Options

Need help with Trojan-spy.html.smitfraud.c

Unknown
edited May 2005 in Spyware & Virus Removal
Okay ... I've had this virus for a couple weeks now and I've tried out some of the advice that I read here in previous posts ... but still no luck. Here's what I've done (in the order that I did it):

Ran Norton Anti-Virus and deleted all infected files.
Ran Kaspersky Anti-Virus and deleted all infected files.
Ran Spybot Search & Destroy, downloaded and installed all updates then ran the software and deleted infected files.
Ran Ad-Aware, downloaded all updates and then deleted infected files.

After that I ran HiJack This and here,s the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:29:56 AM, on 5/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs\Wrapper.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs\jre\bin\java.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\A_Programs\Utilities\daemon.exe
C:\A_Programs\AntiVirus\PestPatrol\PPControl.exe
C:\A_Programs\AntiVirus\PestPatrol\PPMemCheck.exe
C:\A_Programs\AntiVirus\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\a_programs\utilities\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Vinny Dellay\Application Data\oaco.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\A_Programs\AntiVirus\AdvTools\NPROTECT.EXE
C:\A_Programs\Internet\LimeWire\LimeWire.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\A_Programs\Business\The Journal 3\The Journal 3\Journal.exe
C:\A_Programs\AntiVirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=160
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=160
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\A_Programs\Utilities\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {282B7B2C-9CB2-CC3E-BF19-B8EEFF87BDE1} - C:\WINDOWS\System32\gyinnlp.dll (file missing)
O2 - BHO: (no name) - {4CD83550-9C3F-0DE8-8606-63557E802B37} - C:\WINDOWS\System32\czojma.dll (file missing)
O2 - BHO: (no name) - {4FDF3C0C-9465-5BE7-8302-63557EDA2530} - C:\WINDOWS\System32\pilsnbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\A_Programs\AntiVirus\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8452BF00-45B6-1C94-1FD5-580B0FDE35C8} - C:\WINDOWS\Jepcphke.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\A_Programs\AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll (file missing)
O2 - BHO: (no name) - {EC83E957-0592-2B63-B82D-2D17576927B8} - C:\WINDOWS\System32\hprjuepp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\A_Programs\AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {5210EC82-DE75-1021-FA43-AA5037A0C20F} - C:\WINDOWS\Jepcphke.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\A_PROG~1\ANTIVI~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [\\DRZAIUS\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P40 "\\DRZAIUS\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [ASHLT] C:\WINDOWS\Ashlt.exe
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\A_Programs\Utilities\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\A_Programs\AntiVirus\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\A_Programs\AntiVirus\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\A_Programs\AntiVirus\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [Tp9CV] C:\documents and settings\vinny dellay\local settings\temp\Tp9CV.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\a_programs\utilities\qttask.exe" -atboottime
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [37mi37h] sigrprop.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\A_Programs\AntiVirus\KAV\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunOnce: [AAW] "C:\A_PROG~1\ANTIVI~1\NEWFOL~1\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Iw5sRXNsS] sfc40u.exe
O4 - HKCU\..\Run: [mswmdm] C:\WINDOWS\System32\mswmdm.exe
O4 - HKCU\..\Run: [Zxb] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Eeow] C:\Documents and Settings\Vinny Dellay\Application Data\oaco.exe
O4 - Startup: LimeWire On Startup.lnk = C:\A_Programs\Internet\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = A_Programs\Utilities\Winzip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\A_PROG~1\Business\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\A_PROG~1\Business\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {259416DD-66EE-4FD0-BA38-BCAA6FF09B2D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {259416DD-66EE-4FD0-BA38-BCAA6FF09B2D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AD3BDF5-0760-4591-A9C4-687B3BDD1298} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AD3BDF5-0760-4591-A9C4-687B3BDD1298} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {336969B5-A3C7-4B6D-8362-3441DE743727} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {336969B5-A3C7-4B6D-8362-3441DE743727} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {37D2E211-39CB-4975-9332-AE38047CB367} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {37D2E211-39CB-4975-9332-AE38047CB367} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3E90541E-D366-41BB-8F02-988B7FE29949} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E90541E-D366-41BB-8F02-988B7FE29949} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4331AA9F-DB3E-42FC-84C1-27E8E29E0E43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4331AA9F-DB3E-42FC-84C1-27E8E29E0E43} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {46F406E0-0250-4720-9A36-C83F803D16A6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {46F406E0-0250-4720-9A36-C83F803D16A6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {48792727-EB74-47CD-A377-40C62B693D10} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48792727-EB74-47CD-A377-40C62B693D10} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4CEB40F6-C9D4-4DA5-AC7F-006493C390C2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4CEB40F6-C9D4-4DA5-AC7F-006493C390C2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {56674ABC-0F83-47B6-A6D9-9367B167EF42} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {56674ABC-0F83-47B6-A6D9-9367B167EF42} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {566EEA66-C797-49AF-BE24-41CBFBC6505F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {566EEA66-C797-49AF-BE24-41CBFBC6505F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {59379A56-7B66-4E2B-B216-3CF5415F82B4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {59379A56-7B66-4E2B-B216-3CF5415F82B4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5B878390-5E02-4669-896C-49F7F0087FD8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B878390-5E02-4669-896C-49F7F0087FD8} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6FAD4AC9-17F0-4004-AA1A-1F5004419015} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6FAD4AC9-17F0-4004-AA1A-1F5004419015} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {731CF2D4-B714-40D7-A1DC-D36E900A51EC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {731CF2D4-B714-40D7-A1DC-D36E900A51EC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7F8ACA2A-24F8-43CC-B45A-BEB836ACBCBD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F8ACA2A-24F8-43CC-B45A-BEB836ACBCBD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {80339390-5C41-4475-AC0C-4FC6B1088184} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {80339390-5C41-4475-AC0C-4FC6B1088184} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {91CF538D-19B4-49AF-9210-26CC13A1C226} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {91CF538D-19B4-49AF-9210-26CC13A1C226} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A2AE3FA1-B1F5-42BF-94F0-0AD9A9600FB7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2AE3FA1-B1F5-42BF-94F0-0AD9A9600FB7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A7AD6610-25B2-4DAF-8C18-9E3D3E53DD52} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7AD6610-25B2-4DAF-8C18-9E3D3E53DD52} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A8010E5B-2568-451A-BBB9-B7A7A2F5AA97} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A8010E5B-2568-451A-BBB9-B7A7A2F5AA97} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B2369900-5B51-4697-B389-91FDAD5A0B02} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B2369900-5B51-4697-B389-91FDAD5A0B02} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B2E5B4FB-45B6-4392-BE3B-AFC5B069F213} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B2E5B4FB-45B6-4392-BE3B-AFC5B069F213} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C16F42B0-B42B-4895-8148-77904472B5A9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C16F42B0-B42B-4895-8148-77904472B5A9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C7277B8C-1B7B-479B-8319-2D9ECC650EA7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C7277B8C-1B7B-479B-8319-2D9ECC650EA7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CC0DC3F5-66CD-44F7-95BE-926984CA12B4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CC0DC3F5-66CD-44F7-95BE-926984CA12B4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {CDA3827E-EDD1-4D8F-AD10-6B65BDDDEBE4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CDA3827E-EDD1-4D8F-AD10-6B65BDDDEBE4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D4EB8E53-9D65-4E33-9C0F-677B29B13D43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D4EB8E53-9D65-4E33-9C0F-677B29B13D43} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E7AE508E-0DB1-42C9-89B2-D0E26C0C103E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7AE508E-0DB1-42C9-89B2-D0E26C0C103E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EB330400-9534-4E1E-9113-10F24026A319} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EB330400-9534-4E1E-9113-10F24026A319} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FA1FF4A5-8F4E-405A-BEB3-52CD2EC8ED3D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FA1FF4A5-8F4E-405A-BEB3-52CD2EC8ED3D} - (no file) (HKCU)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs\Wrapper.exe" -s "C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs/Wrapper.conf (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\A_Programs\AntiVirus\KAV\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\A_Programs\AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\A_Programs\AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\A_Programs\AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Any help???

Please????

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited May 2005
    Please download CWShredder but don't run it yet.


    Download Ad-aware SE 1.05
    Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.


    Make sure that you can VIEW ALL HIDDEN FILES.

    Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=160
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=160
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {282B7B2C-9CB2-CC3E-BF19-B8EEFF87BDE1} - C:\WINDOWS\System32\gyinnlp.dll (file missing)
    O2 - BHO: (no name) - {4CD83550-9C3F-0DE8-8606-63557E802B37} - C:\WINDOWS\System32\czojma.dll (file missing)
    O2 - BHO: (no name) - {4FDF3C0C-9465-5BE7-8302-63557EDA2530} - C:\WINDOWS\System32\pilsnbb.dll (file missing)
    O2 - BHO: (no name) - {8452BF00-45B6-1C94-1FD5-580B0FDE35C8} - C:\WINDOWS\Jepcphke.dll (file missing)
    O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
    O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll (file missing)
    O2 - BHO: (no name) - {EC83E957-0592-2B63-B82D-2D17576927B8} - C:\WINDOWS\System32\hprjuepp.dll (file missing)
    O3 - Toolbar: Search - {5210EC82-DE75-1021-FA43-AA5037A0C20F} - C:\WINDOWS\Jepcphke.dll (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [ASHLT] C:\WINDOWS\Ashlt.exe
    O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
    O4 - HKLM\..\Run: [Tp9CV] C:\documents and settings\vinny dellay\local settings\temp\Tp9CV.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [37mi37h] sigrprop.exe
    O4 - HKCU\..\Run: [Iw5sRXNsS] sfc40u.exe
    O4 - HKCU\..\Run: [mswmdm] C:\WINDOWS\System32\mswmdm.exe
    O4 - HKCU\..\Run: [Zxb] C:\WINDOWS\System32\t?skmgr.exe
    O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
    O4 - HKCU\..\Run: [Eeow] C:\Documents and Settings\Vinny Dellay\Application Data\oaco.exe
    O9 - Extra button: Microsoft AntiSpyware helper - {259416DD-66EE-4FD0-BA38-BCAA6FF09B2D} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {259416DD-66EE-4FD0-BA38-BCAA6FF09B2D} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {2AD3BDF5-0760-4591-A9C4-687B3BDD1298} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AD3BDF5-0760-4591-A9C4-687B3BDD1298} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {336969B5-A3C7-4B6D-8362-3441DE743727} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {336969B5-A3C7-4B6D-8362-3441DE743727} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {37D2E211-39CB-4975-9332-AE38047CB367} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {37D2E211-39CB-4975-9332-AE38047CB367} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {3E90541E-D366-41BB-8F02-988B7FE29949} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E90541E-D366-41BB-8F02-988B7FE29949} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {4331AA9F-DB3E-42FC-84C1-27E8E29E0E43} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4331AA9F-DB3E-42FC-84C1-27E8E29E0E43} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {46F406E0-0250-4720-9A36-C83F803D16A6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {46F406E0-0250-4720-9A36-C83F803D16A6} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {48792727-EB74-47CD-A377-40C62B693D10} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {48792727-EB74-47CD-A377-40C62B693D10} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {4CEB40F6-C9D4-4DA5-AC7F-006493C390C2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4CEB40F6-C9D4-4DA5-AC7F-006493C390C2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {56674ABC-0F83-47B6-A6D9-9367B167EF42} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {56674ABC-0F83-47B6-A6D9-9367B167EF42} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {566EEA66-C797-49AF-BE24-41CBFBC6505F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {566EEA66-C797-49AF-BE24-41CBFBC6505F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {59379A56-7B66-4E2B-B216-3CF5415F82B4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {59379A56-7B66-4E2B-B216-3CF5415F82B4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5B878390-5E02-4669-896C-49F7F0087FD8} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B878390-5E02-4669-896C-49F7F0087FD8} - (no file) (HKCU)
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {6FAD4AC9-17F0-4004-AA1A-1F5004419015} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6FAD4AC9-17F0-4004-AA1A-1F5004419015} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {731CF2D4-B714-40D7-A1DC-D36E900A51EC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {731CF2D4-B714-40D7-A1DC-D36E900A51EC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7F8ACA2A-24F8-43CC-B45A-BEB836ACBCBD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7F8ACA2A-24F8-43CC-B45A-BEB836ACBCBD} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {80339390-5C41-4475-AC0C-4FC6B1088184} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {80339390-5C41-4475-AC0C-4FC6B1088184} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {91CF538D-19B4-49AF-9210-26CC13A1C226} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {91CF538D-19B4-49AF-9210-26CC13A1C226} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A2AE3FA1-B1F5-42BF-94F0-0AD9A9600FB7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A2AE3FA1-B1F5-42BF-94F0-0AD9A9600FB7} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A7AD6610-25B2-4DAF-8C18-9E3D3E53DD52} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A7AD6610-25B2-4DAF-8C18-9E3D3E53DD52} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A8010E5B-2568-451A-BBB9-B7A7A2F5AA97} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A8010E5B-2568-451A-BBB9-B7A7A2F5AA97} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {B2369900-5B51-4697-B389-91FDAD5A0B02} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B2369900-5B51-4697-B389-91FDAD5A0B02} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {B2E5B4FB-45B6-4392-BE3B-AFC5B069F213} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B2E5B4FB-45B6-4392-BE3B-AFC5B069F213} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C16F42B0-B42B-4895-8148-77904472B5A9} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C16F42B0-B42B-4895-8148-77904472B5A9} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {C7277B8C-1B7B-479B-8319-2D9ECC650EA7} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C7277B8C-1B7B-479B-8319-2D9ECC650EA7} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {CC0DC3F5-66CD-44F7-95BE-926984CA12B4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CC0DC3F5-66CD-44F7-95BE-926984CA12B4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {CDA3827E-EDD1-4D8F-AD10-6B65BDDDEBE4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CDA3827E-EDD1-4D8F-AD10-6B65BDDDEBE4} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {D4EB8E53-9D65-4E33-9C0F-677B29B13D43} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D4EB8E53-9D65-4E33-9C0F-677B29B13D43} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E7AE508E-0DB1-42C9-89B2-D0E26C0C103E} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7AE508E-0DB1-42C9-89B2-D0E26C0C103E} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EB330400-9534-4E1E-9113-10F24026A319} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EB330400-9534-4E1E-9113-10F24026A319} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {FA1FF4A5-8F4E-405A-BEB3-52CD2EC8ED3D} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FA1FF4A5-8F4E-405A-BEB3-52CD2EC8ED3D} - (no file) (HKCU)
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab


    Reboot your computer into SAFE MODE


    Now run CWShredder, making sure to click "Fix".


    Then delete these files or directories (Do not be concerned if they do not exist)


    sigrprop.exe
    sfc40u.exe
    c:\counter.cab
    c:\wp.exe
    C:\WINDOWS\Jepcphke.dll
    C:\WINDOWS\Ashlt.exe
    C:\WINDOWS\kjberup.exe
    C:\WINDOWS\System32\gyinnlp.dll
    C:\WINDOWS\System32\czojma.dll
    C:\WINDOWS\System32\pilsnbb.dll
    C:\WINDOWS\System32\spm1316.dll
    C:\WINDOWS\System32\wer8274.dll
    C:\WINDOWS\System32\hprjuepp.dll
    C:\WINDOWS\System32\mswmdm.exe
    C:\WINDOWS\System32\t?skmgr.exe
    C:\Documents and Settings\Vinny Dellay\Application Data\oaco.exe


    Delete temp files

    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

    Empty the Recycle Bin.


    Run a full scan with Adaware.

    Reboot your computer to go back to normal mode and post a new log.


    Any problems with your desktop?
  • VinnyDaKid
    edited May 2005
    First of all, allow me to sy thank you very much for helping me out! I really, really appreciate it!

    I did as you asked and here is my new HiJack log:


    Logfile of HijackThis v1.99.1
    Scan saved at 4:46:26 PM, on 5/7/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs\Wrapper.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\DCPFLICS\DCPFLICS.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    C:\A_Programs\Utilities\daemon.exe
    C:\A_Programs\AntiVirus\PestPatrol\PPControl.exe
    C:\A_Programs\AntiVirus\PestPatrol\PPMemCheck.exe
    C:\A_Programs\AntiVirus\PestPatrol\CookiePatrol.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    C:\a_programs\utilities\qttask.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\A_Programs\Internet\LimeWire\LimeWire.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\A_Programs\AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs\jre\bin\java.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\A_Programs\Internet\Firefox\firefox.exe
    C:\A_PROG~1\Business\MSOFFI~1\OFFICE11\OUTLOOK.EXE
    C:\A_Programs\Business\MS OFFICE\OFFICE11\WINWORD.EXE
    C:\A_Programs\AntiVirus\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\A_Programs\Utilities\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\A_Programs\AntiVirus\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\A_Programs\AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\A_Programs\AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\A_PROG~1\ANTIVI~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [\\DRZAIUS\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P40 "\\DRZAIUS\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\A_Programs\Utilities\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\A_Programs\AntiVirus\PestPatrol\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\A_Programs\AntiVirus\PestPatrol\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\A_Programs\AntiVirus\PestPatrol\CookiePatrol.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\a_programs\utilities\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\A_Programs\AntiVirus\KAV\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\A_Programs\Internet\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = A_Programs\Utilities\Winzip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\A_PROG~1\Business\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\A_PROG~1\Business\MSOFFI~1\OFFICE11\REFIEBAR.DLL
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs\Wrapper.exe" -s "C:\A_Programs\3D\Maya 6.0 Unlimited - Final\docs/Wrapper.conf (file missing)
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\A_Programs\AntiVirus\KAV\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\A_Programs\AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\A_Programs\AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\A_Programs\AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    To answer your question ... I did indeed have a problem with my desktop. It had turned all blue and wouldn't allow me to put up any background image. I got riod of that blue screen ... but now my screen is just black and the display control panel has been disabled so that I can't put one up.

    Thanks again!

    Vinny Dellay
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited May 2005
    Your log looks clean. Now let's fix up your desktop.

    Download the following reg file to your desktop by right clicking on the link, and selecting save as.

    http://www.bleepingcomputer.com/files/reg/smitfraud.reg

    Once it has downloaded, double-click on the smitfraud.reg file on your desktop and when it asks if you would like to merge the data, click on the Yes button.

    Reboot your computer and you should now be able to change your desktop settings back to how you would like it. If your desktop still looks strange, go into your display properties and click on the Themes tab. Change the theme to Windows XP and you will now be using the default Windows XP settings. Then change them as you see fit.


    Let me know how it turns out.
Sign In or Register to comment.