2].txt

------------------------------------------------------------------------------------------------------------
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 8:47:53 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Bob\My Documents\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.legendhomes.com/exchange/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Super Pop Up Ad Killer] C:\Program Files\NET2SOFT\Spk\Super Pop Up Ad Killer.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Downloads - {165D4F02-312C-4303-ABCA-AD6B35A2BE4D} - http://www.downloadalot.com (file missing) (HKCU)
O9 - Extra button: Searchalot - {BF6D715B-3F1D-449B-9842-8F1C14798B5C} - http://www.searchalot.com (file missing) (HKCU)
O14 - IERESET.INF: SearchAssistant=
O15 - Trusted Zone: *.rmlsweb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} (FormLoader.Loader) - http://forms.orefonline.com/OLF/Runtime/FormLoader_RMLS.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.rmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

------------------------------------------------------------------------------------------------------------
Vundo
VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.7

Scan started at 9:40:03 PM 6/21/2006

Listing files found while scanning....


C:\WINDOWS\SYSTEM32\qttss.bak1
C:\WINDOWS\SYSTEM32\qttss.bak2
C:\WINDOWS\SYSTEM32\qttss.tmp
C:\WINDOWS\SYSTEM32\qttss.ini
C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\SYSTEM32\ssttq.dll
C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\SYSTEM32\qttss.bak2
C:\WINDOWS\SYSTEM32\qttss.tmp
C:\WINDOWS\SYSTEM32\qttss.ini
C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\SYSTEM32\ssttq.dll
Attempting to delete C:\WINDOWS\SYSTEM32\qttss.bak1
C:\WINDOWS\SYSTEM32\qttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qttss.bak2
C:\WINDOWS\SYSTEM32\qttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qttss.tmp
C:\WINDOWS\SYSTEM32\qttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qttss.ini
C:\WINDOWS\SYSTEM32\qttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\SYSTEM32\qttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssttq.dll
C:\WINDOWS\SYSTEM32\ssttq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ssttq.dll
C:\WINDOWS\SYSTEM32\ssttq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

#29 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 22 June 2006 - 07:49 AM

Great

delete this - c:\windows\system32\MYDLL.dll

Log looks good

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#30 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 22 June 2006 - 03:49 PM

I'm really appreciative of all your assistance and patience MFDnSC!

I think we are almost done cleaning up my system and so far things are working nicely thanks to you.
I deleted the c:\windows\system32\MYDLL.dll line using the killbox program in the safe mode and this time in the safe mode I had a safe-mode desktop to work from which was a little easier than the last time.

I've reset the System Restore points as instructed.

Okay here is the final HJT scan log for your final approval and then I'm hopefully done with this issue.
I'm still occasionally seeing attempts by pop-up ads coming along but it seems like Spy-Bot or SpySweeper is catching them before they fully load. I'm assuming this is the normal way these programs work and I am fine with it.

Two last questions and I'll be finished;
1) Does this final log look clean & clear of any problems?
2) Are there any programs I should delete that were downloaded while cleaning or should I just keep them for the future?

Thank you again for everything MFDnSC and this has been quite the learning experience for this newbie!

Logfile of HijackThis v1.99.1
Scan saved at 1:30:24 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bob\My Documents\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.legendhomes.com/exchange/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Super Pop Up Ad Killer] C:\Program Files\NET2SOFT\Spk\Super Pop Up Ad Killer.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Downloads - {165D4F02-312C-4303-ABCA-AD6B35A2BE4D} - http://www.downloadalot.com (file missing) (HKCU)
O9 - Extra button: Searchalot - {BF6D715B-3F1D-449B-9842-8F1C14798B5C} - http://www.searchalot.com (file missing) (HKCU)
O14 - IERESET.INF: SearchAssistant=
O15 - Trusted Zone: *.rmlsweb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} (FormLoader.Loader) - http://forms.orefonline.com/OLF/Runtime/FormLoader_RMLS.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.rmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users