• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
vamcleod

Spywareno

15 posts in this topic

I am unable to remove SPYWARENO from my PC.

I have scanned in safe mode, scan in normal mode still the problem still exist. The Scan located it but will not delete it. I did a "find" search in the registry and deleted all files found for Zeno, ballon.apllication,spywareno and still it keeps coming back. This is my third day with this problem. I am using SE plus build 1.06r1 with definition file SE1R104 21.04.2006. Which I understand should be the current version. I also found out that this spy has been around since 2005. Should not this version be able to repair it? I turned off sys restore, ran scan still no help. The scan locates but will not delete. Re scan, locates will not delete. At one time I had 14 files of spywareno in quarantine. I deleted all of them. Same problem exists.

Operating system: Win XP, SP2. Pentium 4 w/3.06 GigHz. 1 gig shared memory. Help please!! Thanks.

Partial Log follows. Entire log too large to post:

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Saturday, April 22, 2006 12:51:11 PM

Using definitions file:SE1R104 21.04.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SpywareNo(TAC index:10):2 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Share this post


Link to post
Share on other sites
:( Your in good hands, Just follow Corrine's advise below!

Share this post


Link to post
Share on other sites

SpwareNo is another of the rogue applications in the smitRem collection that currently requires a special software to remove.

 

PRINT or SAVE these instructions to text where you can access them in safe mode.

Please follow the instructions in the order given.

 

INSTRUCTIONS:

 

A. Download and/or update the following programs. Install them but do NOT run them yet.

  1. Download SmitfraudFix (© S!Ri) to your Desktop from http://siri.urz.free.fr/Fix/SmitfraudFix.zip . Extract all the files to your Desktop and a folder named SmitfraudFix will be created on your Desktop.
  2. Download CCleaner from the link at the upper right of this page: http://www.filehippo.com/download_ccleaner.html .
  3. Please launch Ad-Aware SE and check for updates. Next click on the gear to access the Configuration Menu. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

B. Restart your computer in Safe Mode.

  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.
    If you need further assistance with Safe Mode, see Symantec

C. Open the SmitfraudFix folder

  1. Double-click smitfraudfix.cmd file to start the tool.
  2. Select option #2 - Clean by typing 2 and press Enter.
    Warning : running option #2 on a uninfected computer will remove your Desktop background.
  3. Wait for the tool to complete and disk cleanup to finish.
  4. You will be prompted : "Registry cleaning - Do you want to clean the registry?"

    1. Answer Yes by typing Y
    2. Hit Enter.

[*]The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.

  1. Answer Yes to the question "Replace infected file?" by typing Y
  2. Hit Enter.

[*]A reboot may be needed to finish the cleaning process. If your computer does not restart automatically please do it yourself manually.

[*]Restart in Safe Mode as instructed above.

[*]The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

D. Clean Temporary Internet files with CCleaner as follows:

  1. Close/Quit Internet Explorer and quit any instances of Windows Explorer.
  2. Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
  3. A pop up box will appear advising this process will permanently delete files from your system.
  4. To protect logon cookies that you wish to retain, under Options > Cookies. Select and using the arrow move those cookies to the "Cookies to keep" column.
  5. Then select the items you wish to clean up.

    [*]In the Applications Tab:

  • Clean all in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.

[*] Click the "Run Cleaner" button and it will scan and clean your system.

[*] Click exit.

E. Recover Desktop

  1. Click on the Programs tab then click the Reset Web Settings button.
  2. Click Apply then OK. Click OK.
  3. Click Start, click Control Panel and then double-click Display.
  4. Click on the Desktop tab, then click the Customize Desktop button.
  5. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
  6. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

F. Scan with Ad-Aware SE

  1. Launch Ad-Aware SE and run a Full Scan.
  2. Uncheck "Search for negligible risk entries"
  3. When the scan has completed, select Next.
  4. In the Scanning Results window, select the "Scan Summary" tab.
  5. Check the box next to each "target family" you wish to remove.
  6. Click next, Click OK.

G. Restart in Normal Mode and open the SmitfraudFix folder

  1. Double-click smitfraudfix.cmd
  2. Select option #3 - Delete Trusted zone by typing 3 and press Enter

    Note: If you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

    H. Post a fresh full scan Ad-Aware SE logfile as well as the C:\rapport.txt.

     

    Please let us know if any problems persist.

     

    Oops! Sorry, Andy. Looks like you replied while I as editing the fix to use Ad-Aware. It took too long to prepare so I'm just going to leave it for the user to choose. :(


Answer Yes to the question "Restore Trusted Zone ?" by typing Y
Hit Enter.

In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

Share this post


Link to post
Share on other sites

I followed these instruction twice, Spywareno was not removed. Attached is the info requested

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Wednesday, April 26, 2006 8:15:53 PM

Using definitions file:SE1R105 26.04.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SpywareNo(TAC index:10):2 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R105 26.04.2006

Internal build : 125

File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref

File size : 623812 Bytes

Total size : 2049042 Bytes

Signature data size : 2011689 Bytes

Reference data size : 36841 Bytes

Signatures total : 56569

CSI Fingerprints total : 2406

CSI data size : 78138 Bytes

Target categories : 15

Target families : 880

 

 

Memory + processor status:

==========================

Number of processors : 2

Processor architecture : Intel Pentium IV

Memory available:64 %

Total physical memory:916460 kb

Available physical memory:584112 kb

Total page file size:2222872 kb

Available on page file:1956312 kb

Total virtual memory:2097024 kb

Available virtual memory:2042156 kb

OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Automatically check all objects in results lists

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Suppress warning if objects cannot be removed

Set : Suppress progress bar during list operations

Set : Disable manual quarantine if auto-quarantine is selected

Set : Block pop-ups aggressively

Set : Load Ad-Watch minimized

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Snap windows to desktop borders

Set : Limit drive selection to fixed drives

Set : Use gridlines in results lists

Set : Suppress WebUpdate confirmation dialogs

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

4-26-2006 8:15:53 PM - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 620

ThreadCreationTime : 4-26-2006 11:31:47 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 672

ThreadCreationTime : 4-26-2006 11:31:53 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 696

ThreadCreationTime : 4-26-2006 11:31:54 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 744

ThreadCreationTime : 4-26-2006 11:31:55 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 756

ThreadCreationTime : 4-26-2006 11:31:55 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 936

ThreadCreationTime : 4-26-2006 11:31:55 PM

BasePriority : Normal

 

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 952

ThreadCreationTime : 4-26-2006 11:31:55 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1004

ThreadCreationTime : 4-26-2006 11:31:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1044

ThreadCreationTime : 4-26-2006 11:31:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [acs.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1144

ThreadCreationTime : 4-26-2006 11:31:56 PM

BasePriority : Normal

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1180

ThreadCreationTime : 4-26-2006 11:31:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1224

ThreadCreationTime : 4-26-2006 11:31:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1528

ThreadCreationTime : 4-26-2006 11:31:57 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 1676

ThreadCreationTime : 4-26-2006 11:31:57 PM

BasePriority : Normal

FileVersion : 3.0.0.160

ProductVersion : 3.0.0.160

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:15 [ccproxy.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1844

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Network Proxy Service

InternalName : ccProxy

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccProxy.exe

 

#:16 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1856

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:17 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1872

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:18 [ceepwrsvc.exe]

FilePath : C:\Program Files\Toshiba\Power Management\

ProcessID : 1884

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 1, 1, 0, 0

ProductVersion : 1, 1, 0, 0

ProductName : CeEPwrSvc Module

CompanyName : COMPAL ELECTRONIC INC.

FileDescription : CeEPwrSvc Module

InternalName : CeEPwrSvc

LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.

OriginalFilename : CeEPwrSvc.EXE

Comments : James Kang

 

#:19 [cfsvcs.exe]

FilePath : C:\Program Files\TOSHIBA\ConfigFree\

ProcessID : 1896

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 4, 60, 0, 2

ProductVersion : 4, 60, 0, 0

ProductName : ConfigFree

CompanyName : TOSHIBA CORPORATION

FileDescription : Service of ConfigFree.

InternalName : CFSvcs.exe

LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved.

LegalTrademarks : ConfigFree

OriginalFilename : CFSvcs.exe

Comments : Service of ConfigFree.

 

#:20 [ctsvccda.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1920

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:21 [dvdramsv.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1960

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 2, 0, 7, 0

ProductVersion : 2, 0, 7, 0

CompanyName : Matsushita Electric Industrial Co., Ltd.

FileDescription : Service of RAMAsst for Windows XP

LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003

OriginalFilename : DVDRAMSV.EXE

#:22 [issvc.exe]

FilePath : C:\Program Files\Norton Internet Security\

ProcessID : 2000

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 8.0.5.14

ProductVersion : 8.0

ProductName : Norton Internet Security

CompanyName : Symantec Corporation

FileDescription : IS Service

InternalName : ISSVC.exe

LegalCopyright : Copyright © 2004 Symantec Corporation

OriginalFilename : ISSVC.exe

 

#:23 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 212

ThreadCreationTime : 4-26-2006 11:31:58 PM

BasePriority : Normal

FileVersion : 5.5.1.6

ProductVersion : 5.5

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation

OriginalFilename : SndSrvc.exe

Share this post


Link to post
Share on other sites

#:24 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 272

ThreadCreationTime : 4-26-2006 11:31:59 PM

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:25 [starwindservice.exe]

FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\

ProcessID : 328

ThreadCreationTime : 4-26-2006 11:31:59 PM

BasePriority : Normal

FileVersion : 2.6.1 Build 0x20050401

ProductVersion : 2.6.1 Build 0x20050401

ProductName : StarWind

CompanyName : Rocket Division Software

FileDescription : StarWind iSCSI Target (Alcohol Edition)

InternalName : StarWind

LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved.

OriginalFilename : StarWind

 

#:26 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 340

ThreadCreationTime : 4-26-2006 11:31:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:27 [swupdtmr.exe]

FilePath : c:\TOSHIBA\Ivp\Swupdate\

ProcessID : 440

ThreadCreationTime : 4-26-2006 11:31:59 PM

BasePriority : Normal

 

 

#:28 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ProcessID : 508

ThreadCreationTime : 4-26-2006 11:32:03 PM

BasePriority : Normal

FileVersion : 1.8.54.841

ProductVersion : 1.8.54.841

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:29 [wdfmgr.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 572

ThreadCreationTime : 4-26-2006 11:32:05 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:30 [mspmspsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 676

ThreadCreationTime : 4-26-2006 11:32:05 PM

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp. 1981-2000

OriginalFilename : MSPMSPSV.EXE

 

#:31 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 988

ThreadCreationTime : 4-26-2006 11:32:06 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:32 [tptray.exe]

FilePath : C:\Program Files\TOSHIBA\TouchPad\

ProcessID : 1792

ThreadCreationTime : 4-26-2006 11:32:20 PM

BasePriority : Normal

FileVersion : 1, 1, 0, 2

ProductVersion : 1, 1, 0, 2

ProductName : TPTray Application

CompanyName : COMPAL ELECTRONIC INC.

FileDescription : TPTray Application

InternalName : TPTray

LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.

OriginalFilename : TPTray.EXE

Comments : Mei Hsu

 

#:33 [sm1bg.exe]

FilePath : C:\WINDOWS\

ProcessID : 2056

ThreadCreationTime : 4-26-2006 11:32:22 PM

BasePriority : Normal

FileVersion : 6.01.1000.0

ProductVersion : 6.01.1000.0

ProductName : Cypress USB Mass Storage Adapter

CompanyName : Cypress Semiconductor

FileDescription : Cypress USB Mass Storage Driver Background Application

InternalName : SM1BG.EXE

LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor

OriginalFilename : SM1BG.EXE

 

#:34 [pinger.exe]

FilePath : C:\toshiba\ivp\ism\

ProcessID : 2064

ThreadCreationTime : 4-26-2006 11:32:22 PM

BasePriority : Normal

FileVersion : 3.3

ProductVersion : 3.3

ProductName : Software Upgrades

CompanyName : TOSHIBA Corporation

FileDescription : TOSHIBA Pinger

InternalName : PINGER

LegalCopyright : © 1997-2002 TOSHIBA Corporation

OriginalFilename : PINGER.EXE

Comments : With TSysSMon support.

 

#:35 [padexe.exe]

FilePath : C:\Program Files\TOSHIBA\Touch and Launch\

ProcessID : 2124

ThreadCreationTime : 4-26-2006 11:32:23 PM

BasePriority : Normal

FileVersion : 1, 2, 4, 0

ProductVersion : 1, 2, 4, 0

ProductName : PadTouch

CompanyName : TOSHIBA

FileDescription : PadTouch Main

InternalName : PadExe

LegalCopyright : Copyright © 2003-2004 TOSHIBA Corporation

OriginalFilename : PadExe.exe

 

#:36 [ndstray.exe]

FilePath : C:\Program Files\TOSHIBA\ConfigFree\

ProcessID : 2136

ThreadCreationTime : 4-26-2006 11:32:23 PM

BasePriority : Normal

FileVersion : 4, 50, 0, 105

ProductVersion : 4, 5, 0, 0

ProductName : ConfigFree Tray

CompanyName : TOSHIBA CORPORATION

FileDescription : ConfigFree Tray

InternalName : ndstray

LegalCopyright : Copyright 2002-2003 © TOSHIBA CORPORATION. All rights reserved.

OriginalFilename : NDSTray.exe

#:37 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla\

ProcessID : 2152

ThreadCreationTime : 4-26-2006 11:32:24 PM

BasePriority : Normal

FileVersion : 1.04.08a

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2004 Sonic Solutions

 

#:38 [cepmtray.exe]

FilePath : C:\Program Files\TOSHIBA\Power Management\

ProcessID : 2172

ThreadCreationTime : 4-26-2006 11:32:25 PM

BasePriority : Normal

FileVersion : 1, 1, 0, 11

ProductVersion : 1, 1, 0, 11

ProductName : CeTray Application

CompanyName : COMPAL ELECTRONIC INC.

FileDescription : CeTray MFC Application

InternalName : CeTray

LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.

OriginalFilename : CeTray.EXE

Comments : James Kang

 

#:39 [ceekey.exe]

FilePath : C:\Program Files\TOSHIBA\E-KEY\

ProcessID : 2204

ThreadCreationTime : 4-26-2006 11:32:25 PM

BasePriority : Normal

FileVersion : 2, 1, 0, 7

ProductVersion : 2, 1, 0, 7

ProductName : EKey Application

CompanyName : COMPAL ELECTRONIC INC.

FileDescription : TOSHIBA HotKey Utility

InternalName : EKey

LegalCopyright : Copyright 2003-2004 Compal Electronic Inc.

OriginalFilename : CeEKey.EXE

 

#:40 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2240

ThreadCreationTime : 4-26-2006 11:32:26 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:41 [ad-watch.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ProcessID : 2308

ThreadCreationTime : 4-26-2006 11:32:27 PM

BasePriority : Normal

FileVersion : 3.1.2.17

ProductVersion : 3.2

ProductName : Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Watch System Protector

InternalName : Ad-Watch.exe

LegalCopyright : 1999-2004 Team Lavasoft

OriginalFilename : Ad-Watch.exe

 

#:42 [atiptaxx.exe]

FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

ProcessID : 2360

ThreadCreationTime : 4-26-2006 11:32:28 PM

BasePriority : Normal

FileVersion : 6.14.10.5103

ProductVersion : 6.14.10.5103

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

#:43 [apoint.exe]

FilePath : C:\Program Files\Apoint2K\

ProcessID : 2444

ThreadCreationTime : 4-26-2006 11:32:29 PM

BasePriority : Normal

FileVersion : 6.0.2.180

ProductVersion : 6.0.2.180

ProductName : Alps Pointing-device Driver

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver

InternalName : Alps Pointing-device Driver

LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.

OriginalFilename : Apoint.exe

 

#:44 [agrsmmsg.exe]

FilePath : C:\WINDOWS\

ProcessID : 2516

ThreadCreationTime : 4-26-2006 11:32:30 PM

BasePriority : Normal

FileVersion : 2.1.38 2.1.38 02/20/2004 15:00:27

ProductVersion : 2.1.38 2.1.38 02/20/2004 15:00:27

ProductName : Agere SoftModem Messaging Applet

CompanyName : Agere Systems

FileDescription : SoftModem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © Agere Systems 1998-2000

OriginalFilename : smdmstat.exe

 

#:45 [mtdacq.exe]

FilePath : C:\Program Files\Creative\Shared Files\Media Sniffer\

ProcessID : 2640

ThreadCreationTime : 4-26-2006 11:32:32 PM

BasePriority : Normal

FileVersion : 1.2.3.0

ProductVersion : 1.0.0.0

ProductName : Metadata monitor

CompanyName : Creative Technology Ltd

FileDescription : Metadata monitor

InternalName : MtdAcq.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : MtdAcq.exe

 

#:46 [ctdetect.exe]

FilePath : C:\Program Files\Creative\MediaSource\Detector\

ProcessID : 2668

ThreadCreationTime : 4-26-2006 11:32:33 PM

BasePriority : Normal

FileVersion : 3.0.2.0

ProductVersion : 3.0.0.0

ProductName : Creative MediaSource Detector

CompanyName : Creative Technology Ltd

FileDescription : Creative MediaSource Detector

InternalName : CTDetect

LegalCopyright : Copyright © Creative Technology Ltd., 2003-2004. All rights reserved.

OriginalFilename : CTDetect.EXE

 

#:47 [wscntfy.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2744

ThreadCreationTime : 4-26-2006 11:32:34 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Security Center Notification App

InternalName : wscntfy.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wscntfy.exe

 

#:48 [ramasst.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2796

ThreadCreationTime : 4-26-2006 11:32:36 PM

BasePriority : Normal

FileVersion : 1, 0, 9, 0

ProductVersion : 1, 0, 9, 0

CompanyName : Matsushita Electric Industrial Co., Ltd.

FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive

LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003

OriginalFilename : RAMASST.EXE

 

#:49 [wupdmgr.exe]

FilePath : C:\WINDOWS\

ProcessID : 2888

ThreadCreationTime : 4-26-2006 11:32:38 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Balloon Application

FileDescription : Balloon MFC Application

InternalName : Balloon

LegalCopyright : Copyright © 2006

OriginalFilename : Balloon.EXE

Share this post


Link to post
Share on other sites

#:50 [osaupd.exe]

FilePath : C:\WINDOWS\

ProcessID : 2956

ThreadCreationTime : 4-26-2006 11:32:40 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Balloon Application

FileDescription : Balloon MFC Application

InternalName : Balloon

LegalCopyright : Copyright © 2006

OriginalFilename : Balloon.EXE

 

#:51 [apntex.exe]

FilePath : C:\Program Files\Apoint2K\

ProcessID : 3008

ThreadCreationTime : 4-26-2006 11:32:42 PM

BasePriority : Normal

FileVersion : 5.0.1.15

ProductVersion : 5.0.1.15

ProductName : Alps Pointing-device Driver for Windows NT/2000/XP

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP

InternalName : Alps Pointing-device Driver for Windows NT/2000/XP

LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.

OriginalFilename : ApntEx.exe

 

#:52 [wzqkpick.exe]

FilePath : C:\PROGRA~1\WINZIP\

ProcessID : 464

ThreadCreationTime : 4-27-2006 12:08:45 AM

BasePriority : Normal

FileVersion : 1.0 (32-bit)

ProductVersion : 8.1 (4319)

ProductName : WinZip

CompanyName : WinZip Computing, Inc.

FileDescription : WinZip Executable

InternalName : WZQKPICK.EXE

LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved

LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc

OriginalFilename : WZQKPICK.EXE

Comments : StringFileInfo: U.S. English

 

#:53 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\

ProcessID : 2932

ThreadCreationTime : 4-27-2006 12:13:42 AM

BasePriority : Normal

FileVersion : 6.2.0.237

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

SpywareNo Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{1ca7dbaf-b066-4554-977e-5cebb7fa59c8}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Deep scanning and examining files (K:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for K:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 1

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

SpywareNo Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : balloon.application

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 2

 

8:21:49 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:05:55.437

Objects scanned:123190

Objects identified:2

Objects ignored:0

New critical objects:2

 

 

 

RAPPORT

SmitFraudFix v2.33b

 

Scan done at 19:28:10.45, Wed 04/26/2006

Run from C:\Documents and Settings\MACK\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

C:\WINDOWS\osaupd.exe FOUND !

C:\WINDOWS\wupdmgr.exe FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MACK\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MACK\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

 

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

2nd run

SmitFraudFix v2.33b

 

Scan done at 18:42:47.34, Wed 04/26/2006

Run from C:\Documents and Settings\MACK\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\osaupd.exe Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

Thanks again for your help. I hope that info will help in fixing this problem.

Share this post


Link to post
Share on other sites

Just discovered that S!Ri updated last night to version 2.35 ... download a fresh copy, and see if it does the trick. Let's also see a HJT log when you are finished.

Share this post


Link to post
Share on other sites
Just discovered that S!Ri updated last night to version 2.35 ... download a fresh copy, and see if it does the trick. Let's also see a HJT log when you are finished.

 

Thanks, here is Hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 8:14:52 PM, on 4/27/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ACS.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\SM1BG.EXE

C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\wupdmgr.exe

C:\WINDOWS\osaupd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\DOWNLOADS_vomac\HijACk THiS\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [{78-8F-FC-C1-ZN}] 0

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140652834906

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Thanks guys.

Share this post


Link to post
Share on other sites

I don't see ZeroAds installed, but the item in blue below should be left alone IF you are using it. Otherwise, add it to the items to be fixed.

 

Close all open windows, and run HJT again. Put a checkmark next to the following items, and press "Fix Checked":

 

O4 - HKLM\..\Run: [{78-8F-FC-C1-ZN}] 0

 

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab

 

Reboot.

 

Post the results of the 2.35 scan please.

 

Run Ad-Aware SE again, and see if it detects anything.

 

Let us know the status of your problem.

Share this post


Link to post
Share on other sites

heys.........does anyone here know how to remove atmclk.exe and dcomcfg?? I have tried using spybot and adaware SE personal core application 1.06r1 with the latest definition filedated 26-4-2006 but it is still there.......I also tried deleting it thru the windows task manager but it reappears after i press delete.

 

hope someone could help.

Share this post


Link to post
Share on other sites
I don't see ZeroAds installed, but the item in blue below should be left alone IF you are using it. Otherwise, add it to the items to be fixed.

 

Close all open windows, and run HJT again. Put a checkmark next to the following items, and press "Fix Checked":

 

O4 - HKLM\..\Run: [{78-8F-FC-C1-ZN}] 0

 

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab

 

Reboot.

 

Post the results of the 2.35 scan please.

 

Run Ad-Aware SE again, and see if it detects anything.

 

Let us know the status of your problem.

 

 

Thanks guys. I think I have got this critter caught. After running HJT,I reviewed the log and located any files that I did not recognize from past experience. I googled these files and found two that were spywareno.

Wupdmgr.exe and osaupd.exe original filename balloon.exe(I had previously deleted that entry from the registry). I then booted to safe mode and deleted those two files. Deleted the desktop icon and boom, I am smoking again!!

Thanks for all the help. You guys were great. Thanks Corrine for the first shove.

Peace up!!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0