1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need Help

Discussion in 'Virus & Other Malware Removal' started by Mike46, Apr 16, 2008.

Thread Status:
Not open for further replies.
  1. Mike46

    Mike46 Thread Starter

    Joined:
    Jul 5, 2005
    Messages:
    231
    I am trying to help out a friend who posted a HiJack Log previously and was told to run SmitFaudFix
    Here are the results of that scan and here is the link to his original post.

    Need Help


    SmitFraudFix v2.296

    Scan done at 9:43:05.35, Sun 04/13/2008

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\QuickTime\qttask .exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\MS74A3~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\adware-sheriff-box.gif FOUND !
    C:\WINDOWS\adware-sheriff-header.gif FOUND !
    C:\WINDOWS\antispylab-logo.gif FOUND !
    C:\WINDOWS\blue-bg.gif FOUND !
    C:\WINDOWS\buy-now-btn.gif FOUND !
    C:\WINDOWS\close-bar.gif FOUND !
    C:\WINDOWS\corner-left.gif FOUND !
    C:\WINDOWS\corner-right.gif FOUND !
    C:\WINDOWS\facts.gif FOUND !
    C:\WINDOWS\footer.giff FOUND !
    C:\WINDOWS\free-scan-btn.gif FOUND !
    C:\WINDOWS\h-line-gradient.gif FOUND !
    C:\WINDOWS\header-bg.gif FOUND !
    C:\WINDOWS\infected.gif FOUND !
    C:\WINDOWS\info.gif FOUND !
    C:\WINDOWS\no-icon.gif FOUND !
    C:\WINDOWS\reg-freeze-box.gif FOUND !
    C:\WINDOWS\reg-freeze-header.gif FOUND !
    C:\WINDOWS\remove-spyware-btn.gif FOUND !
    C:\WINDOWS\spyware-sheriff-header.gif FOUND !
    C:\WINDOWS\spyware-sheriff-box.gif FOUND !
    C:\WINDOWS\star.gif FOUND !
    C:\WINDOWS\star-grey.gif FOUND !
    C:\WINDOWS\true-stories.gif FOUND !
    C:\WINDOWS\warning-bar-ico.gif FOUND !
    C:\WINDOWS\win-sec-center-logo.gif FOUND !
    C:\WINDOWS\windows-compatible.gif FOUND !
    C:\WINDOWS\yes-icon.gif FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\CWS_iestart.exe FOUND !
    C:\WINDOWS\system32\mirarsearch_toolbar.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1\Application Data

    C:\Documents and Settings\User1\Local Settings\Application Data\SpywareSheriff FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce MCP Networking Controller - Packet Scheduler Miniport
    DNS Server Search Order: 207.69.188.186
    DNS Server Search Order: 207.69.188.187

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{09872F3C-721D-4DE2-B63E-72667FAFBFBB}: DhcpNameServer=207.69.188.186 207.69.188.187
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{09872F3C-721D-4DE2-B63E-72667FAFBFBB}: DhcpNameServer=207.69.188.186 207.69.188.187
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{09872F3C-721D-4DE2-B63E-72667FAFBFBB}: DhcpNameServer=207.69.188.186 207.69.188.187
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.186 207.69.188.187
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.186 207.69.188.187
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.186 207.69.188.187


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704221

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice