Jump to content

Archived

This topic is now archived and is closed to further replies.

nitrojoe

Could You Check my HJT Log

Recommended Posts

I have had problems with Ultimate Defender and Spy Shredder. I Cannot access safe mode so I don't know how to properly remove these pests.

 

Thankyou

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:29:17 PM, on 9/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\RK Launcher\RKLauncher.exe

C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe

C:\Program Files\SearchSpy\SearchSpyMenu.exe

C:\Program Files\WinRoll\winroll.exe

C:\Program Files\YzShadow\YzShadow.exe

C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\bmwebcfg.exe

C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HiJackThis_v2.exe

C:\Program Files\Opera\Opera.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe

O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe

O4 - HKCU\..\Run: [searchSpyIndexer] C:\Program Files\SearchSpy\SearchSpy Server\SearchSpyIndex.exe

O4 - HKCU\..\Run: [searchSpy] C:\Program Files\SearchSpy\SearchSpyMenu.exe

O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe

O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: .protected

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebas...sCamControl.ocx

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O21 - SSODL: msmhost - {BD846691-A7CA-4B6F-918F-304A08AED478} - C:\WINDOWS\msmhost.dll

O21 - SSODL: msmdev - {C2056078-09D9-473E-AF32-3EF60FC41CE8} - C:\WINDOWS\msmdev.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

 

--

End of file - 9704 bytes

Share this post


Link to post
Share on other sites

Please download SmitfraudFix

Extract the files to the Desktop

 

~~~~

Now, start the computer in Safe Mode:

  • When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
Open SmitfraudFix
  • Double-click smitfraudfix.cmd
  • Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
  • You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.

You may be prompted to replace the infected file (if found).

Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

 

~~~~

Restart the computer to complete the removal process.

 

~~~~

Also download ComboFix

Save it to the Desktop

 

Double-click combofix.exe to run the program

Follow the prompts.

(Don't click on the window while the program is running, it may cause your system to stall.)

 

When finished, a log, ComboFix.txt, is produced.

 

~~~~

Please run HijackThis once again to obtain a new log.

 

~~~~

Please post the SmitFraudFix report located at C:\rapport.txt , the ComboFix.txt, and a new HijackThis log.

Share this post


Link to post
Share on other sites

Thankyou again

 

 

 

Trend Micro HijackThis v2.0.2

Scan saved at 8:31:30 PM, on 9/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\bmwebcfg.exe

C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebas...sCamControl.ocx

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

 

--

End of file - 8238 bytes

 

 

 

 

 

 

 

 

SmitFraudFix v2.220

 

Scan done at 20:24:09.35, Thu 09/06/2007

Run from C:\Documents and Settings\me\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{682C1FD6-AFFA-40BF-BE6F-E787BD3C0E23}: DhcpNameServer=206.74.254.2 205.244.200.3 204.116.57.2 207.40.113.20

HKLM\SYSTEM\CS1\Services\Tcpip\..\{682C1FD6-AFFA-40BF-BE6F-E787BD3C0E23}: DhcpNameServer=206.74.254.2 205.244.200.3 204.116.57.2 207.40.113.20

HKLM\SYSTEM\CS3\Services\Tcpip\..\{682C1FD6-AFFA-40BF-BE6F-E787BD3C0E23}: DhcpNameServer=206.74.254.2 205.244.200.3 204.116.57.2 207.40.113.20

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=206.74.254.2 205.244.200.3 204.116.57.2 207.40.113.20

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=206.74.254.2 205.244.200.3 204.116.57.2 207.40.113.20

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=206.74.254.2 205.244.200.3 204.116.57.2 207.40.113.20

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

 

 

ComboFix 07-09-06.3 - "me" 2007-09-06 20:18:23.2 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.812 [GMT -4:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))

 

 

2007-09-05 18:56 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-05 16:04 3,110 --a------ C:\WINDOWS\system32\tmp.reg

2007-09-05 15:54 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-09-05 15:54 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-09-05 15:54 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-09-05 14:56 1,308,216 --a------ C:\Program Files\HiJackThis_v2.exe

2007-09-05 13:24 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-09-05 12:18 <DIR> d-------- C:\Program Files\STOPzilla!

2007-09-05 12:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!

2007-08-20 14:48 <DIR> d-------- C:\Program Files\Graphmatica

2007-08-12 10:58 <DIR> d-------- C:\DOCUME~1\me\APPLIC~1\Elluminate

2007-08-07 22:08 <DIR> d-------- C:\Program Files\Apple Software Update

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-09-06 20:00 --------- d-------- C:\Program Files\Windows Media Connect 2

2007-09-06 18:59 --------- d-------- C:\Program Files\Google

2007-09-05 16:11 --------- d-------- C:\DOCUME~1\fasha\APPLIC~1\OpenOffice.org2

2007-09-05 15:29 9705 --a------ C:\Program Files\hijackthis.log

2007-09-05 12:22 3072 --a------ C:\WINDOWS\system32\drivers\5AA8D68F-C9E8-4DDE-8366-60F9B8A07E3C.cxv

2007-08-30 17:38 --------- d-------- C:\DOCUME~1\me\APPLIC~1\OpenOffice.org2

2007-08-21 20:57 --------- d-------- C:\Program Files\Lx_cats

2007-08-19 16:22 --------- d-------- C:\Program Files\Opera

2007-08-07 22:09 --------- d-------- C:\Program Files\iTunes

2007-08-07 22:09 --------- d-------- C:\Program Files\iPod

2007-08-02 14:03 --------- d-------- C:\Program Files\DivX

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-27 11:40 --------- d-------- C:\Program Files\Common Files\AnswerWorks 4.0

2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-23 12:31 --------- d--hs---- C:\Program Files\outlook

2007-07-19 10:30 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-07-19 09:50 3026 --a------ C:\WINDOWS\system32\drivers\hwinterface.sys

2007-07-18 17:09 218624 --a------ C:\WINDOWS\system32\uxtheme.dll

2007-07-18 14:42 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2007-07-18 07:38 2842624 --a------ C:\RoboRealm.exe

2007-07-16 17:26 --------- d-------- C:\Program Files\Yahoo!

2007-07-16 17:18 --------- d-------- C:\Program Files\QuickTime

2007-07-16 17:16 --------- d-------- C:\Program Files\Common Files\Apple

2007-07-16 17:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

2007-07-16 12:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

2007-07-16 12:06 --------- d-------- C:\Program Files\Model Science

2007-07-16 09:53 --------- d-------- C:\Program Files\ShellWM

2007-07-16 09:40 --------- d-------- C:\Program Files\Common Files\Stardock

2007-07-16 09:39 --------- d-------- C:\Program Files\CACE Technologies

2007-07-16 09:21 --------- d-------- C:\Program Files\LimeWire

2007-07-16 08:59 7852 --a------ C:\WINDOWS\system32\mcdmsg7.dll

2007-07-16 07:39 --------- d-------- C:\Program Files\TGTSoft

2007-07-10 09:08 --------- d-------- C:\Program Files\Common Files\Intuit

2007-07-10 09:07 --------- d-------- C:\Program Files\Intuit

2007-07-10 09:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit

2007-07-01 18:34 28672 --a------ C:\RRModule.dll

2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe

2007-02-06 11:17 1565696 --a------ C:\Program Files\SetupExcelLiteFree23.msi

2007-01-24 10:26 6441056 --a------ C:\Program Files\Opera_9.10_International_Setup.exe

2007-01-23 10:16 41139200 --a------ C:\Program Files\Insp8btrial.exe

2005-05-25 09:37 18702 --a------ C:\DOCUME~1\aes.exe\aefdisk.exe

2005-02-16 11:06 218112 --a------ C:\Program Files\HijackThis.exe

2006-01-08 00:18:05 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 12:31]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 12:27]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 18:28]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 18:26]

"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-14 23:12]

"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-05 21:16]

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 18:37 C:\WINDOWS\agrsmmsg.exe]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 17:48]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 12:27]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 05:05]

"TFncKy"="TFncKy.exe" []

"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-17 16:37]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 14:27]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 14:31]

"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-01-11 13:57]

"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 22:30]

"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 08:27]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"System Files Updater"="C:\WINDOWS\FlyakiteOSX\System Files Updater.exe" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 04:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\

Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2005-05-31 15:29:16]

QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-10 18:16:27]

RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-12-07 23:02:24]

 

C:\DOCUME~1\fasha\STARTM~1\Programs\Startup\

OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

 

C:\DOCUME~1\me\STARTM~1\Programs\Startup\

Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-05-04 15:39:42]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 14:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

 

S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys

S1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys

S2 meprog;meprog;\??\C:\WINDOWS\system32\drivers\meProg.sys

S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys

S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS

S3 UniCamDr.Samsung;Samsung Miniket USB-D07 Capture Device;C:\WINDOWS\system32\Drivers\UniCamDr.sys

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

 

 

Contents of the 'Scheduled Tasks' folder

"2007-08-31 18:52:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-06 20:21:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-09-06 20:22:46

C:\ComboFix-quarantined-files.txt ... 2007-09-06 20:22

 

--- E O F ---

Share this post


Link to post
Share on other sites

Strange results...it looks as if you did not follow the sequence of the instructions.

 

How many times did ComboFix run?

By any chance, did you start to run ComboFix and interrupted it to run it in Safe Mode?

Share this post


Link to post
Share on other sites

Strange results...it looks as if you did not follow the sequence of the instructions.

 

How many times did ComboFix run?

By any chance, did you start to run ComboFix and interrupted it to run it in Safe Mode?

 

 

Yes I accidentally hit "open" instead of "save" when downloading the file. Then it began to run and I closed it to enter safe mode.

Share this post


Link to post
Share on other sites

×