Sign in to follow this  

Recommended Posts

I have tried to remove SpyLocked using Ad-Aware se Personal with the latest definition files to no avail. Can you help

 

Below is my log file

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, March 23, 2007 4:34:56 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R162 21.03.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):30 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

23-03-2007 4:34:56 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\User\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\User\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru

Description : list of recent documents saved by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru

Description : list of recent pictured inserted in microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru

Description : list of recent documents saved by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\9.0\excel\recent files

Description : list of recent files used by microsoft excel

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\office\9.0\powerpoint\recent file list

Description : list of recent files used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2099135576-229711271-2094087144-1002\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 168

ThreadCreationTime : 23-03-2007 7:55:23 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINNT\system32\

ProcessID : 192

ThreadCreationTime : 23-03-2007 7:55:29 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINNT\system32\

ProcessID : 212

ThreadCreationTime : 23-03-2007 7:55:30 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINNT\system32\

ProcessID : 240

ThreadCreationTime : 23-03-2007 7:55:32 PM

BasePriority : Normal

FileVersion : 5.00.2195.7035

ProductVersion : 5.00.2195.7035

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINNT\system32\

ProcessID : 252

ThreadCreationTime : 23-03-2007 7:55:32 PM

BasePriority : Normal

FileVersion : 5.00.2195.7011

ProductVersion : 5.00.2195.7011

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Executable and Server DLL (Export Version)

InternalName : lsasrv.dll and lsass.exe

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : lsasrv.dll and lsass.exe

 

#:6 [s24evmon.exe]

FilePath : C:\WINNT\System32\

ProcessID : 388

ThreadCreationTime : 23-03-2007 7:55:35 PM

BasePriority : Normal

FileVersion : 3.1.8.0

ProductVersion : 4.0.0.0

ProductName : Mobile Unit Support Service

CompanyName : Intel Corporation

FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.

InternalName : S24EvMon

LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT

OriginalFilename : S24EvMon.exe

 

#:7 [svchost.exe]

FilePath : C:\WINNT\system32\

ProcessID : 424

ThreadCreationTime : 23-03-2007 7:55:35 PM

BasePriority : Normal

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINNT\System32\

ProcessID : 468

ThreadCreationTime : 23-03-2007 7:55:36 PM

BasePriority : Normal

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : svchost.exe

 

#:9 [spoolsv.exe]

FilePath : C:\WINNT\system32\

ProcessID : 516

ThreadCreationTime : 23-03-2007 7:55:36 PM

BasePriority : Normal

FileVersion : 5.00.2195.7059

ProductVersion : 5.00.2195.7059

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolss.exe

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : spoolss.exe

 

#:10 [hidserv.exe]

FilePath : C:\WINNT\system32\

ProcessID : 552

ThreadCreationTime : 23-03-2007 7:55:37 PM

BasePriority : Normal

FileVersion : 5.00.2195.6655

ProductVersion : 5.00.2195.6655

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : HID Audio Service

InternalName : hidserv

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : HIDSERV.EXE

 

#:11 [hwapi.exe]

FilePath : C:\Program Files\Common Files\McAfee\HackerWatch\

ProcessID : 596

ThreadCreationTime : 23-03-2007 7:55:38 PM

BasePriority : Normal

FileVersion : 8.3.105.0

ProductVersion : 8.3.105.0

ProductName : McAfee HackerWatch Service

CompanyName : McAfee, Inc.

FileDescription : McAfee HackerWatch Service

LegalCopyright : © McAfee, Inc. All rights reserved.

OriginalFilename : HWAPI.exe

 

#:12 [mcmscsvc.exe]

FilePath : C:\PROGRA~1\McAfee\MSC\

ProcessID : 620

ThreadCreationTime : 23-03-2007 7:55:38 PM

BasePriority : Normal

FileVersion : 7,2,142,0

ProductVersion : 7,2,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : MISP User Manager

InternalName : McMSCSvc

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McMSCSvc.exe

 

#:13 [mcnasvc.exe]

FilePath : c:\program files\common files\mcafee\mna\

ProcessID : 636

ThreadCreationTime : 23-03-2007 7:55:38 PM

BasePriority : Normal

FileVersion : 1,2,108,0

ProductVersion : 1,2,0,0

ProductName : McAfee Integrated Security Platform

CompanyName : McAfee, Inc.

FileDescription : McAfee Network Agent

InternalName : McNASvc

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McNASvc.exe

 

#:14 [mcods.exe]

FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\

ProcessID : 684

ThreadCreationTime : 23-03-2007 7:55:40 PM

BasePriority : Normal

FileVersion : 11,2,121,0

ProductVersion : 11,2,0,0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan - On Demand Scan

InternalName : mcods.exe

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : mcods.exe

 

#:15 [mcpromgr.exe]

FilePath : C:\PROGRA~1\McAfee\MSC\

ProcessID : 712

ThreadCreationTime : 23-03-2007 7:55:41 PM

BasePriority : Normal

FileVersion : 7,2,142,0

ProductVersion : 7,2,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : McAfee Integrated Security Platform

InternalName : McProMgr

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McProMgr.exe

 

#:16 [redirsvc.exe]

FilePath : c:\PROGRA~1\COMMON~1\mcafee\redirsvc\

ProcessID : 804

ThreadCreationTime : 23-03-2007 7:55:42 PM

BasePriority : Normal

FileVersion : 1,3,109,0

ProductVersion : 1,3,0,0

ProductName : McAfee Redirector

CompanyName : McAfee, Inc.

FileDescription : McAfee Redirector Service Module

InternalName : McRedirector

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : RedirSvc.exe

Comments : McAfee Redirector Service

 

#:17 [mcshield.exe]

FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\

ProcessID : 888

ThreadCreationTime : 23-03-2007 7:55:45 PM

BasePriority : High

 

 

#:18 [mcsysmon.exe]

FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\

ProcessID : 940

ThreadCreationTime : 23-03-2007 7:55:46 PM

BasePriority : Normal

FileVersion : 11,2,131,0

ProductVersion : 11,2,0,0

ProductName : McAfee VirusScan API

CompanyName : McAfee, Inc.

FileDescription : McAfee SystemGuards Service

InternalName : sysmon

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : sysmon.exe

 

#:19 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\

ProcessID : 964

ThreadCreationTime : 23-03-2007 7:55:48 PM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:20 [mpfsrv.exe]

FilePath : C:\Program Files\McAfee\MPF\

ProcessID : 992

ThreadCreationTime : 23-03-2007 7:55:48 PM

BasePriority : Normal

FileVersion : 8.2.118.0

ProductVersion : 8.2.118.0

ProductName : McAfee Personal Firewall

CompanyName : McAfee, Inc.

FileDescription : McAfee Personal Firewall Service

InternalName : MPFService

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MpfService.exe

Comments : McAfee Personal Firewall Service

 

#:21 [regsrvc.exe]

FilePath : C:\WINNT\System32\

ProcessID : 1044

ThreadCreationTime : 23-03-2007 7:55:50 PM

BasePriority : Normal

FileVersion : 4, 0, 0, 1

ProductVersion : 4, 0, 0, 1

ProductName : RegSrvc Module

CompanyName : Intel Corporation

FileDescription : RegSrvc Module

InternalName : RegSrvc

LegalCopyright : Copyright © 2002 - 2003 Intel Corporation

OriginalFilename : RegSrvc.EXE

 

#:22 [regsvc.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1148

ThreadCreationTime : 23-03-2007 7:55:52 PM

BasePriority : Normal

FileVersion : 5.00.2195.6701

ProductVersion : 5.00.2195.6701

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Remote Registry Service

InternalName : regsvc

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : REGSVC.EXE

 

#:23 [mstask.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1164

ThreadCreationTime : 23-03-2007 7:55:52 PM

BasePriority : Normal

FileVersion : 4.71.2195.6972

ProductVersion : 4.71.2195.6972

ProductName : Microsoft® Windows® Task Scheduler

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

LegalCopyright : Copyright © Microsoft Corp. 1997

OriginalFilename : mstask.exe

 

#:24 [saservice.exe]

FilePath : C:\Program Files\SiteAdvisor\6028\

ProcessID : 1216

ThreadCreationTime : 23-03-2007 7:55:54 PM

BasePriority : Normal

FileVersion : 2.3.0

ProductVersion : 1, 0, 0, 1

ProductName : SAService Application

CompanyName : McAfee, Inc.

FileDescription : SAService Application

InternalName : SAService

LegalCopyright : Copyright McAfee, Inc. 2006

OriginalFilename : SAService.exe

 

#:25 [smagent.exe]

FilePath : C:\Program Files\Analog Devices\SoundMAX\

ProcessID : 1284

ThreadCreationTime : 23-03-2007 7:55:55 PM

BasePriority : Normal

FileVersion : 3, 2, 6, 0

ProductVersion : 3, 2, 6, 0

ProductName : SoundMAX service agent

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX service agent component

InternalName : SMAgent

LegalCopyright : Copyright © 2002

OriginalFilename : SMAgent.exe

 

#:26 [stisvc.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1304

ThreadCreationTime : 23-03-2007 7:55:55 PM

BasePriority : Normal

FileVersion : 5.00.2195.6656

ProductVersion : 5.00.2195.6656

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Still Image Devices Monitor

InternalName : STIMON

LegalCopyright : Copyright © Microsoft Corp. 1996-1997

OriginalFilename : STIMON.EXE

 

#:27 [thotkey.exe]

FilePath : C:\WINNT\SYSTEM32\

ProcessID : 1328

ThreadCreationTime : 23-03-2007 7:55:56 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 21

ProductVersion : 6, 0, 2, 0

ProductName : TOSHIBA THotkey

CompanyName : TOSHIBA Corp.

FileDescription : THotkey

InternalName : THotkey

LegalCopyright : Copyright © 1999 - 2003

OriginalFilename : THotkey.exe

 

#:28 [tmesbs3.exe]

FilePath : C:\Program Files\TOSHIBA\TME3\

ProcessID : 1388

ThreadCreationTime : 23-03-2007 7:55:58 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 21

ProductVersion : 2, 0, 0, 0

ProductName : Toshiba Mobile Extension Slim Select Bay Service

CompanyName : Toshiba Corporation

FileDescription : tmesbs3

InternalName : tmesbs3

LegalCopyright : Copyright © Toshiba Corp.1998-2000

OriginalFilename : tmesbs3.exe

 

#:29 [tmesrv3.exe]

FilePath : C:\Program Files\TOSHIBA\TME3\

ProcessID : 1428

ThreadCreationTime : 23-03-2007 7:56:00 PM

BasePriority : Normal

FileVersion : 3, 0, 29, 0

ProductVersion : 3, 0, 29, 0

ProductName : TOSHIBA MobileExtension Service

CompanyName : TOSHIBA

FileDescription : TOSHIBA MobileExtension Service

InternalName : TMESRV3

LegalCopyright : TOSHIBA Copyright © 1999-2001

OriginalFilename : TMESRV3.exe

 

#:30 [winmgmt.exe]

FilePath : C:\WINNT\System32\WBEM\

ProcessID : 1456

ThreadCreationTime : 23-03-2007 7:56:00 PM

BasePriority : Normal

FileVersion : 1.50.1085.0100

ProductVersion : 1.50.1085.0100

ProductName : Windows Management Instrumentation

CompanyName : Microsoft Corporation

FileDescription : Windows Management Instrumentation

InternalName : WINMGMT

LegalCopyright : Copyright © Microsoft Corp. 1995-1999

 

#:31 [svchost.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1488

ThreadCreationTime : 23-03-2007 7:56:02 PM

BasePriority : Normal

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : svchost.exe

 

#:32 [tmedevrm.exe]

FilePath : C:\Program Files\TOSHIBA\TME3\

ProcessID : 1620

ThreadCreationTime : 23-03-2007 7:56:19 PM

BasePriority : Normal

FileVersion : 1, 0, 4, 0

ProductVersion : 1, 0, 4, 0

ProductName : TME3 TMEDevRm

CompanyName : Toshiba

FileDescription : TMEDevRm

InternalName : TMEDevRm

LegalCopyright : Copyright © 2001

OriginalFilename : TMEDevRm.exe

 

#:33 [zcfgsvc.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1688

ThreadCreationTime : 23-03-2007 7:56:28 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 1

ProductName : ZeroCfgSvc Application

CompanyName : Intel Corporation

FileDescription : ZeroCfgSvc MFC Application

InternalName : ZeroCfgSvc

LegalCopyright : Copyright © 2002 - 2003 Intel Corporation

OriginalFilename : ZeroCfgSvc.EXE

 

#:34 [explorer.exe]

FilePath : C:\WINNT\

ProcessID : 1736

ThreadCreationTime : 23-03-2007 7:56:31 PM

BasePriority : Normal

FileVersion : 5.00.3700.6690

ProductVersion : 5.00.3700.6690

ProductName : Microsoft® Windows ® 2000 Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : Copyright © Microsoft Corp. 1981-1999

OriginalFilename : EXPLORER.EXE

 

#:35 [mcagent.exe]

FilePath : C:\PROGRA~1\mcafee.com\agent\

ProcessID : 1792

ThreadCreationTime : 23-03-2007 7:56:35 PM

BasePriority : Normal

FileVersion : 7,2,142,0

ProductVersion : 7,2,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : McAfee Integrated Security Platform

InternalName : McAgent

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McAgent.exe

 

#:36 [hkcmd.exe]

FilePath : C:\WINNT\System32\

ProcessID : 1964

ThreadCreationTime : 23-03-2007 7:56:56 PM

BasePriority : Normal

FileVersion : 3,0,0,2104

ProductVersion : 7,0,0,2104

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:37 [tpwrtray.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1972

ThreadCreationTime : 23-03-2007 7:56:56 PM

BasePriority : Normal

FileVersion : 4.17.21

ProductVersion : 4.17.00

ProductName : TOSHIBA Power Saver

CompanyName : TOSHIBA Corporation

FileDescription : TOSHIBA Power Saver

InternalName : Tpwrtray

LegalCopyright : Copyright 1999-2003 TOSHIBA Corporation.

OriginalFilename : Tpwrtray.exe

Comments : TOSHIBA Power Saver

 

#:38 [toshkcw.exe]

FilePath : C:\Program Files\TOSHIBA\Wireless Hotkey\

ProcessID : 1712

ThreadCreationTime : 23-03-2007 7:56:57 PM

BasePriority : Normal

FileVersion : 2, 1, 0, 1

ProductVersion : 2, 1, 0, 0

ProductName : Wireless Hotkey

CompanyName : TOSHIBA CORPORATION

FileDescription : Wireless Hotkey

InternalName : Wireless Hotkey EXE

LegalCopyright : Copyright © 2001-2002 TOSHIBA CORPORATION

LegalTrademarks : Copyright © 2001-2002 TOSHIBA CORPORATION

OriginalFilename : TosHKCW.EXE

Comments : Wireless Hotkey

 

#:39 [tfncky.exe]

FilePath : C:\Program Files\TOSHIBA\TOSHIBA Controls\

ProcessID : 1992

ThreadCreationTime : 23-03-2007 7:56:57 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : TFncKy Application

FileDescription : TFncKy MFC Application

InternalName : TFncKy

LegalCopyright : Copyright © 2002

OriginalFilename : TFncKy.EXE

 

#:40 [tfnf5.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1996

ThreadCreationTime : 23-03-2007 7:56:57 PM

BasePriority : Normal

FileVersion : 1. 0. 1. 0

ProductVersion : 1. 0. 1. 0

ProductName : Toshiba Hotkey Utility for Display Devices

CompanyName : Toshiba Corp.

FileDescription : TFnF5

InternalName : TFnF5

LegalCopyright : Copyright © Toshiba Corp. 2001

OriginalFilename : TFnF5.Exe

Comments : Hotkey (Fn+F5) for Display Devices

 

#:41 [dragdrop.exe]

FilePath : C:\Program Files\Drag'n Drop CD+DVD\BinFiles\

ProcessID : 2016

ThreadCreationTime : 23-03-2007 7:56:58 PM

BasePriority : Normal

 

 

#:42 [agrsmmsg.exe]

FilePath : C:\WINNT\

ProcessID : 2032

ThreadCreationTime : 23-03-2007 7:56:58 PM

BasePriority : Normal

FileVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08

ProductVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08

ProductName : Agere SoftModem Messaging Applet

CompanyName : Agere Systems

FileDescription : SoftModem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © Agere Systems 1998-2000

OriginalFilename : smdmstat.exe

 

#:43 [pronomgr.exe]

FilePath : C:\Program Files\Intel\NCS\PROSet\

ProcessID : 2044

ThreadCreationTime : 23-03-2007 7:56:59 PM

BasePriority : Normal

FileVersion : 6.1.113.0

ProductVersion : 6.1.113.0

ProductName : Intel® Network Configuration Services

CompanyName : Intel® Corporation

FileDescription : PRONotifyMgr Module

InternalName : PRONotifyMgr

LegalCopyright : Copyright© 2001-2002 Intel Corporation

OriginalFilename : PRONoMgr.exe

 

#:44 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_11\bin\

ProcessID : 2060

ThreadCreationTime : 23-03-2007 7:57:00 PM

BasePriority : Normal

 

 

#:45 [ndstray.exe]

FilePath : C:\Program Files\TOSHIBA\ConfigFree\

ProcessID : 2076

ThreadCreationTime : 23-03-2007 7:57:00 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 98

ProductVersion : 2, 0, 0, 9

ProductName : ConfigFree Tray

CompanyName : TOSHIBA CORPORATION

FileDescription : ConfigFree Tray

InternalName : ndstray

LegalCopyright : Copyright 2002-2003 © TOSHIBA CORPORATION. All rights reserved.

OriginalFilename : NDSTray.exe

 

#:46 [statusclient.exe]

FilePath : C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\

ProcessID : 2160

ThreadCreationTime : 23-03-2007 7:57:04 PM

BasePriority : Normal

FileVersion : 00.00.13

ProductVersion : 00.00.13

ProductName : Hewlett-Packard T-TR Status Client

CompanyName : Hewlett-Packard

FileDescription : Hewlett-Packard T-TR Status Client

InternalName : StatusClient.exe

LegalCopyright : Copyright © 2002 Hewlett-Packard Company

LegalTrademarks : All Rights Reserved.

OriginalFilename : StatusClient.exe

 

#:47 [siteadv.exe]

FilePath : C:\Program Files\SiteAdvisor\6028\

ProcessID : 2196

ThreadCreationTime : 23-03-2007 7:57:05 PM

BasePriority : Normal

FileVersion : 2.2.1.3

ProductVersion : 2.2.1.3

ProductName : SiteAdvisor

CompanyName : McAfee, Inc.

FileDescription : SiteAdvisor

InternalName : SiteAdv

LegalCopyright : Copyright McAfee, Inc. All rights reserved.

OriginalFilename : SiteAdv

 

#:48 [ctfmon.exe]

FilePath : C:\WINNT\system32\

ProcessID : 1636

ThreadCreationTime : 23-03-2007 7:57:05 PM

BasePriority : Normal

FileVersion : 1.00.2409.7 built by: Lab06_N

ProductVersion : 1.00.2409.7

ProductName : Microsoft® Windows NT® Operating System

CompanyName : Microsoft Corporation

FileDescription : Cicero Loader

InternalName : CICLOAD

LegalCopyright : Copyright © Microsoft Corporation. 1981-2001

OriginalFilename : CICLOAD.EXE

 

#:49 [wcescomm.exe]

FilePath : C:\Program Files\Microsoft ActiveSync\

ProcessID : 2008

ThreadCreationTime : 23-03-2007 7:57:08 PM

BasePriority : Normal

FileVersion : 3.7.1.4034

ProductVersion : 3.7.4034

ProductName : Microsoft ActiveSync

CompanyName : Microsoft Corporation

FileDescription : ActiveSync Connection Manager

InternalName : wcescomm

LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : WCESCOMM.EXE

 

#:50 [javaw.exe]

FilePath : C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\

ProcessID : 2004

ThreadCreationTime : 23-03-2007 7:57:11 PM

BasePriority : Normal

 

 

#:51 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 1956

ThreadCreationTime : 23-03-2007 8:32:41 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 30

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 30

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 30

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 30

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 30

 

 

Scanning Hosts file......

Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 30

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 30

 

4:40:15 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:05:18.778

Objects scanned:97592

Objects identified:0

Objects ignored:0

New critical objects:0

Edited by Al Stewart

Share this post


Link to post
Share on other sites

Hello,Al Stewart & Welcome

 

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

 

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

Spylocked

 

Note: Please that these items may need you to do a reboot to complete the Uninstall then please do so.

 

--------------

 

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

( Do not run just YET )

 

--------------

 

Download ATF (Atribune Temp File) Cleaner© by Atribune

 

Download and Install AVG Anti-Spyware© by Grisoft

 

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.

The program will now go to the main screen

You will need to update AVG Anti-Spyware to the latest definition files.

On the main screen select the icon Update then select the Update now link

Next select the Start Update button, the update will start and a progress bar will show the updates being installed.

Close AVG Anti-Spyware

 

Don't run just Yet

 

-----------------

 

If you are having problems with the updater, you can use this link to manually update ewido.

AVG Anti-Spyware manual updates.

Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

 

-----------------

 

Restart your computer in Safe Mode.

  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

 

---------------

 

Run ATF Cleaner

Double-click ATF Cleaner.exe

Under Main choose: Select All

Click the Empty Selected button.

Click Exit on the Main menu to close the program

 

Run AVG Anti-Spyware

Click on Scanner at top

Click on Settings

Once in the Settings screen click on Recommended actions and then select Quarantine

Under Reports, Select Automatically generate report after every scan

Un-Select Only if threats were found

Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan

AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time

Once the scan is complete do the following :

If you have any infections you will prompted, then select Apply all actions

Next select the Reports icon at the top.

Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Now close AVG Anti-Spyware

 

--------------

 

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

 

When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

 

Please post the newrapport.txt log along with a new HijackThis Log and AVG anti-spyware log in your next reply.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Gogo: Thanks a bunch. It all seemed to go ok except due to m y screen resolution I was unable to view all of the commands in AVG Anti-Spyware. Thus, I had to select delete on reboot and was unable to save the report. I am adding the new HijackThis Log and the rapport.txt from SmithfraudFix.

 

Logfile of HijackThis v1.99.1

Scan saved at 10:57:10 PM, on 24/03/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\S24EvMon.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINNT\System32\RegSrvc.exe

C:\WINNT\system32\ZCfgSvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\Explorer.EXE

C:\Program Files\SiteAdvisor\6028\SAService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\SYSTEM32\THOTKEY.EXE

C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\TPWRTRAY.EXE

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINNT\system32\TFNF5.exe

C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe

C:\WINNT\AGRSMMSG.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\User\My Documents\My Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon

O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon

O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: Sebring - C:\WINNT\System32\LgNotify.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE

O23 - Service: Tmesbs3 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe" /Service (file missing)

O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe" /Service (file missing)

 

SmitFraudFix v2.154

 

Scan done at 22:31:22.92, Sat 24/03/2007

Run from C:\Documents and Settings\User\Desktop\SmitfraudFix

OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Hi,Al Stewart

 

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6). Please update and remove the older versions. Do the following:

Go to Start | Control Panel | Add/Remove Programs

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have this icon next to it: javaicon.gif

Select it and click Remove.

Then download and install the newest version from here (scroll down to find it):

Java Runtime Environment (JRE) 6

 

Do a reboot

 

---------------

 

Then may I have some feedback how is the PC doing now.

 

Gogo ;)

Share this post


Link to post
Share on other sites
Sign in to follow this