Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Networm-i.virus@fp, Please Help Me


  • Please log in to reply
6 replies to this topic

#1 blakey1982

blakey1982

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 May 2007 - 09:56 AM

HI guys

i have read someone elses' problem and mine is exactly the same - i have downloaded Smitfraudfix

but when you say start in safe mode my PC just doesnt - i choose safe mode and it fires through a load of file names like command 0 blah blah blah and then stops and doesnt do anything?

what should i do?

run it in live?

BC AdBot (Login to Remove)

 


#2 blakey1982

blakey1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 May 2007 - 10:05 AM

With log....

Logfile of HijackThis v1.99.1
Scan saved at 4:00:41 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\??xplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Documents and Settings\Paul Blake\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Video ActiveX Access\iesplg.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [First Principle Group] C:\Program Files\First Principle Group\fpg.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Krojaet] C:\WINDOWS\System32\??xplore.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - C:\Documents and Settings\Paul Blake\Desktop\InterCasino £££.lnk
O9 - Extra 'Tools' menuitem: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - C:\Documents and Settings\Paul Blake\Desktop\InterCasino £££.lnk
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~2\Casino.exe
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Paul Blake\Desktop\WH GBP Casino.lnk
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Paul Blake\Desktop\WH GBP Casino.lnk
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/064c55c17229f3...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176411776093
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

#3 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:09 AM

Posted 17 May 2007 - 12:19 PM

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

* Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  • Run AVG Anti-Spyware
  • From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

* Next, run Ad-aware and perform a full scan. Remove everything found.
  • Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the AVG Anti-Spyware 7.5 scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.
Greets Jürgenv

Donation: Click me.

#4 blakey1982

blakey1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 May 2007 - 03:50 PM

Jurgenv - i have follwed all of your intructions and the pop ups have stopped - can you check the below


New HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 9:40:37 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Paul Blake\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ntl\broadband medic\bin\mad.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [First Principle Group] C:\Program Files\First Principle Group\fpg.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - C:\Documents and Settings\Paul Blake\Desktop\InterCasino £££.lnk
O9 - Extra 'Tools' menuitem: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - C:\Documents and Settings\Paul Blake\Desktop\InterCasino £££.lnk
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~2\Casino.exe
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Paul Blake\Desktop\WH GBP Casino.lnk
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Paul Blake\Desktop\WH GBP Casino.lnk
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/064c55c17229f3...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176411776093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

#5 blakey1982

blakey1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 May 2007 - 03:52 PM

And now the AVG Anti Spyware 7.5 scan..............

ArchiveData(auto-quarantine- 2007-05-17 19-29-44.bckp)
Referencefile : SE1R170 14.05.2007
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Paul Blake\Application Data\microsoft\office\recent\JENNA.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Desktop.ini
obj[2]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00273.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\mustang.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\HOLIDAY.lnk
obj[5]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00164.lnk
obj[6]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Soulseek.lnk
obj[7]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\dino.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Job Applications.lnk
obj[9]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\bex.lnk
obj[10]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\SP_A0151.lnk
obj[11]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\JENNA.lnk
obj[12]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\CVS.lnk
obj[13]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Casino Stuff.lnk
obj[14]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\wscui.lnk
obj[15]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Work.lnk
obj[16]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Paris.lnk
obj[17]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\SYSTEM32.lnk
obj[18]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\MOV00151.lnk
obj[19]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00204.lnk
obj[20]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\tanya.lnk
obj[21]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Bev ID.lnk
obj[22]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\uwpbook.lnk
obj[23]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\PICTURES.lnk
obj[24]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\search assistant\acmru\5001
obj[25]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\search assistant\acmru\5603
obj[26]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\search assistant\acmru\5604
obj[27]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[28]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.avi
obj[29]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[30]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.cat
obj[31]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.cpl
obj[32]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[33]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[34]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.HTM
obj[35]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.html
obj[36]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[37]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[38]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.m4a
obj[39]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mp2
obj[40]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mp3
obj[41]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mpeg
obj[42]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mpg
obj[43]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.nco
obj[44]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.nra
obj[45]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[46]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.PLS
obj[47]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pps
obj[48]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ram
obj[49]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rm
obj[50]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rtf
obj[51]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.shtml
obj[52]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.THM
obj[53]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[54]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wmv
obj[55]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wpl
obj[56]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.xls
obj[57]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[58]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[59]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\CV. Jenna Sadler2007.lnk
obj[60]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[61]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[62]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows media\wmsdk\general computername
obj[63]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Thundercats-IntroTheme.lnk
obj[64]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\wholesale.lnk
obj[65]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\nevermind.lnk
obj[66]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\ebay items.lnk
obj[67]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\2-2-2007.lnk
obj[68]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\barrymore.lnk
obj[69]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\virus (2).lnk
obj[70]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\ace 2.lnk
obj[71]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00229.lnk
obj[72]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Movie Quotes.lnk
obj[73]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\solskjaertackle.lnk
obj[74]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\CustomerComplaintsprocedure-new[2].lnk
obj[75]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\HabitusT_C_s[2].lnk
obj[76]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\New playlist.lnk
obj[77]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\bleep.lnk
obj[78]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\lacoste white.lnk
obj[79]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00255.lnk
obj[80]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\river 2.lnk
obj[81]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\jeans].lnk
obj[82]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\022_19.lnk
obj[83]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\gx30.lnk
obj[84]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\_50772_clinton_vi.lnk
obj[85]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\bonesy.lnk
obj[86]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\aod.lnk
obj[87]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\glasto_babyshambles_killamangiro.lnk
obj[88]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Rooney2-0 -UrawaR.lnk
obj[89]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\LimeWire.lnk
obj[90]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\My Playlists.lnk
obj[91]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\horse.lnk
obj[92]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Audio1.lnk
obj[93]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00249.lnk
obj[94]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00245.lnk
obj[95]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\hour of david love.lnk
obj[96]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DataProtectionDocument[2].lnk
obj[97]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\ttba_scene14_01_1024.lnk
obj[98]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\CV Paul Blake 05.02.07.lnk
obj[99]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Dissertation.lnk
obj[100]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DISSERTATION (2).lnk
obj[101]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Domestic Energy Assesor letter.lnk
obj[102]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Health_SafetyforSurveyors[2].lnk
obj[103]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\ZALog2005.05.31.lnk
obj[104]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\P&L 2007.lnk
obj[105]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\07 - New Edition - SOMETHING ABOUT YOU.lnk
obj[106]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Finances.lnk
obj[107]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\cg.lnk
obj[108]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00258.lnk
obj[109]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Website.lnk
obj[110]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\DSC00260.lnk
obj[111]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\bleep (2).lnk
obj[112]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Sure2ProfitBlackjack1[1][1].31.lnk
obj[113]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Comforter.m4a.lnk
obj[114]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Downloads.lnk
obj[115]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\GarethSadlerCV[1] (2).lnk
obj[116]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\sonyhc.lnk
obj[117]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Enteringdataintosoftware.lnk
obj[118]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\My Pictures.lnk
obj[119]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Gareths Moving Plan of Action 2007.lnk
obj[120]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Marketing Books.lnk
obj[121]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\rhubarb.lnk
obj[122]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Gareth.lnk
obj[123]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Poker Cheats.lnk
obj[124]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\GarethSadlerCV[1].lnk
obj[125]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\AFFILIATE LINKS.lnk
obj[126]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\AMM edited.lnk
obj[127]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\scripts_2_sell.lnk
obj[128]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\JimenaPerini.lnk
obj[129]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\boost_website_traffic.lnk
obj[130]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\01 hello, i love you.lnk
obj[131]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\http--www.torfaen.gov.uk-pub_uploads-7157.doc.lnk
obj[132]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\http--www.hipsdirect.com-pdf-EnergyInspectorsNOS.doc.lnk
obj[133]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\wedding_album_brochure[2].lnk
obj[134]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\CASINO ACCOUNTS.lnk
obj[135]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\ENERGY ASSESSOR LINKS.lnk
obj[136]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\http--www.ciaa.gov.np-nepali-jhola-CIAA_RULES_2059.doc.lnk
obj[137]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\AutoPilotS.lnk
obj[138]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Guide_To_Free_Traffic.lnk
obj[139]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Affiliate Cash Secrets report.lnk
obj[140]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Quickextraincome banner1.lnk
obj[141]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\ebay_entrepreneur_kit.lnk
obj[142]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\Residual Income Streams.lnk
obj[143]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\auto_hits_machine.lnk
obj[144]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\website_convertion_secrets.lnk
obj[145]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\easy_pdf_toolkit.lnk
obj[146]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\306_web_design_templates.lnk
obj[147]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\clickbank_automation_system.lnk
obj[148]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\HAB126TrainingProspectus[2].lnk
obj[149]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\http--www3.newport.ac.uk-docstore-jobdocs-MEA10%20Recruitment%20%20Marketing%20Officer%20v2.doc.lnk
obj[150]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\the doors greatest hits.lnk
obj[151]=MRU FileReference : C:\Documents and Settings\Paul Blake\recent\http--www.bre.co.uk-filelibrary-energy_assessor_skills_audit_form.doc.lnk
obj[153]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\ahead\nero - burning rom\recent file list
obj[154]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\direct3d\mostrecentapplication name
obj[155]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[156]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\direct3d\mostrecentapplication name
obj[157]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[158]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[159]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\directinput\mostrecentapplication name
obj[160]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\directinput\mostrecentapplication id
obj[161]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
obj[162]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
obj[163]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\internet explorer download directory
obj[164]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[165]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
obj[166]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\mediaplayer\player\settings saveasdir
obj[167]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[168]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[169]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\microsoft management console\recent file list
obj[170]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\office\10.0\common\general symbolmru
obj[171]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru value
obj[172]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[173]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\office\10.0\excel\recent files
obj[174]=MRU RegReference : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\office\8.0\excel\recent file list

MALWAREWIPE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[32]=Regkey : typelib\{d3103509-f6ec-4592-b5f2-fd862199d778}
obj[33]=Regkey : interface\{ed793078-c780-48d0-88b4-73750c76e93b}
obj[34]=Regkey : interface\{c0d7466a-b3ea-47be-9a02-21880bd88f86}
obj[35]=Regkey : interface\{b57851ec-5a8c-40b9-a503-0821829f0612}
obj[36]=Regkey : interface\{b20c9258-cd4c-495b-baf9-90d48af40f1b}
obj[37]=Regkey : interface\{9f2da855-4ec4-4718-aecf-5db87dbb2dc2}
obj[38]=Regkey : interface\{9b3fd365-1ace-4ae9-84f5-a116726108cd}
obj[39]=Regkey : interface\{8fd9bf62-1102-4b8b-b143-6dfa65a9b193}
obj[40]=Regkey : interface\{7c14774f-7491-41e4-a720-2a0b23b83f94}
obj[41]=Regkey : interface\{77b520fe-71d6-41a2-a765-a6fe25befddb}
obj[42]=Regkey : interface\{71dc737f-9935-4e1d-a995-b50dd8eb5ee7}
obj[43]=Regkey : interface\{70ce2c9b-9727-4fea-8cb0-462cd172e74c}
obj[44]=Regkey : interface\{335ca9f4-858f-42eb-b6f7-47a0ffa46481}
obj[45]=Regkey : interface\{2848a01c-6be5-4854-b1bd-dfc30761291d}
obj[46]=Regkey : interface\{152d1d36-d0cd-41f4-a5a1-4d11ecc41177}
obj[47]=Regkey : interface\{14b07d86-9f52-424f-a5cb-c7de0023e3c2}
obj[48]=Regkey : interface\{10d387e3-b30b-41fd-a0ff-1e464a901b53}

MALWARE.SPYWARECLEANER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[49]=RegValue : S-1-5-21-1482476501-436374069-725345543-1003\software\microsoft\windows\currentversion\run "Spyware Cleaner"
obj[55]=Regkey : system\controlset001\services\eventlog\application\spywarecleanerservice
obj[56]=RegValue : system\controlset001\services\eventlog\application\spywarecleanerservice "TypesSupported"
obj[57]=Regkey : system\controlset001\services\spywarecleanerservice
obj[58]=RegValue : system\controlset001\services\spywarecleanerservice "Start"
obj[59]=RegValue : system\controlset001\services\spywarecleanerservice "ErrorControl"
obj[60]=RegValue : system\controlset001\services\spywarecleanerservice "ImagePath"
obj[61]=RegValue : system\controlset001\services\spywarecleanerservice "DisplayName"
obj[62]=RegValue : system\controlset001\services\spywarecleanerservice "ObjectName"
obj[63]=Regkey : system\currentcontrolset\services\eventlog\application\spywarecleanerservice
obj[64]=RegValue : system\currentcontrolset\services\eventlog\application\spywarecleanerservice "TypesSupported"
obj[65]=Regkey : system\currentcontrolset\services\spywarecleanerservice
obj[66]=RegValue : system\currentcontrolset\services\spywarecleanerservice "Start"
obj[67]=RegValue : system\currentcontrolset\services\spywarecleanerservice "ErrorControl"
obj[68]=RegValue : system\currentcontrolset\services\spywarecleanerservice "ImagePath"
obj[69]=RegValue : system\currentcontrolset\services\spywarecleanerservice "DisplayName"
obj[70]=RegValue : system\currentcontrolset\services\spywarecleanerservice "ObjectName"

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[50]=IECache Entry : Cookie:paul blake@atdmt.com/
obj[51]=IECache Entry : Cookie:paul blake@zedo.com/
obj[52]=IECache Entry : Cookie:paul blake@com.com/
obj[53]=IECache Entry : Cookie:paul blake@ads.pointroll.com/
obj[54]=IECache Entry : Cookie:paul blake@revsci.net/

IBIS TOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[71]=Regkey : software\microsoft\mediaplayer\control\playbar
obj[72]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrHighlight"
obj[73]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrForeColor"
obj[74]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrBackColor"
obj[75]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrDownload"
obj[76]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrViewed"
obj[77]=RegValue : software\microsoft\mediaplayer\control\playbar "ClrStatic"
obj[78]=RegValue : software\microsoft\internet explorer\main "AutoSearch"
obj[79]=File : C:\_RESTORE\TEMP\A0717599.CPY
obj[80]=File : C:\_RESTORE\TEMP\A0717636.CPY
obj[81]=File : C:\_RESTORE\TEMP\A0717685.CPY
obj[82]=File : C:\_RESTORE\TEMP\A0717688.CPY
obj[83]=File : C:\_RESTORE\TEMP\A0717831.CPY
obj[84]=File : C:\_RESTORE\TEMP\A0718922.CPY
obj[85]=File : C:\_RESTORE\TEMP\A0718925.CPY
obj[86]=File : C:\_RESTORE\TEMP\A0718990.CPY
obj[87]=File : C:\_RESTORE\TEMP\A0718993.CPY
obj[88]=File : C:\_RESTORE\TEMP\A0719990.CPY
obj[89]=File : C:\_RESTORE\TEMP\A0719997.CPY
obj[90]=File : C:\_RESTORE\TEMP\A0720131.CPY
obj[91]=File : C:\_RESTORE\TEMP\A0721131.CPY
obj[92]=File : C:\_RESTORE\TEMP\A0721134.CPY
obj[93]=File : C:\_RESTORE\TEMP\A0723169.CPY
obj[94]=File : C:\_RESTORE\TEMP\A0723191.CPY
obj[95]=File : C:\_RESTORE\TEMP\A0723280.CPY
obj[96]=File : C:\_RESTORE\TEMP\A0723283.CPY
obj[97]=File : C:\_RESTORE\TEMP\A0723319.CPY
obj[98]=File : C:\_RESTORE\TEMP\A0723374.CPY
obj[99]=File : C:\_RESTORE\TEMP\A0723377.CPY
obj[100]=File : C:\_RESTORE\TEMP\A0724409.CPY
obj[101]=File : C:\_RESTORE\TEMP\A0724412.CPY
obj[102]=File : C:\_RESTORE\TEMP\A0724455.CPY
obj[103]=File : C:\_RESTORE\TEMP\A0725455.CPY
obj[104]=File : C:\_RESTORE\TEMP\A0725458.CPY
obj[105]=File : C:\_RESTORE\TEMP\A0727498.CPY
obj[106]=File : C:\_RESTORE\TEMP\A0727499.CPY
obj[107]=File : C:\_RESTORE\TEMP\A0727500.CPY
obj[108]=File : C:\_RESTORE\TEMP\A0729470.CPY

VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[109]=File : C:\_RESTORE\ARCHIVE\FS2482.CAB

WIN32.DIALER.SARISTAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[110]=File : C:\_RESTORE\ARCHIVE\FS3283.CAB

SYSTEMDOCTOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[111]=File : C:\System Volume Information\_restore{6B6BC506-A1BD-4B9B-99C4-65D40BB26335}\RP277\A0045770.dll
obj[112]=File : C:\System Volume Information\_restore{6B6BC506-A1BD-4B9B-99C4-65D40BB26335}\RP277\A0045771.exe



and lastly the smitfiles..................



smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Thu 05/17/2007
The current time is: 18:44:37.10

Running from
C:\Documents and Settings\Paul Blake\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{0c5a0fff-9164-493b-93e0-17446374e0a0}"="inflexive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}\InProcServer32]
@="C:\WINDOWS\system32\dtjby.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb
1024 dir


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 772 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{0c5a0fff-9164-493b-93e0-17446374e0a0}"="inflexive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}\InProcServer32]
@="C:\WINDOWS\system32\dtjby.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :thumbsup:

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 18 May 2007 - 09:41 PM

Hi blakey1982,

I merged your second log with your original thread (Topic). When you post follow up logs, please stick to the same thread. Just click the Add Reply button to the original Topic. Do not create a new topic for your reply. This will cause confusion and a delay in the help you are receiving.

Please subscribe to this topic so you get an email notice and a link to it when you get a response. To do that click on the Options box toward the top right of your topic (just underneath Add Reply and New Topic). Then click on Track this topic, put a dot next to Immediate Email Notification, then scroll down and click Proceed.

Or, when you visit the forum, click on My Topics toward the top of any bleepingcomputer forum page. Thanks!

Jurgenv will be with you when he is available.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:09 AM

Posted 19 May 2007 - 06:43 AM

Thanks Papakid, blakey1982, do this for me:

Download roguescanfix_setup.

Doubleclick roguescanfix_setup to install it.

After the installation, you will be prompted if you would like to run roguescanfix now. Click "YES" to start the tool.

When you start roguescanfix.bat you'll see a menu:
1. Run Roguescanfix
2. Run sharedtasksrem

Choose option 1 by typing "1".

Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.
If your firewall gives an alert, allow it instead of blocking it.
In case you still get the message BFU.exe is not present, download BFU.zip from here.
Unzip it and place BFU.exe in the c:\program files\roguescanfix-folder. Then doubleclick Roguescanfix.bat again.


The tool will uninstall some programs and delete related files and registrykeys.
When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.
Please make sure the uninstall of the programs are finished before you click Yes to reboot.

A textfile wil open. Place the contents of that file in your next reply, along with a new Hijackthis logfile.
(The textfile can also be found at c:\program files\roguescanfix\task.txt)

Edited by jurgenv, 19 May 2007 - 06:44 AM.

Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users