lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Smitfraud Virus

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 5th Feb 2008, 12:35
New Member Group
  
Hello
I am new to the board and I would like help in removing a Virus which I may think it to be Smitfraud and it has Hijacked my browser. I have run AVG and Adaware but It does not help. The OS is XP here is the log. Thank you in advance for your help.


Logfile of HijackThis v1.99.1
Scan saved at 19:35:19, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB470484-F000-4F17-BAA7-0420975981FF}: NameServer = 212.139.132.37 212.139.132.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: lxce_device - - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  #2  
Old 5th Feb 2008, 13:04
Moderator Group
  
Welcome to C-J.

The log doesn't show any malware but we can take a closer look.

Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post that log back here.
Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Next post please add
MalwareBytes log
__________________
  #3  
Old 5th Feb 2008, 13:51
New Member Group
  
Hi EF,

Thanks for the quick reply. Below is my log for Malware:

Malwarebytes' Anti-Malware 1.02
Database version: 320
Scan type: Full Scan (A:\|C:\|)
Objects scanned: 73752
Time elapsed: 23 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Failed to delete. (Delete on reboot).
C:\Documents and Settings\Ryan Glenn\Application Data\ezpinst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan Glenn\Application Data\inst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
  #4  
Old 5th Feb 2008, 14:01
Moderator Group
  
Looks good so far.

Next go to this post and do Step Two and Step Three - CCleaner and SuperAntispyware.

Post the SuperAntispyware log along with a NEW Hijackthis log in the next post.
__________________
  #5  
Old 5th Feb 2008, 14:44
New Member Group
  
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/05/2008 at 09:34 PM
Application Version : 3.9.1008
Core Rules Database Version : 3395
Trace Rules Database Version: 1387
Scan type : Complete Scan
Total Scan Time : 00:22:21
Memory items scanned : 376
Memory threats detected : 0
Registry items scanned : 5837
Registry threats detected : 0
File items scanned : 11505
File threats detected : 5
Adware.Tracking Cookie
C:\Documents and Settings\Ryan Glenn\Cookies\ryan_glenn@ads.techguy[2].txt
C:\Documents and Settings\Ryan Glenn\Cookies\ryan_glenn@revsci[2].txt
C:\Documents and Settings\Clare Glenn\Cookies\clare_glenn@pacificpoker[1].txt
C:\Documents and Settings\Clare Glenn\Cookies\clare_glenn@videoegg.adbureau[2].txt
RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk


Logfile of HijackThis v1.99.1
Scan saved at 21:43:56, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB470484-F000-4F17-BAA7-0420975981FF}: NameServer = 212.139.132.36 212.139.132.37
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: lxce_device - - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  #6  
Old 5th Feb 2008, 14:54
Moderator Group
  
The log looks fine now, is the computer still giving any indications of malware?
__________________
  #7  
Old 5th Feb 2008, 15:02
New Member Group
  
Yes it still showing signs of Malware unfortunatley..
  #8  
Old 5th Feb 2008, 15:12
Moderator Group
  
Download SmitfraudFix (by S!Ri) to your Desktop.
  • Extract all the files to your Destop.
  • A folder named SmitfraudFix will be created on your Desktop.
  • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  • Select option #1 - Search by typing 1 and press Enter
    • This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
    • When it is done, the results of the scan will be displayed and it will create a log named rapport.txt
      • This is in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
    • Please attach that log in your next reply.
  • Note: process.exe ( which is used by SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
----------

Next post
Smitfraudfix log
Combofix log
__________________
  #9  
Old 5th Feb 2008, 15:43
New Member Group
  
SmitFraudFix v2.281
Scan done at 22:40:52.84, 05/02/2008
Run from C:\Documents and Settings\Ryan Glenn\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ryan Glenn

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ryan Glenn\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RYANGL~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.139.132.8
DNS Server Search Order: 212.139.132.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EB470484-F000-4F17-BAA7-0420975981FF}: NameServer=212.139.132.8 212.139.132.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EB470484-F000-4F17-BAA7-0420975981FF}: NameServer=212.139.132.8 212.139.132.9
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EB470484-F000-4F17-BAA7-0420975981FF}: NameServer=212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End




ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Running from: C:\Documents and Settings\Ryan Glenn\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\rmcastt.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\rmcastt.sys
C:\WINDOWS\system32\install.exe
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RMCASTT
-------\rmcastt

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.
2008-02-05 22:22 . 2008-02-05 22:23 <DIR> d-------- C:\ComboFix[1]
2008-02-05 21:02 . 2004-08-04 05:00 388,608 --a------ C:\kmd.exe
2008-02-05 20:11 . 2008-02-05 20:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-05 20:11 . 2008-02-05 20:11 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\Malwarebytes
2008-02-05 20:11 . 2008-02-05 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-05 19:05 . 2008-02-05 19:05 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\Uniblue
2008-02-05 18:50 . 2008-02-05 18:50 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-05 18:21 . 2008-02-05 18:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-05 18:00 . 2008-02-05 18:00 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-02-05 17:57 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-05 17:57 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-05 17:57 . 2008-02-05 00:23 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-05 17:57 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-05 17:57 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-05 17:57 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-05 17:57 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-04 19:47 . 2008-02-04 19:47 <DIR> d-------- C:\WINDOWS\MaxSecureBackup
2008-02-04 19:46 . 2008-02-04 19:57 <DIR> d-------- C:\Program Files\Max Registry Cleaner
2008-02-04 19:46 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
2008-02-04 19:46 . 2008-02-04 19:46 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2008-02-02 13:49 . 2008-02-02 13:49 <DIR> d-------- C:\Program Files\Panicware
2008-02-01 20:22 . 2008-02-05 22:17 3,352 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-01 19:32 . 2008-02-01 19:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-01 18:42 . 2008-02-05 19:56 <DIR> d-------- C:\Program Files\HJT
2008-02-01 18:39 . 2008-02-01 18:39 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-02-01 18:31 . 2008-02-01 18:31 100 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-02-01 18:21 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-31 20:28 . 2008-01-31 20:28 <DIR> d-------- C:\VundoFix Backups
2008-01-31 19:34 . 2008-02-05 22:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-31 19:34 . 2008-02-02 00:55 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\SUPERAntiSpyware.com
2008-01-31 19:34 . 2008-01-31 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-29 22:28 . 2008-01-29 22:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-29 22:08 . 2008-02-01 18:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 21:15 . 2008-02-03 17:03 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-23 18:08 . 2008-01-23 18:08 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\SuperAdBlocker.com
2008-01-22 18:39 . 2008-01-22 18:39 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\Grisoft
2008-01-22 18:39 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 18:18 . 2008-01-22 18:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-22 18:15 . 2008-02-05 21:48 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\AVG7
2008-01-22 18:15 . 2008-01-22 18:15 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2008-01-22 17:56 . 2008-02-03 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-21 21:10 . 2008-01-22 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-20 16:33 . 2008-01-20 16:33 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\ErrorSmart
2008-01-19 10:09 . 2008-01-19 10:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-12 11:46 . 2008-01-12 11:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-12 10:17 . 2008-02-02 00:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-10 19:54 . 2008-01-12 10:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-10 19:38 . 2008-01-10 19:38 <DIR> d-------- C:\Program Files\AVI Codec Pack
2008-01-10 18:51 . 2005-04-05 14:18 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-01-09 19:20 . 2008-01-09 19:20 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\Yahoo!
2008-01-09 18:03 . 2008-01-09 18:03 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-09 17:52 . 2008-01-10 17:51 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\dvdcss
2008-01-08 18:20 . 2007-03-05 05:00 421,888 --a------ C:\WINDOWS\system32\lxcedrs.dll
2008-01-08 18:20 . 2007-01-30 10:22 413,696 --a------ C:\WINDOWS\system32\lxceinpa.dll
2008-01-08 18:20 . 2007-01-30 10:35 397,312 --a------ C:\WINDOWS\system32\lxceiesc.dll
2008-01-08 18:20 . 2007-02-22 18:32 344,064 --a------ C:\WINDOWS\system32\lxcecoin.dll
2008-01-08 18:20 . 2006-10-03 23:21 330,030 --a------ C:\WINDOWS\system32\lxcehelp.chm
2008-01-08 18:20 . 2007-01-30 10:18 323,584 --a------ C:\WINDOWS\system32\lxcehcp.dll
2008-01-08 18:20 . 2007-01-30 10:35 274,432 --a------ C:\WINDOWS\system32\lxceinst.dll
2008-01-08 18:20 . 2005-02-24 17:23 61,440 --a------ C:\WINDOWS\system32\lxcecnv4.dll
2008-01-07 20:59 . 2008-01-07 20:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 20:31 . 2008-01-06 20:31 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\InstallShield
2008-01-06 20:18 . 2008-01-06 20:35 <DIR> d-------- C:\Documents and Settings\Ryan Glenn\Application Data\VersionTracker Pro
2008-01-05 16:23 . 2008-01-05 16:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-05 16:23 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-05 16:23 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-05 16:23 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-05 16:19 . 2008-01-05 16:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-05 15:19 . 2008-01-05 15:19 <DIR> d-------- C:\swsetup
2008-01-05 15:09 . 2008-01-05 15:08 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-03 23:25 --------- d-----w C:\Program Files\Google
2008-01-31 10:50 --------- d-----w C:\Documents and Settings\Ryan Glenn\Application Data\Vso
2008-01-24 17:31 --------- d-----w C:\Program Files\Lx_cats
2008-01-18 19:58 --------- d-----w C:\Program Files\DivX
2008-01-18 19:57 --------- d-----w C:\Program Files\Java
2008-01-18 19:56 --------- d-----w C:\Program Files\Real
2008-01-12 11:45 --------- d-----w C:\Program Files\Common Files\Real
2008-01-12 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 10:18 --------- d-----w C:\Documents and Settings\Ryan Glenn\Application Data\Lavasoft
2008-01-09 19:24 --------- d-----w C:\Program Files\Yahoo!
2008-01-08 18:20 --------- d-----w C:\Program Files\Lexmark 4300 Series
2008-01-07 21:55 --------- d-----w C:\Documents and Settings\Ryan Glenn\Application Data\AdobeUM
2008-01-04 20:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 19:57 --------- d-----w C:\Program Files\Analog Devices
2008-01-04 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-01-04 18:08 --------- d-----w C:\Program Files\Gabest
2008-01-04 18:08 --------- d-----w C:\Program Files\CyberLink
2008-01-02 23:18 --------- d-----w C:\Program Files\Ahead
2008-01-02 23:14 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-29 14:16 --------- d-----w C:\Documents and Settings\Ryan Glenn\Application Data\DivX
2007-12-22 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2007-12-21 16:06 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-21 16:06 47,360 ----a-w C:\Documents and Settings\Ryan Glenn\Application Data\pcouffin.sys
2007-12-21 16:06 --------- d-----w C:\Program Files\VSO
2007-12-11 20:36 --------- d-----w C:\Program Files\Virtual Dub
2007-12-10 20:22 --------- d-----w C:\Program Files\plugins
2007-12-10 20:22 --------- d-----w C:\Program Files\aviproxy
2007-12-10 19:47 --------- d-----w C:\Documents and Settings\Ryan Glenn\Application Data\Pegasys Inc
2007-12-10 19:39 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-12-06 01:47 --------- d-----w C:\Program Files\MSN Messenger
2007-05-20 11:28 31,528 ----a-w C:\Documents and Settings\Ryan Glenn\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2005-04-05 19:23 114688]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19 77824]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXCEtime.dll" [2007-02-22 05:17 73728]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45 192512]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36 299008]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 07:09 200704]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-22 18:14 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-22 18:14 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 21:51:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-05 03:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 22:35:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\RYANGL~1\LOCALS~1\Temp\SSUPDATE.EXE
.
************************************************** ************************
.
Completion time: 2008-02-05 22:38:02 - machine was rebooted [Ryan Glenn]
ComboFix-quarantined-files.txt 2008-02-05 22:37:46
.
2008-01-06 03:02:26 --- E O F ---
  #10  
Old 5th Feb 2008, 15:55
Moderator Group
  
Run CCleaner.

Post a NEW Hijackthis log.

Did the Combofix help?
__________________
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.