1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SmitFraud.C, others?

Discussion in 'Virus & Other Malware Removal' started by PCG342, Feb 9, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    Right, I've just about had it with my computer. It's slowing down inexplicably. I've got SmitFraud.C, but before I fix that, I want to see what else there is, and get it all at once. I've already used AVG Spyware, Avast, Spybot, and Ad-Aware.
    Thanks for your time.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:15:09 PM, on 2/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160427873902
    O20 - AppInit_DLLs: C:\WINDOWS\system32\win_251.dll
    O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

     
  2. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    Also, some pages don't load properly. This is a recent issue - just started today. I just get the standard Firefox "Problem Loading Page" page.
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk ( C: ) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not do anything with this yet!

    Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.


    Then, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Behind the scriptline to execute field click the folder icon [​IMG] and select alcanshorty.bfu
    • Press Execute and let the program do its job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  4. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    BFU v1.00.9
    Windows XP SP2 (WinNT 5.01.2600 SP2)
    Script started at 10:47:41 AM, on 2/10/2007

    Option Unload Explorer: Yes
    Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
    Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
    Failed: DllUnregister \asappsrv.dll|1 (file not found)
    Failed: DllUnregister \MyToolBar.dll|1 (file not found)
    Failed: DllUnregister \888Bar.dll|1 (file not found)
    Failed: ServiceStop Network Monitor (service not found)
    Failed: ServiceStop cmdService (service not found)
    Failed: ServiceDisable Network Monitor (service not found)
    Failed: ServiceDisable cmdService (service not found)
    Failed: ServiceDelete Network Monitor (service not found)
    Failed: ServiceDelete cmdService (service not found)
    Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
    Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
    Failed: RegDelValue HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{A8B28872-3324-4CD2-8AA3-7D555C872D96} (key not found)
    Failed: RegDelValue HKCU\software\microsoft\internet explorer\toolbar\webbrowser|{cbcc61fa-0221-4ccc-b409-cee865caca3a} (key not found)
    Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run|{84c4d3ae-0bb0-1033-0729-050001} (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
    Option pause between commands: 300 ms
    Option pause between commands: 50 ms
    Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
    Failed: FolderDelete C:\Program Files\winupdates (folder not found)
    Failed: FolderDelete C:\Program Files\winupdate (folder not found)
    Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
    Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
    Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
    Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
    Failed: FolderDelete C:\Program Files\outlook (folder not found)
    Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
    Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
    Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
    Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
    Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
    Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
    Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
    Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
    Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
    Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
    Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
    Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3FBA.tmp (operation failed)
    Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
    Failed: FolderDelete C:\Program Files\DNS (folder not found)
    Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\PSCastor (folder not found)
    Failed: FolderDelete C:\Program Files\CMIntex (folder not found)
    Failed: FolderDelete C:\Program Files\PadsysAssistant (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
    Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
    Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
    Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
    Failed: FolderDelete C:\WINDOWS\inet20000 (folder not found)
    Failed: FolderDelete C:\Program Files\Update06 (folder not found)
    Failed: FolderDelete C:\Program Files\Update03 (folder not found)
    Failed: FolderDelete C:\Program Files\Update04 (folder not found)
    Failed: FolderDelete C:\Program Files\Update08 (folder not found)
    Failed: FolderDelete C:\Program Files\W-Update (folder not found)
    Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
    Failed: FolderDelete C:\Program Files\Cas (folder not found)
    Failed: FolderDelete C:\Program Files\CasStub (folder not found)
    Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
    Failed: FolderDelete C:\Program Files\ipwins (folder not found)
    Failed: FolderDelete C:\Program Files\Ipwindows (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
    Failed: FolderDelete C:\Program Files\folder.js (folder not found)
    Failed: FolderDelete C:\Program Files\ini.ini (folder not found)
    Failed: FolderDelete C:\temp (folder not found)
    Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
    Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
    Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
    Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
    Failed: FolderDelete C:\Program Files\SDVita (folder not found)
    Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
    Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
    Failed: FolderDelete C:\Program Files\PSHope (folder not found)
    Failed: FolderDelete C:\Program Files\Batty (folder not found)
    Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
    Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
    Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
    Failed: FolderDelete C:\Program Files\PSLister (folder not found)
    Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
    Failed: FolderDelete C:\Program Files\PSDream (folder not found)
    Failed: FolderDelete C:\Program Files\cmapp (folder not found)
    Failed: FolderDelete C:\Program Files\cmman (folder not found)
    Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
    Failed: FolderDelete C:\Program Files\fcengine (folder not found)
    Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
    Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
    Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
    Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
    Script completed.
    I could be mistaken, but I'm pretty sure that wasn't too good.
    On to PAS...
     
  5. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    Panda ActiveScan keeps stopping because it fails to load, due to my connection acting screwy - on this machine only.
    32 instances of spyware so far.
    I'm thinking Housecall after this, right?
     
  6. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    Now there's a hell of an improvement...
    What's next??
     

    Attached Files:

  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  8. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{0ffdaffc-d80d-47bf-b9b0-895ea240f4de}"="adelges"

    [HKEY_CLASSES_ROOT\CLSID\{0ffdaffc-d80d-47bf-b9b0-895ea240f4de}\InProcServer32]
    @="C:\WINDOWS\System32\tnvocyn.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{0ffdaffc-d80d-47bf-b9b0-895ea240f4de}\InProcServer32]
    @="C:\WINDOWS\System32\tnvocyn.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\system32\\win_35.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  10. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    Done!
    Now, about that ActiveScan report...
    oh, and thanks for all of the help so far!
     

    Attached Files:

  11. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    Things seem to be running much smoother, but does anybody have any suggestion for the activescan files?
     
  12. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    Things are drastically slower this morning, and out of morbid curiosity I ran "check" with SmitfraudFix. Still a regkey or two infected - should I ignore those?
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yes rerun it and then do an Activescan please.
     
  14. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    SmitFraudFix v2.141

    Scan done at 14:57:02.71, Sun 02/11/2007
    Run from C:\Documents and Settings\Ad\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ad


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ad\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ad\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\system32\\win_35.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  15. PCG342

    PCG342 Banned Thread Starter

    Joined:
    Jan 8, 2006
    Messages:
    772
    I scanned THREE TIMES!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542752

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice