Jump to content

hit by MMediaCodec, please check my log...


Recommended Posts

can someone please take a look at my log and tell me what steps to take next? thank you!

 

Logfile of HijackThis v1.99.1

Scan saved at 11:06:55 AM, on 10/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MMediaCodec\isamonitor.exe

C:\Program Files\MMediaCodec\pmsngr.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MMediaCodec\isamini.exe

C:\Program Files\MMediaCodec\pmmon.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Tripp Lite\PowerAlert\console\status.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\MEDIC\bin\sprtcmd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\joseph\Desktop\P\add ons\add on files and pgms\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.redir=ymmapi10&amp....cldefstat=Def1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [DVDTray] C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe

O4 - HKLM\..\Run: [DVDBitSet] C:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI

O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: PowerAlert Log Viewer.lnk = ?

O4 - Startup: PowerAlert Status Console.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.commissarycoupons.com/scriptx/smsx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120580356859

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static...h/weblaunch.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1451/ftp...02/cpbrkpie.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PowerAlert Port Manager Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe

O23 - Service: PowerAlert UPS Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Link to post
Share on other sites

here is the rapport.txt file as per jaycees instructions...

 

SmitFraudFix v2.109

 

Scan done at 11:31:44.65, Sat 10/14/2006

Run from C:\Documents and Settings\joseph\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\dpfwu.dll Deleted

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

C:\Program Files\MMediaCodec\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Link to post
Share on other sites

Edited the information I posted and this member quoted. I was not aware Jacee was helping this member.

pskelley

 

 

thanks phil. heres a new HJT filelog after using AVG as directed by jaycees instructions. you made reference to a tutorial but i did not see you post it....were you referring to jaycee's instructions? i assumed so and followed that...please let me know if i am going the wrong directions. anyway, heres the HJY logfile:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:41:48 AM, on 10/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Tripp Lite\PowerAlert\console\status.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\MEDIC\bin\sprtcmd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\joseph\Desktop\P\add ons\add on files and pgms\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.redir=ymmapi10&amp....cldefstat=Def1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [DVDTray] C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe

O4 - HKLM\..\Run: [DVDBitSet] C:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI

O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: PowerAlert Log Viewer.lnk = ?

O4 - Startup: PowerAlert Status Console.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.commissarycoupons.com/scriptx/smsx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120580356859

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static...h/weblaunch.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1451/ftp...02/cpbrkpie.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PowerAlert Port Manager Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe

O23 - Service: PowerAlert UPS Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by pskelley
Link to post
Share on other sites

O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

 

i noticed these things from the new HJT filelog....will the PC continuously be looking for the MMEDIA CODEC file and always create a log of it or will the problem disappear after i reboot?

 

i dont care about the partypoker logs, i dont even use that program anymore, but i thought it was odd that it created a log. maybe i need to dig into my program files, find that one and delete it as well since i no longer use it....

 

joe

 

 

PS thank you for all your help!

Link to post
Share on other sites

I apologize, you must have started another topic instead of replying to the one Jacee

started with you. Return to the original topic and post there using add reply and do not start new Topics, she will not get notified when you post. Thanks

Link to post
Share on other sites

actually her instructions stated TO post a new topic with a new HJT logfile, so i was just doing like the directions said...

 

anyway, here is also the report from my AVG scan...

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:39:02 PM 10/14/2006

 

+ Scan result:

 

 

 

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).

C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).

HKU\S-1-5-21-1614895754-1450960922-682003330-1004\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).

HKU\S-1-5-21-1614895754-1450960922-682003330-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).

HKU\S-1-5-21-1614895754-1450960922-682003330-1004\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.22:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\got31dw4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.23:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\got31dw4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.

:mozilla.24:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\got31dw4.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.

:mozilla.14:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\got31dw4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.20:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\got31dw4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.21:C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\got31dw4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.

 

 

::Report end

 

 

i will go back to the original thread where i got her directions and post there and see what she thinks. if you could help me out until she comes, that would be nice tho too!

 

joe

Link to post
Share on other sites

ok, heres the results from panda active scan....

 

Incident Status Location

 

Adware:adware/ist.istbar Not disinfected c:\program files\common files\Totem Shared

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\joseph\Application Data\Mozilla\Firefox\Profiles\got31dw4.default\cookies.txt[.gostats.com/]

Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\joseph\Desktop\P\kazaa\bdcore.dll

Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Documents and Settings\joseph\Desktop\P\kazaa\bdcore.dll.updpnd

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\joseph\Desktop\SmitfraudFix\Process.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\joseph\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe]

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041

Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Link to post
Share on other sites

I apologize for the confusion. Jacee has asked me to continue helping you. I will use the information you have provided thus far, but for now I want you to click on this link:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php It will help you with the visuals. Do this in the numbered order:

Please understand that first "Clean" failed and it is probably because it was not run in safe mode as the instructions indicate:

Clean: Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually

But in normal mode:

Scan done at 11:31:44.65, Sat 10/14/2006

Run from C:\Documents and Settings\joseph\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

Please follow these directions carefully as that is your best chance of success.

 

1) Download:

Use this URL to download the latest version (the file contains both English and French versions):

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

2) Use:

Extract all the archive content.

 

3) Search:

Double-click smitfraudfix.cmd

Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

(I wish to see the report from both the "Search" function and the "Clean" function)

 

4) Clean:

Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

Double-click smitfraudfix.cmd

Select 2 and hit Enter to delete infect files.

You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

 

5) Optional: (please do this instruction also)

To restore Trusted and Restricted site zone, select 3 and hit Enter.

You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

 

***This information applies to the optional cleaning: Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

 

Restart the computer and post the two Reports from SmitfraudFix and a fresh HJT log. We will have more to do.

 

Thanks...Phil

Link to post
Share on other sites

ok, turns out my F-lock turns off when my PC reboots, i figured it out and finally got to run safe mode. here are all of the new reports:

 

Smitfraudfix run in NORMAL mode:

SmitFraudFix v2.109

Scan done at 19:56:12.03, Sat 10/14/2006

Run from C:\Documents and Settings\joseph\Desktop\P\add ons\add on files and pgms\pc cleanup utilities\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joseph

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joseph\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\joseph\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

Smitfraudfix run in SAFE mode:

SmitFraudFix v2.109

Scan done at 20:02:48.32, Sat 10/14/2006

Run from C:\Documents and Settings\joseph\Desktop\P\add ons\add on files and pgms\pc cleanup utilities\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

NEW NJT file:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:11:44 PM, on 10/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MEDIC\bin\sprtcmd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Tripp Lite\PowerAlert\console\status.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\joseph\Desktop\P\add ons\add on files and pgms\pc cleanup utilities\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [DVDTray] C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe

O4 - HKLM\..\Run: [DVDBitSet] C:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI

O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: PowerAlert Log Viewer.lnk = ?

O4 - Startup: PowerAlert Status Console.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.commissarycoupons.com/scriptx/smsx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120580356859

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static...h/weblaunch.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1451/ftp...02/cpbrkpie.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PowerAlert Port Manager Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe

O23 - Service: PowerAlert UPS Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Link to post
Share on other sites

Thanks, that's much better. Smitfraud will clean in normal mode but needs safe mode to kill running program effectively.

 

What about this item: C:\Program Files\MEDIC\bin\sprtcmd.exe Can you validate it is safe? If not, use one or more of these free scanners to find out:

http://virusscan.jotti.org/

http://www.kaspersky.com/scanforvirus

http://www.virustotal.com/flash/index_en.html

Post that information for me to view.

 

Scan for and post an AVG Anti-Spyware - Scan Report, let me know about the item above and how the computer is running now. I do not need to see any cooklies in the report, you can edit them before posting.

 

Thanks...Phil

Link to post
Share on other sites

the "medic" program is the pc medic software that my ISP (Roadrunner from time warner cable) provides. i personally do not care to use it, since i already have other programs that i use, but im not sure if my internet will work properly if i do not use their software...any advice on that? still want me to do an AVG scan?

 

joe

Link to post
Share on other sites

here is what i got from the jotti.org scan of that particular file:

 

File to upload & scan:

Service

Service load: 0% 100%

 

File: sprtcmd.exe

Status: OK

MD5 d1afe3f4abff8a6210d71265ee213cf5

Packers detected: -

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Link to post
Share on other sites

No Joe, I am not familiar with the program, my suggestion would be to discuss it with RR.

http://content.rr.com/rdrun/care_support.htm

 

The AVG Spyware scan is optional. You had a good bit of junk in the last, but I believe it was run before Smitfraud "Clean". It's up to you if you want that final check, and if you do run it I suggest you do it in Safe Mode. I will give you closing information in case you decide the computer is running well and you do not wish to do more.

 

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

 

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:

http://forums.spybot.info/showthread.php?t=279

http://russelltexas.com/malware/allclear.htm

http://forum.malwareremoval.com/viewtopic.php?t=14

http://www.bleepingcomputer.com/forums/topict2520.html

http://cybercoyote.org/security/not-admin.shtml

 

Sorry for the confusion at the start and thanks for your cooperation in the cleanup, good job :adios:

 

Thanks...pskelley

Trusted HJT Advisor

PCPitStop forum

http://pcpitstop.com/about/supportus.asp

If you are reading this information...thank a teacher,

If you are reading it in English...thank a soldier.

Link to post
Share on other sites

heres my latest AVG scan....looks like im healthy again....

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 8:56:13 AM 10/15/2006

+ Scan result:

Nothing found.

::Report end

Link to post
Share on other sites

pskelley, thank you very much for your help. i have already done the system restore cleanup.

 

i read somewhere on here that a few people agreed that to pay for the AVG software wasnt worth it they said because the free scan does all they needed it to do....what do you think?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...