topengabeth
Solid State Member
- Messages
- 13
This is my HiJackThis log
Logfile of HijackThis v1.99.1
Scan saved at 7:42:43 PM, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVI
C~1.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\Rar$EX07.390\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/gam...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/gam...nts/y/gt2_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/gam...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/gam...nts/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/gam...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/gam...nts/y/st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwhear...032_5271159.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v1...dy.cab32846.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-36.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1136914102906
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WO...cherControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/am....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVI
C~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
My smitfiles.txt __________________________________________________
_______
smitRem © log file
version 3.0
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: 06/10/2006
The current time is: 19:49:01.15
Running from
C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755
C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461
EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{5aaf654
2-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\acvgxw.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 3620 'explorer.exe'
Killing PID 3620 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755
C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461
EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
regperf.exe
stdole3.tlb
dcomcfg.exe
ld****.tmp
hp***.tmp
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
My Panda Scan-------------------------------------------------------------------------------------------------------------------
Incident Status Location
Adware:adware/securityerror Not disinfected c:\windows\system32\dxole32.exe
Adware:adware/securitytoolbar Not disinfected c:\program files\Security Toolbar
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Application Data\Lycos
Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Adware:adware/dyfuca Not disinfected c:\windows\STWSI
Adware:adware/emediacodec Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Adware:adware/oemji Not disinfected Windows Registry
Virus:Trj/Downloader.CJX Disinfected C:\!KillBox\a_i_037.0ll
Adware:Adware/IST.ISTBar Not disinfected C:\!KillBox\a_i_037.0xe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\Unused Desktop Shortcuts\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\Unused Desktop Shortcuts\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\963971F0-932C-44AD-BBB4-75C695\52D8800F-4B52-4794-B3BC-16E290
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\browserxtras\pn\remove.0xe
Potentially unwanted tool:Application/iWon Not disinfected C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\eSearchBar\exactSetup.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
Adware:Adware/SpywareStrike Not disinfected C:\WINDOWS\SYSTEM32\interf.0lb
Logfile of HijackThis v1.99.1
Scan saved at 7:42:43 PM, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVI
C~1.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\Rar$EX07.390\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/gam...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/gam...nts/y/gt2_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/gam...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/gam...nts/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/gam...nts/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/gam...nts/y/st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hwhear...032_5271159.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v1...dy.cab32846.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-36.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1136914102906
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WO...cherControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/am....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVI
C~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
My smitfiles.txt __________________________________________________
_______
smitRem © log file
version 3.0
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: 06/10/2006
The current time is: 19:49:01.15
Running from
C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755
C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461
EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{5aaf654
2-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\acvgxw.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 3620 'explorer.exe'
Killing PID 3620 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755
C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461
EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
regperf.exe
stdole3.tlb
dcomcfg.exe
ld****.tmp
hp***.tmp
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
My Panda Scan-------------------------------------------------------------------------------------------------------------------
Incident Status Location
Adware:adware/securityerror Not disinfected c:\windows\system32\dxole32.exe
Adware:adware/securitytoolbar Not disinfected c:\program files\Security Toolbar
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Application Data\Lycos
Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Adware:adware/dyfuca Not disinfected c:\windows\STWSI
Adware:adware/emediacodec Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Adware:adware/oemji Not disinfected Windows Registry
Virus:Trj/Downloader.CJX Disinfected C:\!KillBox\a_i_037.0ll
Adware:Adware/IST.ISTBar Not disinfected C:\!KillBox\a_i_037.0xe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\Unused Desktop Shortcuts\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ElizaBeth (Mommy)\Desktop\Unused Desktop Shortcuts\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\963971F0-932C-44AD-BBB4-75C695\52D8800F-4B52-4794-B3BC-16E290
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\browserxtras\pn\remove.0xe
Potentially unwanted tool:Application/iWon Not disinfected C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\eSearchBar\exactSetup.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
Adware:Adware/SpywareStrike Not disinfected C:\WINDOWS\SYSTEM32\interf.0lb
