Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ishost.exe Problems Plz Help


  • Please log in to reply
16 replies to this topic

#1 Shawn_Townsend

Shawn_Townsend

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 11 December 2006 - 12:33 PM

Hi
I followed all the links to download the cleaning programs but i seem to not be able remove ISHOST.exe (is was in small case now in caps)spy bot is blocking it atm.

Please can anyone help thanks
Shawn

Logfile of HijackThis v1.99.1
Scan saved at 17:24:49, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse2-p4.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ishost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 11 December 2006 - 01:00 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 11 December 2006 - 02:02 PM

Done and as requested reports.
thanks


SmitFraudFix v2.128

Scan done at 18:39:18.45, 11/12/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 18:56:09, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Garmin\gStart.exe
C:\Program Files\Electronic Arts\EA Link\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse2-p4.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#4 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 11 December 2006 - 02:16 PM

I couldn't do the F8 thing not sure why is it because i got a cordless keyboard?

I used the msconfig way through run command

But i noticed general tab selected startup was ticked not normal startup is that right?

If i try to change it is say something about access denied error, log in as administer account. But my account is the only one on here, well i noticed a admin account in safe mode not sure on that one either.

Sorry if im not making sense

Shawn

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 11 December 2006 - 02:29 PM

Fix these with HiJackThis – mark them, close IE, click fix checked

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
=============================

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

===================
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 11 December 2006 - 02:53 PM

Thanks very much any clue with the System configuration Utility question
Thanks
Shawn

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 11 December 2006 - 03:24 PM

Prolly cause in the startup tab you have some items unchecked
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 14 December 2006 - 12:22 PM

Hi well its back spy bot is stopping it but it is showing on my task manager "ISHOST.EXE and "ismini.exe"
I have only been on www.bbc.co.uk, www.managerleague.com, www.argos.co.uk and ebay the last few days so how the hell i get it this time?

Thanks
Shawn


I got spy bot running with teatimer, ad-aware, Norton Internet Security, stinger and a routerwith a firewall so whats going on :thumbsup: plz help


Logfile of HijackThis v1.99.1
Scan saved at 17:00:25, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Program Files\Electronic Arts\EA Link\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse2-p4.exe
C:\WINDOWS\system32\ishost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#9 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 14 December 2006 - 01:00 PM

10/12/2006 16:51:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ISHOST.EXE!
10/12/2006 16:51:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:20 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:23 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 16:51:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
10/12/2006 18:38:45 Allowed value "winjjq32" (new data: "") deleted in Winlogon Notifiers!
10/12/2006 18:44:48 Allowed value "WMPNSCFG" (new data: "C:\Program Files\Windows Media Player\WMPNSCFG.exe") added in System Startup user entry!
11/12/2006 16:52:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ISHOST.EXE!
11/12/2006 16:53:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:53:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:53:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:54:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:54:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:54:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:54:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:54:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:55:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:55:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:55:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:55:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:56:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:56:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:56:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:56:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:57:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:57:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:57:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:58:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:58:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:58:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:58:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:59:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:59:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 16:59:56 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:00:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:00:25 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:00:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:00:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:01:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:01:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:01:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:01:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:02:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:02:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:02:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:02:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:02:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:03:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:03:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:03:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:03:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:04:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:04:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:04:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:04:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:04:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:05:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:05:25 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:05:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:05:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:06:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:06:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:06:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:06:46 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:06:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:07:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:07:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:07:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:07:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:08:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:08:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:08:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:08:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:08:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:09:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:09:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:09:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:09:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:10:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:10:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:10:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:10:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:10:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:11:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:11:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:11:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:11:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:12:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:12:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:12:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:12:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:12:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:13:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:13:25 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:13:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:13:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:14:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:14:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:14:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:14:46 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:14:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:15:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:15:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:15:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:15:53 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:16:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:16:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:16:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:16:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:16:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:17:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:17:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:17:57 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:18:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:18:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:18:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:18:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:19:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:19:20 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:19:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:19:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:20:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:20:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:20:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:20:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:20:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:21:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:21:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:21:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:21:54 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:22:08 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:22:23 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:22:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:22:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:23:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:23:20 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:23:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:23:48 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:24:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:24:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:24:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:24:48 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:25:23 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:26:03 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:26:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:26:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:26:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:26:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:27:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:27:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:27:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:27:54 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:28:07 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:28:21 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:28:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:28:48 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:29:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:29:14 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:29:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:29:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:29:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:30:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:30:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:30:36 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:30:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:31:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:31:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:31:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:31:42 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:31:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:32:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:32:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:32:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:33:00 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:33:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:34:25 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:34:46 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:35:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:35:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:35:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:36:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:36:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:37:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:37:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:37:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:38:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:38:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:38:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:38:57 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:39:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:39:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:39:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:39:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:40:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:40:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:40:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:40:46 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:40:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:41:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:41:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:41:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:41:53 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:42:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:42:21 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:42:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:42:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:43:00 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:43:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:43:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:44:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:44:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:44:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:44:54 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:45:07 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:45:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:45:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:45:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:46:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:46:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:46:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:46:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:46:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:47:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:47:23 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:47:36 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:47:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:48:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:48:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:48:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:48:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:49:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:49:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:49:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:50:00 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:50:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:50:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:50:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:50:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:51:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:51:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:51:48 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:52:03 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:52:20 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:52:46 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:53:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:53:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:54:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:54:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:55:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:55:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:55:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:55:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:56:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:56:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:56:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:57:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:57:53 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:58:21 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:58:36 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:58:50 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:59:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:59:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 17:59:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:00:00 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:00:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:00:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:01:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:01:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:02:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:02:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:03:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:03:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:03:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:03:42 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:04:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:04:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:05:07 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:05:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:06:07 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:06:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:07:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:07:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:07:50 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:08:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:08:21 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:08:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:08:48 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:09:03 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:09:48 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:10:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:10:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:10:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:10:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:10:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:11:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:11:56 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:12:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:12:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:13:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:13:57 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:14:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:14:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:15:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:16:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:16:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:17:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:17:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:18:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:18:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:19:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:19:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:20:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:20:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:20:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:20:53 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:30:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ISHOST.EXE!
11/12/2006 18:31:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:08 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:14 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:21 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:23 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:31:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:32:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:33:03 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:33:06 Allowed value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry!
11/12/2006 18:33:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:33:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:33:50 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:23 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:25 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:42 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:50 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:53 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:54 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:56 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:57 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:34:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:07 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:08 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:14 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:20 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:23 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:25 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:44 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:35:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
11/12/2006 18:55:32 Allowed value "MSConfig" (new data: "") deleted in System Startup global entry!
11/12/2006 19:31:27 Allowed value "{9522B3FB-7A2B-4646-8AF6-36E7F593073C}" (new data: "") deleted in ActiveX Distribution Unit!
11/12/2006 19:31:30 Allowed value "&Search" (new data: "") deleted in Browser menu extension!
11/12/2006 19:44:26 Allowed value "updateMgr" (new data: ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1") added in System Startup user entry!
11/12/2006 19:44:31 Allowed value "updateMgr" (new data: ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8") changed in System Startup user entry!
11/12/2006 19:45:28 Allowed value "updateMgr" (new data: "") deleted in System Startup user entry!
14/12/2006 16:54:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ISHOST.EXE!
14/12/2006 16:54:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:36 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:46 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:48 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:50 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:51 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:53 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:55 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:56 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:54:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:03 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:07 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:55:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:56:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:57:37 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:57:53 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:58:10 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:58:54 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 16:59:14 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:00:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:01:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:01:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:02:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:02:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:02:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:03:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:03:25 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:03:38 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:03:52 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:04:06 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:04:20 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:04:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:04:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:05:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:05:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:05:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:05:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:06:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:06:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:06:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:06:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:06:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:07:14 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:07:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:07:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:07:57 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:08:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:08:26 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:08:39 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:08:54 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:09:09 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:09:24 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:10:05 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:10:20 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:10:34 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:10:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:11:03 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:11:18 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:11:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:11:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:12:04 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:12:19 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:12:33 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:12:47 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:13:03 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:13:17 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:13:32 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:13:46 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:14:00 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:14:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:14:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:14:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:15:01 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:15:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:15:31 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:15:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:16:00 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:16:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:16:30 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:16:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:17:00 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:17:15 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:17:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:17:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:17:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:18:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:18:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:18:41 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:18:56 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:19:11 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:19:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:19:45 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:19:59 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:20:13 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:20:28 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:20:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:20:58 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:21:14 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:21:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:21:42 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:21:57 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:22:12 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:22:27 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:22:40 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:22:54 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:23:08 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:23:22 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:23:35 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:23:49 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:24:02 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:24:16 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:24:29 Encountered and terminated Smitfraud-C. in C:\WINDOWS\system32\ishost.exe!
14/12/2006 17:24:43 Encountered and terminated Smitfraud-C. in C:\WINDOWS\sy

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 14 December 2006 - 02:49 PM

Do post #2 again - delete the version you have and DL the latest version
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 14 December 2006 - 07:14 PM

Thanks hope i dont get it again not sure why it happened but tahnks for your help

SmitFraudFix v2.130

Scan done at 21:02:39.37, 14/12/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Logfile of HijackThis v1.99.1
Scan saved at 00:07:30, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_5.41_windows_intelx86.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qkerpuiw.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 14 December 2006 - 07:59 PM

Think about what you have done to get it again

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" –boot

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qkerpuiw.dll",setvm

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\qkerpuiw.dll
C:\Program Files\errorkiller

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 15 December 2006 - 01:54 PM

Done all you have said and the only problem is i get a message whan i start up syaing Error loading "C:\WINDOWS\system32\qkerpuiw.dll" the specified module could not be found.

I using Opera if thats needed info, but i seem to have this problem when i upgraded to IE7 well the auto update did it.

Thanks for all your time



Logfile of HijackThis v1.99.1
Scan saved at 18:36:35, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome-5.15-kwsn-sse2-p4.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qkerpuiw.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 15 December 2006 - 03:05 PM

Fix this in hijack

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\qkerpuiw.dll",setvm
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 15 December 2006 - 03:52 PM

Done thanks


Logfile of HijackThis v1.99.1
Scan saved at 20:48:12, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R1_4.24_windows_intelx86.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users