cwwllcadaware

Members
  • Content Count

    42
  • Joined

  • Last visited

Community Reputation

0 Neutral

About cwwllcadaware

  • Rank
    Advanced Member
  1. Any success in identifying the following: Thu Jun 29 11:29:10 2006 => System found infected with cydoor Spyware/Adware (cfd.exe)! Action taken: No Action Taken. Thu Jun 29 11:29:10 2006 => System found infected with cydoor Spyware/Adware (cfd.exe)! Action taken: No Action Taken.
  2. I thought I was done until I ran MWAV on my other system and got the following (log excerpt): Thu Jun 29 11:28:57 2006 => Offending file found: C:\WINDOWS\Temporary Internet Files\content.ie5\yp2xibq9\class3codesigningca2001[1].crl Thu Jun 29 11:28:57 2006 => System found infected with surfplayer Spyware/Adware (class3codesigningca2001[1].crl)! Action taken: No Action Taken. Thu Jun 29 11:29:10 2006 => System found infected with cydoor Spyware/Adware (cfd.exe)! Action taken: No Action Taken. Thu Jun 29 11:29:10 2006 => System found infected with cydoor Spyware/Adware (cfd.exe)! Action taken: No Action Taken. --------------------------- NOTE: The cfd.exe file was originally found in the following location and was deleted, but it keeps re-appearing when I re-scan MWAV: Program Files\Broadjump\Client Foundation\CFD.exe --------------------------- Following is the HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 8:00:04 PM, on 6/29/06 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ICSMGR.EXE C:\WINDOWS\TPPALDR.EXE C:\PROGRAM FILES\GE\97769 DUAL SCROLL OPTICAL MOUSE\AMOUMAIN.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\TPPSTRAY.EXE C:\WINDOWS\SYSTEM\CTFMON.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE \\GATEWAY1\MY DOCUMENTS\IOMEGAVAIOBACKUP\AMERICA ONLINE 4.0B\DOWNLOAD\HIJACKING\HIJACKTHIS LOG FILES\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medicalprovisions.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.3\SDHELPER.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [iCSMGR] ICSMGR.EXE O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~8\OFFICE10\EXCEL.EXE/3000 O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class)
  3. Where are the quarantined files usually located?
  4. I really don't know how to thank you. I am very, very lucky to have run into you. Your non-stop help and compassion is very much appreciated. You were right when you said it might take days to fix it. But, nevertheless, we did it thanks to you. It has been a definite learning experience. So, to sum it up: 1. Regarding Anti-Virus software, you recommend only installing one program; and you prefer Kaspersky over Norton Anti-Virus or AVG. I assume the paid version of Kaspersky. Does it use a lot of memory while running in the background? 2. Regarding spyware/adware, it is OK to have multiple programs installed (Ad-Aware, Spybot, Webroot Spy Sweeper, etc.). 3. Regarding firewall, I am assuming that any of them will do (Norton, Webroot, Zone Alarm, etc.) 4. Regarding system back-ups, I forgot to ask you this before, how do you feel about the program BackupMyPC? Any programs that you might be aware of that you recommend? Also, will the Anti-Virus and Spyware programs detect problems with already backed-up data?
  5. Can't believe I didn't think of zipping it. Also, what happens to the file? Do you delete, does a copy remain somewhere, etc.?
  6. The log file is so large it freezes each time I try to open it. Not sure what to do. Also, once you view it, what happens to the file? Do you delete, does a copy remain somewhere, etc.?
  7. The latest MWAV Log is 24,994 KB. The link will accept up to 20,048 KB. Are there any other links where it can be uploaded.
  8. In the mean time, I wanted to ask you a couple of questions, if I may, regarding future security: - You had mentioned that Norton Antivirus 2003 was obsolete for today’s malware. I just bought a copy of Norton Internet Security 2005 (Antivirus & Personal Firewall). The 2006 version doesn't work on Win98. Is this version good enough for today's viruses, malware, etc.? - What do you recommend having installed at all times from the usual list (Adaware, Spybot, AVG, Kaspersky, etc.)? It seems that AVG was the only one that removed Qoologic. What are your feelings about the software? - Are there any known conflicts between the above AV software and Norton? - What about Norton Personal Firewall? Any feelings on the software? - Do you have any recommendation on security Equipment (Routers, etc.)?
  9. MWAV is in the process of scanning (latest update 06-20-06) and it found them again: - Precisionpop Spyware/Adware found in File System - Smitfraud Browser Hijacker found in File System
  10. Following are both Kaspersky Log and HJT Log. It seems that KAV didn't find any trace what was discovered by MWAV: - Precisionpop Spyware/Adware found in File System - Smitfraud Browser Hijacker found in File System Kaspersky Log: Protection ---------- Total scanned: 1287871 Detected: 2 Untreated: 0 Start time: Unknown Duration: Unknown Finish time: Unknown Detected -------- Status Object ------ ------ deleted: adware not-a-virus:AdWare.Win32.SurfSide.av File: c:\WINDOWS\SYSTEM\bk.exe/InpB/Ssk.exe deleted: Trojan program Trojan-Clicker.Win32.Small.jf File: c:\Program Files\html2.htm Events ------ Time Event ---- ----- 06/24/2006 9:56:54 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible. 06/24/2006 10:02:56 PM Kaspersky Anti-Virus 6.0 is not activated. 06/24/2006 10:02:57 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible. 06/24/2006 10:06:26 PM Please restart your computer to complete the installation of new or updated protection components. 06/24/2006 10:06:28 PM Update completed successfully. 06/24/2006 10:09:17 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible. 06/24/2006 10:17:26 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible. 06/25/2006 6:56:31 AM File c:\WINDOWS\SYSTEM\bk.exe/InpB/Ssk.exe: detected adware not-a-virus:AdWare.Win32.SurfSide.av 06/25/2006 6:56:31 AM Security threats have been detected. You are advised to neutralize them immediately. 06/25/2006 6:56:31 AM File c:\WINDOWS\SYSTEM\bk.exe/InpB/Ssk.exe: is not disinfected, postponed 06/25/2006 6:56:31 AM File c:\WINDOWS\SYSTEM\bk.exe/InpB/Ssk.exe: detected adware not-a-virus:AdWare.Win32.SurfSide.av 06/25/2006 6:56:32 AM File c:\WINDOWS\SYSTEM\bk.exe/InpB/Ssk.exe: is not disinfected, postponed 06/25/2006 4:59:00 PM File c:\Program Files\html2.htm: detected Trojan program Trojan-Clicker.Win32.Small.jf 06/25/2006 4:59:00 PM Security threats have been detected. You are advised to neutralize them immediately. 06/25/2006 4:59:01 PM File c:\Program Files\html2.htm: is not disinfected, postponed 06/25/2006 4:59:11 PM File c:\Program Files\html2.htm: detected Trojan program Trojan-Clicker.Win32.Small.jf 06/25/2006 4:59:11 PM File c:\Program Files\html2.htm: is not disinfected, postponed Reports ------- Task Status Start Finish Size ---- ------ ----- ------ ---- Scan My Computer completed 06/24/2006 10:32:38 PM 06/25/2006 9:13:50 PM 200 MB Scan completed 06/24/2006 10:34:54 PM 06/25/2006 9:13:28 PM 198.3 MB Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- --------------------------------------------------------------------------------------- HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 11:31:08 AM, on 06/26/2006 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\TPPALDR.EXE C:\WINDOWS\STARTER.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\MY DOCUMENTS\IOMEGAVAIOBACKUP\AMERICA ONLINE 4.0B\DOWNLOAD\HIJACKING\HIJACKTHIS LOG FILES\HIJACKTHIS.EXE O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [kav] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\RunServices: [AVP] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE -r" O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE O4 - Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Advanced Email Extractor - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/page.html O8 - Extra context menu item: Scan link with AEE - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/link.html O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCIEPLUGIN.DLL O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/page.html (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/page.html (file missing) (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
  11. I installed and ran Kaspersky (May Edition). I didn't want to go online yet so I didn't install the latest updates. It found and deleted a number of infected emails (Outlook folder). Did not find Precision Spyware nor Smitfraud. I then uninstalled Kaspersky and reinstalled ran MWAV and it found again the following: - Precisionpop Spyware/Adware found in File System (you're not too concerned about this one as you mentioned it was a false positive) - Smitfraud Browser Hijacker found in File System Can't seem to get rid of Smitfraud. Following is the latest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 1:47:24 PM, on 06/24/2006 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\TPPALDR.EXE C:\WINDOWS\STARTER.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE C:\PROGRAM FILES\WINFAX\WFXCTL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\WINFAX\WFXMOD32.EXE C:\MY DOCUMENTS\IOMEGAVAIOBACKUP\AMERICA ONLINE 4.0B\DOWNLOAD\HIJACKING\HIJACKTHIS LOG FILES\HIJACKTHIS.EXE O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - Startup: Status Monitor.lnk = C:\Program Files\XEROX_XD\ENGSS.EXE O4 - Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Advanced Email Extractor - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/page.html O8 - Extra context menu item: Scan link with AEE - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/link.html O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/page.html (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\PROGRAM%20FILES\ADVANCED%20EMAIL%20EXTRACTOR%20PRO\AEEPMSIE.DLL/page.html (file missing) (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
  12. After running smitRem, I ran MWAV again and have found the following: Precisionpop Spyware/Adware found in File System Smitfraud Browser Hijacker found in File System
  13. 1. You mentioned Panda in your last posting, is Panda and Kaspersky the same company? 2. Is it safe to run an online scan as opposed to a downloaded scan? Won't the online website have access to my files? 3. Following is the smitRem log: smitRem © log file version 3.0 by noahdfear Windows 98 [Version 4.10.2222] Running from C:\My Documents\Hijack\SmitRem\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="C:\WINDOWS\SYSTEM\BROWSEUI.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="C:\WINDOWS\SYSTEM\BROWSEUI.DLL" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system folder ~~~ amcompat.tlb nscompat.tlb ~~~ Icons in system folder ~~~ ~~~ Windows directory ~~~ wupdmgr.exe ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~ wininet.dll ~~~~ wininet.dll Present!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="C:\WINDOWS\SYSTEM\BROWSEUI.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="C:\WINDOWS\SYSTEM\BROWSEUI.DLL" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system folder ~~~ ~~~ Icons in system folder ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~ wininet.dll ~~~~ wininet.dll Clean!!
  14. Smitfraud in System File is still showing after I deleted it from the Spybot Quarantine. Before running MWAV, I deleted all the Spybot quarantined files.