Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJTlogs enclosed I think I may have caught a smitfraud

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 5th, 2009, 12:55 pm

I am not sure what it is infected with but I am most sure it is infected I woke up too a virus scanner that I did not download I believe it was adaware 2009 or something to that nature and it was saying my pc was infedted and stuff. Any help will be absolutely appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:17 AM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7062 bytes
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm
Advertisement
Register to Remove

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby Carolyn » January 8th, 2009, 8:17 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.



Step 1

Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt
  3. Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 8th, 2009, 9:37 am

Thanks Carolyn!!!

DDS..........



DDS (Ver_09-01-07.01) - NTFSx86
Run by Compaq_Owner at 8:33:59.48 on Thu 01/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191.32 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\guard32.dll,avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 26824]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-5 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-5 31504]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-16 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-16 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-5 76040]
R4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-1-5 618232]
R4 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]

=============== Created Last 30 ================

2009-01-08 08:25 250 a------- c:\windows\gmer.ini
2009-01-08 00:25 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-08 00:25 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-07 02:49 <DIR> --d----- c:\program files\Lavasoft
2009-01-07 02:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-05 20:17 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-05 20:17 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2009-01-05 20:17 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-05 20:17 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-01-05 20:15 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-01-05 20:15 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys
2009-01-05 16:43 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-05 16:43 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-01-05 16:41 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-05 16:41 2,180,352 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-05 16:41 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-05 16:41 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-05 16:40 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-05 16:13 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-05 15:55 61,440 a------- c:\windows\system32\drivers\pdmt.sys
2009-01-05 12:47 <DIR> --dshr-- C:\cmdcons
2009-01-05 12:32 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-05 12:32 1,847 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PY149AA-ABA SR1502HM NA530_YC_0Pres_QCNH534_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M192_J60_7AMD_8Sempron_91.81_#060330_N10390900_Z11C1048C_G10396330.MRK
2009-01-05 12:31 <DIR> --d----- c:\documents and settings\compaq_owner\WINDOWS
2009-01-05 12:31 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Symantec
2009-01-05 12:31 <DIR> --d----- c:\documents and settings\Compaq_Owner
2009-01-05 12:14 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-01-05 12:14 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-05 12:14 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 11:31 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-05 11:31 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-01-05 11:25 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-05 11:25 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-05 11:25 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-05 11:24 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-05 11:24 <DIR> --d----- c:\docume~1\compaq~1\applic~1\AVGTOOLBAR
2009-01-05 11:20 <DIR> --d----- c:\docume~1\compaq~1\applic~1\WinPatrol
2009-01-05 11:18 <DIR> --dshr-- c:\windows\system32\dllcache
2009-01-05 11:09 147,192 a------- c:\windows\system32\guard32.dll
2009-01-05 11:09 101,776 a------- c:\windows\system32\drivers\cmdguard.sys
2009-01-05 11:09 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-01-05 11:07 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-05 08:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 22:36 <DIR> --d----- C:\USERDATA
2009-01-02 21:32 <DIR> --ds---- c:\documents and settings\compaq_owner\UserData
2008-12-10 20:34 <DIR> --d----- c:\windows\wt

==================== Find3M ====================

2009-01-04 01:35 130,295 a------- c:\windows\hpoins13.dat
2008-12-12 12:33 3,060,224 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 04:45 18,432 a------- c:\windows\system32\dllcache\iedw.exe

============= FINISH: 8:35:50.01 ===============



ATTACH.........



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2009 12:30:32 PM
System Uptime: 1/7/2009 11:55:47 PM (9 hours ago)

Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Sempron(tm) Processor 3100+ | Socket 754 | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 50 GiB total, 29.105 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 1.555 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/5/2009 12:51:28 PM - Removed Compaq Organize
RP2: 1/5/2009 12:52:51 PM - Configured easy Internet sign-up
RP3: 1/5/2009 1:03:19 PM - Removed Norton Security Center
RP4: 1/5/2009 11:24:48 AM - Installed AVG Free 8.0
RP5: 1/5/2009 11:30:25 AM - Software Distribution Service 3.0
RP6: 1/5/2009 11:37:30 AM - Avg8 Update
RP7: 1/5/2009 8:17:02 PM - Unsigned driver install
RP8: 1/6/2009 3:04:34 AM - Software Distribution Service 3.0
RP9: 1/6/2009 7:45:58 AM - Software Distribution Service 3.0
RP10: 1/6/2009 7:56:32 AM - Software Distribution Service 3.0
RP11: 1/7/2009 2:49:26 AM - Installed Ad-Aware
RP12: 1/7/2009 3:00:33 AM - Software Distribution Service 3.0
RP13: 1/7/2009 9:49:39 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AVG Free 8.0
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
COMODO Internet Security
Crystal Maze from Compaq (remove only)
Final Drive Nitro from Compaq (remove only)
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Help and Support 4.0
HpSdpAppCoreApp
iTunes
J2SE Runtime Environment 5.0
Lexibox Deluxe from Compaq (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
Overball from Compaq (remove only)
PC-Doctor for Windows
Phoenix Assault from Compaq (remove only)
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Shooting Stars Pool from Compaq (remove only)
SiS VGA Utilities
Slyder from Compaq (remove only)
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Super Granny from Compaq (remove only)
Tradewinds from Compaq (remove only)
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
WinPatrol 2008

==== Event Viewer Messages From Past Week ========

1/5/2009 1:04:14 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/5/2009 11:35:42 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2149896199
1/6/2009 3:43:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366).
1/6/2009 7:54:58 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 7 for Windows XP.
1/7/2009 5:22:49 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
1/7/2009 9:45:22 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
1/7/2009 9:45:22 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================



GMER........

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-08 08:30:18
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.14 ----
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby Carolyn » January 8th, 2009, 12:50 pm

Hi,

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Double click on mbam-setup.exe to install it.
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Checked (ticked) all items and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Next,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post the following:
  1. The Malwarebyte's Anti-Malware log
  2. The contents of log.txt
  3. The contents of info.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 9th, 2009, 12:52 am

Malwarebytes' Anti-Malware 1.32
Database version: 1632
Windows 5.1.2600 Service Pack 2

1/8/2009 11:44:02 PM
mbam-log-2009-01-08 (23-44-02).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 187403
Time elapsed: 1 hour(s), 57 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2009-01-08 23:49:49
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 30 GB (58%) free of 51 GB
Total RAM: 191 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:54 PM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/Game ... meHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7427 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for Compaq_Owner.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-06-21 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-06-21 720896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-01-04 49152]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-06-21 180269]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-01-05 1797880]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-05 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 1 months======

2009-01-08 08:48:30 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Safer Networking
2009-01-08 08:25:48 ----A---- C:\WINDOWS\gmer.ini
2009-01-08 08:25:44 ----RA---- C:\WINDOWS\gmer.exe
2009-01-08 08:25:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-08 08:25:44 ----A---- C:\WINDOWS\gmer.dll
2009-01-08 00:25:35 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-08 00:25:22 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-01-07 02:49:33 ----D---- C:\Program Files\Lavasoft
2009-01-07 02:47:47 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-06 13:09:50 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2009-01-06 10:31:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Sun
2009-01-06 07:50:39 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-05 16:42:30 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-01-05 16:26:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2009-01-05 16:13:12 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-05 15:55:07 ----A---- C:\WINDOWS\system32\wajao.txt
2009-01-05 12:55:51 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-01-05 12:47:08 ----RSHD---- C:\cmdcons
2009-01-05 12:32:48 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-05 12:31:49 ----ASH---- C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini
2009-01-05 12:31:47 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2009-01-05 12:31:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2009-01-05 12:31:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
2009-01-05 12:31:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2009-01-05 12:31:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
2009-01-05 12:31:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Identities
2009-01-05 12:31:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2009-01-05 12:14:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2009-01-05 11:31:13 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-05 11:31:12 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-05 11:25:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-05 11:24:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AVGTOOLBAR
2009-01-05 11:20:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol
2009-01-05 11:18:23 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-05 11:09:40 ----A---- C:\WINDOWS\system32\guard32.dll
2009-01-05 11:07:13 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-05 11:06:55 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia
2009-01-05 08:57:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 07:59:19 ----A---- C:\rapport.txt
2009-01-02 22:36:28 ----D---- C:\USERDATA
2008-12-18 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-13 20:05:08 ----D---- C:\Program Files\Adobe Media Player
2008-12-13 20:04:57 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-11 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 20:34:34 ----D---- C:\WINDOWS\wt

======List of files/folders modified in the last 1 months======

2009-01-08 23:49:53 ----D---- C:\WINDOWS\temp
2009-01-08 23:46:27 ----D---- C:\WINDOWS\Prefetch
2009-01-08 13:11:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-08 13:01:46 ----D---- C:\WINDOWS\system32\drivers
2009-01-08 08:58:20 ----D---- C:\Program Files
2009-01-08 08:30:57 ----D---- C:\WINDOWS
2009-01-08 08:12:22 ----HD---- C:\$AVG8.VAULT$
2009-01-08 01:57:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 01:52:45 ----AC---- C:\WINDOWS\wininit.ini
2009-01-08 00:11:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-08 00:09:51 ----D---- C:\Program Files\SpywareBlaster
2009-01-07 23:55:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-07 21:53:02 ----HD---- C:\Config.Msi
2009-01-07 21:51:36 ----SHD---- C:\WINDOWS\Installer
2009-01-07 21:51:08 ----D---- C:\WINDOWS\system32
2009-01-07 20:59:39 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-01-07 02:47:47 ----D---- C:\Program Files\Common Files
2009-01-06 08:41:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-06 08:39:39 ----HD---- C:\WINDOWS\inf
2009-01-06 03:54:27 ----D---- C:\WINDOWS\system32\Macromed
2009-01-06 03:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-06 03:47:52 ----A---- C:\WINDOWS\imsins.BAK
2009-01-06 03:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-06 03:47:40 ----D---- C:\Program Files\Messenger
2009-01-06 03:47:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-06 03:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-06 03:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-01-06 03:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-06 03:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-06 03:46:07 ----D---- C:\Program Files\Internet Explorer
2009-01-06 03:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-06 03:45:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-06 03:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-06 03:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-06 03:40:40 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-06 03:40:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-06 03:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-06 03:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-06 03:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-06 03:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-06 03:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-06 03:28:21 ----D---- C:\WINDOWS\WinSxS
2009-01-06 03:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-06 03:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-06 03:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-06 03:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-01-06 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-01-05 16:23:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-05 13:03:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-05 13:03:45 ----SD---- C:\WINDOWS\Tasks
2009-01-05 13:00:02 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-05 12:59:24 ----D---- C:\WINDOWS\security
2009-01-05 12:53:47 ----D---- C:\Program Files\Easy Internet signup
2009-01-05 12:52:18 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-05 12:52:17 ----D---- C:\Program Files\Hewlett-Packard
2009-01-05 12:51:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-05 12:48:37 ----RASH---- C:\boot.ini
2009-01-05 12:47:08 ----AC---- C:\WINDOWS\UPGRADE.TXT
2009-01-05 12:47:04 ----D---- C:\WINDOWS\setup.pss
2009-01-05 12:36:15 ----A---- C:\WINDOWS\system32\ssmute.ini
2009-01-05 12:34:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-05 12:32:51 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-05 12:31:46 ----D---- C:\Documents and Settings
2009-01-05 12:30:38 ----A---- C:\WINDOWS\setuplog.txt
2009-01-05 12:30:32 ----D---- C:\sysprep
2009-01-05 12:30:12 ----HD---- C:\HP
2009-01-05 12:28:54 ----RASH---- C:\BOOT.BAK
2009-01-05 12:28:02 ----D---- C:\WINDOWS\Registration
2009-01-05 12:25:55 ----A---- C:\WINDOWS\system.ini
2009-01-05 12:04:02 ----SHD---- C:\RECYCLER
2009-01-05 11:34:21 ----D---- C:\WINDOWS\system
2009-01-05 11:34:00 ----D---- C:\WINDOWS\I386
2009-01-05 11:32:42 ----D---- C:\Program Files\Symantec
2009-01-05 11:32:03 ----D---- C:\Program Files\Windows NT
2009-01-05 11:32:01 ----D---- C:\Program Files\Windows Media Player
2009-01-05 11:32:01 ----D---- C:\Program Files\Outlook Express
2009-01-05 11:32:00 ----D---- C:\Program Files\NetMeeting
2009-01-05 11:31:59 ----D---- C:\Program Files\Movie Maker
2009-01-05 11:31:53 ----D---- C:\Program Files\Common Files\System
2009-01-05 11:31:51 ----D---- C:\Program Files\Common Files\Services
2009-01-05 11:31:45 ----D---- C:\WINDOWS\system32\wbem
2009-01-05 11:31:40 ----D---- C:\WINDOWS\system32\usmt
2009-01-05 11:31:30 ----D---- C:\WINDOWS\system32\ras
2009-01-05 11:31:28 ----D---- C:\WINDOWS\system32\oobe
2009-01-05 11:31:20 ----D---- C:\WINDOWS\system32\npp
2009-01-05 11:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-05 11:31:06 ----D---- C:\WINDOWS\system32\icsxml
2009-01-05 11:31:06 ----D---- C:\WINDOWS\system32\ias
2009-01-05 11:29:17 ----D---- C:\WINDOWS\system32\Setup
2009-01-05 11:29:16 ----D---- C:\WINDOWS\system32\Restore
2009-01-05 11:29:14 ----D---- C:\WINDOWS\system32\Com
2009-01-05 11:29:12 ----D---- C:\WINDOWS\srchasst
2009-01-05 11:29:07 ----D---- C:\WINDOWS\msagent
2009-01-05 11:29:07 ----D---- C:\WINDOWS\ime
2009-01-05 11:29:06 ----RD---- C:\WINDOWS\Web
2009-01-05 11:29:06 ----D---- C:\WINDOWS\addins
2009-01-05 11:28:58 ----D---- C:\WINDOWS\PeerNet
2009-01-05 11:28:57 ----D---- C:\WINDOWS\Media
2009-01-05 11:28:48 ----RSD---- C:\WINDOWS\Fonts
2009-01-05 11:28:42 ----D---- C:\WINDOWS\Cursors
2009-01-05 11:28:38 ----D---- C:\WINDOWS\AppPatch
2009-01-05 11:28:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-01-05 11:28:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-01-05 11:28:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2009-01-05 11:28:37 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-01-05 11:28:37 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-01-05 11:28:37 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-01-05 11:28:37 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-01-05 11:28:37 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-01-05 11:28:36 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-01-05 11:28:36 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-01-05 11:28:36 ----AHDC---- C:\WINDOWS\$NtUninstallKB867282$
2009-01-05 11:28:32 ----RHD---- C:\MSOCache
2009-01-05 11:27:56 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-05 11:27:55 ----RSD---- C:\WINDOWS\assembly
2009-01-05 11:23:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-05 11:09:30 ----D---- C:\Program Files\COMODO
2009-01-05 11:07:21 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-05 11:07:21 ----D---- C:\WINDOWS\Help
2009-01-05 08:55:14 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-02 18:00:36 ----D---- C:\Program Files\Norton Security Scan
2009-01-02 09:55:05 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-02 09:48:46 ----HD---- C:\WINDOWS\msdownld.tmp
2009-01-02 09:48:32 ----D---- C:\Program Files\Yahoo!
2009-01-02 09:46:22 ----HDC---- C:\WINDOWS\ie7
2009-01-02 09:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-17 23:38:36 ----D---- C:\Program Files\HP
2008-12-12 12:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-05 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-05 26824]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-01-05 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-01-05 31504]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-04-12 11904]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-05 76040]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-04-12 247296]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-08 85969]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-16 231704]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-01-05 618232]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2007-01-15 73728]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-14 327680]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------




No Info.txt ever came up I tried doing it 3 different times and the only thing that would come up is the log.txt

Let me know if there is something else I need to dodifferently to get what you need.
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby Carolyn » January 9th, 2009, 1:20 pm

Hi,

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files:

C:\RSIT\info.txt

Double click the file and it will open in notepad. Please Copy/Paste the contents of that file in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 10th, 2009, 12:44 am

info.txt logfile of random's system information tool 1.04 2008-11-27 12:14:26

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Blackhawk Striker 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Holidays from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D06AB82F-D68E-405A-9886-AB8804291B6D\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Bounce Symphony from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Compaq Connections-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Crystal Maze from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Final Drive Nitro from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\657A0149-EEC7-4FB2-AB4F-CB7AA027748E\Uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Lexibox Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Overball from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Phoenix Assault from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\CCCDE323-C76D-44DA-BB5B-B8ABE767756E\Uninstall.exe"
Polar Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Adobe Photoshop Album 2.0 Starter Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Adobe_PhotoShop_Album\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Microsoft Money 2005 installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove WeatherBug installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\WeatherBug\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Shooting Stars Pool from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
Slyder from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpySubtract-->C:\Program Files\InterMute\SpySubtract\SpySub.exe -uninstall
Super Granny from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tradewinds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby Carolyn » January 10th, 2009, 6:36 pm

Hi,

Download CCleaner from here and save it to your desktop.

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Right click on CCleaner.exe and select Run as administrator
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

------------------------------------

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

------------------------------------

Please post the following in your next reply:
  • The Kaspersky log
  • A fresh HijackThis log
  • A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 12th, 2009, 9:28 pm

carolyn, my internet has been disconnected so I can't perform these until it is reconnected. How close am I to being clean? I don't want to stall you while I wait for my connection to be restored but I need my PC clean too. It was running better than before, hard to really say though since the connection is off. Would it be ok if I post a reply to you every 4-5 days to keep my thread open it should be in the next week or so or would it be better to close this thread and reopen when I get my connection back? Also when it is back and if we do have to close the thread could I message you and let you know it is on and pick up where we left at? I apologize it came suddenly and I didn't even know it was getting disconnected till it was gone. Thanks so much!!
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 13th, 2009, 12:41 am

aaaaaaaaaw pleasant surprise my internet is up and running will post the logs in my next reply
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 13th, 2009, 1:57 am

Kaspersky gives me this error....

You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0.


When I try to download java i fet this error.......

The installer cannot proceed with the current internet connection settings.

I don't have a clue???? When I tried to do the offline download when it goes to test java i get this error.....

Java Plug-in 1.6.0_11
Using JRE version 1.6.0_11 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\Compaq_Owner
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------


load: class testvmDynamicJavaComPopUp819.class not found.
java.lang.ClassNotFoundException: testvmDynamicJavaComPopUp819.class
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 7 more
Exception: java.lang.ClassNotFoundException: testvmDynamicJavaComPopUp819.class


ANY SUGGESTIONS?????? Heres my newest hjt log.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:33 AM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=26688
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/Game ... meHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8340 bytes
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby Carolyn » January 13th, 2009, 6:47 pm

Hiya,

Sorry that the Kaspersky scan has been so glitchy. So far, I have seen no signs of malware in any of your logs. I would like to have you do an online scan, just to be certain that nothing has slipped past us.

Please give this a try:

  1. Click here to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
  2. Click on Scan your PC now.
  3. A new window will open.
  4. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
  5. Click on Free online scan.
  6. You will be prompted to install an ActiveX. Please allow it.
  7. Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
  8. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  9. The scan will start. It takes a while, please be patient.
  10. Once done, click on View Report.
  11. You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 14th, 2009, 6:39 pm

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-14 17:28:44
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@mediaplex[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@clickbank[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator.YOUR-F78BF48CE2\Cookies\administrator@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[3].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@ads.addynamix[1].txt
00487624 Trj/Banker.LNO Virus/Trojan No 1 Yes Yes C:\HP\recovery\wizard\SWR_Wizard.exe
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@enhance[1].txt
01343147 Application/MyWay HackTools No 0 Yes No D:\I386\Apps\APP18456\SRC\HPSummer2005.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\USERDATA\Cookies\compaq_owner@adserver.easyad[1].txt
04615303 Generic Trojan Virus/Trojan No 0 Yes Yes C:\WINDOWS\temp\rdl335.tmp
;===================================================================================================================================================================================
SUSPECTS
Sent Location <>
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description <>
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 <>
184379 MEDIUM MS08-001 <>
182048 HIGH MS07-069 <>
182046 HIGH MS07-067 <>
182043 HIGH MS07-064 <>
179553 HIGH MS07-061 <>
176382 HIGH MS07-057 <>
176383 HIGH MS07-058 <>
170911 HIGH MS07-050 <>
170907 HIGH MS07-046 <>
170906 HIGH MS07-045 <>
170904 HIGH MS07-043 <>
164915 HIGH MS07-035 <>
164913 HIGH MS07-033 <>
164911 HIGH MS07-031 <>
160623 HIGH MS07-027 <>
157262 HIGH MS07-022 <>
157261 HIGH MS07-021 <>
157260 HIGH MS07-020 <>
157259 HIGH MS07-019 <>
156477 HIGH MS07-017 <>
150253 HIGH MS07-016 <>
150249 HIGH MS07-013 <>
150248 HIGH MS07-012 <>
150247 HIGH MS07-011 <>
150243 HIGH MS07-008 <>
150242 HIGH MS07-007 <>
150241 MEDIUM MS07-006 <>
141034 HIGH MS06-076 <>
141033 MEDIUM MS06-075 <>
141030 HIGH MS06-072 <>
137571 HIGH MS06-070 <>
137568 HIGH MS06-067 <>
133387 MEDIUM MS06-065 <>
133386 MEDIUM MS06-064 <>
133385 MEDIUM MS06-063 <>
133379 HIGH MS06-057 <>
131654 HIGH MS06-055 <>
129977 MEDIUM MS06-053 <>
129976 MEDIUM MS06-052 <>
126093 HIGH MS06-051 <>
126092 MEDIUM MS06-050 <>
126087 HIGH MS06-046 <>
126086 MEDIUM MS06-045 <>
126083 HIGH MS06-042 <>
126082 HIGH MS06-041 <>
126081 HIGH MS06-040 <>
123421 HIGH MS06-036 <>
123420 HIGH MS06-035 <>
120825 MEDIUM MS06-032 <>
120823 MEDIUM MS06-030 <>
120818 HIGH MS06-025 <>
120815 HIGH MS06-022 <>
120814 HIGH MS06-021 <>
117384 MEDIUM MS06-018 <>
114666 HIGH MS06-015 <>
114664 HIGH MS06-013 <>
108744 MEDIUM MS06-008 <>
108743 MEDIUM MS06-007 <>
108742 MEDIUM MS06-006 <>
104567 HIGH MS06-002 <>
104237 HIGH MS06-001 <>
96574 HIGH MS05-053 <>
93395 HIGH MS05-051 <>
93394 HIGH MS05-050 <>
93454 MEDIUM MS05-049 <>
;===================================================================================================================================================================================
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby Carolyn » January 15th, 2009, 11:43 am

Hi,

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files and folders: if found, delete it

C:\WINDOWS\temp\rdl335.tmp <<File

Now empty you’re Recycle Bin.


This is my general post for when your logs show no signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log appears to be clean. Congratulations!

You can get rid of the tools we used:
  • Please delete RSIT.exe from your computer
  • Please delete DDS.exe from your computer
  • Go to Start --> Run and copy/paste C:\WINDOWS\gmer_uninstall.cmd into the run window, click Okay. When that process completes, please reboot your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer

    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once,and not on a regular basis


  • Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.

    • Malwarebytes' Anti-Malware or SuperAntiSpyware
      These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
      You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
      You can download SuperAntiSpyware from HERE.

    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

      Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
      If this isn't done first, the next reboot may take a VERY LONG TIME.
      This is how to do it. First be sure you are signed in as a user with administrative privileges:
      Stop and Disable the DNS Client Service
      Go to Start, Run and type Services.msc and click OK.
      Under the Extended Tab, Scroll down and find this service.
      DNS Client
      Right-Click on the DNS Client Service. Choose Properties
      Select the General tab. Click on the Stop button.
      Click the Arrow-down tab on the right-hand side at the Start-up Type box.
      From the drop-down menu, click on Manual
      Click the Apply tab, then click OK


    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HJTlogs enclosed I think I may have caught a smitfraud

Unread postby invaded2719 » January 16th, 2009, 1:27 am

Thanks a gazillion I appreciate your help
invaded2719
Active Member
 
Posts: 10
Joined: January 5th, 2009, 12:48 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 327 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware