SmitFraudFix v2.210
Scan done at 10:01:41.50, Sun 08/12/2007
Run from C:\Documents and Settings\mt\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mt
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mt\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mt\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://sailornight.narod.ru/gif/chib/gif_chi9.gif"
"SubscribedURL"="http://sailornight.narod.ru/gif/chib/gif_chi9.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:/Documents%20and%20Settings/mt/My%20Documents/Azureus%20Downloads/Ten%20posting!%BF/4Chan%20-%20Alter/Reality/Discord/Distortion!/Siccion/Detonation!/Induration/ZIPPOW/Huh/1142886925363.gif"
"SubscribedURL"="file:///C:/Documents%20and%20Settings/mt/My%20Documents/Azureus%20Downloads/Ten%20posting!%BF/4Chan%20-%20Alter/Reality/Discord/Distortion!/Siccion/Detonation!/Induration/ZIPPOW/Huh/1142886925363.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: USB Cable Modem Driver 1.12
DNS Server Search Order: 65.32.5.74
DNS Server Search Order: 65.32.5.75
HKLM\SYSTEM\CCS\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix 07-08-12.5 - "mt" 08/12/2007 9:42:09.1 -
FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.106 [GMT -5:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\mt\APPLIC~1.\fnts~1
C:\DOCUME~1\mt\APPLIC~1.\icroso~1.net
C:\Program Files\Common Files\{23461~1
C:\Program Files\Common Files\{23461~2
C:\Program Files\Common Files\{33461~1
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\wintouch
C:\Program Files\wintouch\wintouch.cfg
C:\Program Files\wintouch\WinTouch.exe
C:\Program Files\wintouch\WTUninstaller.exe
C:\WINNT\cnsinfo.dat
C:\WINNT\system32\drivers\core.cache.dsk
C:\WINNT\system32\drivers\core.sys
C:\WINNT\system32\unsvchosts.lzma
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core
((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))
2007-08-12 09:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4c8.dat
2007-08-12 09:40 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-09 19:06 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-08-09 19:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-08-09 19:05 75,932 --a------ C:\WINNT\system32\drivers\klick.dat
2007-08-09 19:05 75,248 --a------ C:\WINNT\zllsputility.exe
2007-08-09 19:05 74,396 --a------ C:\WINNT\system32\drivers\klin.dat
2007-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-08-09 19:05 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-08-09 19:04 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys
2007-08-09 19:03 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll
2007-08-09 19:03 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-08-09 19:02 <DIR> d-------- C:\WINNT\Internet Logs
2007-08-08 09:39 270,336 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-08 09:39 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-08-08 09:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-08-08 09:27 259,007,198 --a------ C:\WINNT\Untitled.scr
2007-08-07 20:13 <DIR> d-------- C:\xatshow
2007-08-07 20:06 <DIR> d-------- C:\Program Files\xat.com xatshow
2007-08-07 19:45 94,208 --a------ C:\WINNT\system32\ScrUnZip.dll
2007-08-07 19:41 <DIR> d-------- C:\Program Files\My Screensaver Maker
2007-08-06 15:45 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-08-06 09:46 <DIR> d-------- C:\FOUND.009
2007-08-01 13:02 76,560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2007-08-01 13:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-31 23:07 <DIR> d-------- C:\FOUND.008
2007-07-26 21:47 19,677 -ra------ C:\WINNT\system32\drivers\xlink.sys
2007-07-17 20:58 <DIR> d-------- C:\Program Files\7-Zip
2007-07-12 13:33 <DIR> d-------- C:\Program Files\AVI Codec Pack
2007-07-12 13:32 <DIR> d-------- C:\WINNT\system32\quicktime
2007-07-12 13:04 155,648 --a------ C:\WINNT\system32\AvidAVICodec.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
07-08-10 17:29 1554 --a------ C:\WINNT\system32\tmp.reg
07-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
07-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
07-07-06 23:55 --------- d-------- C:\Program Files\LimeWire
07-06-25 09:43 --------- d-------- C:\Program Files\Bluetack
07-06-25 09:23 --------- d-------- C:\Program Files\SpywareBlaster
07-06-23 10:59 10412 --a------ C:\dnsbak.reg
07-06-22 21:03 --------- d-------- C:\DOCUME~1\mt\APPLIC~1\TrojanHunter
07-06-22 20:33 --------- d-------- C:\Program Files\TrojanHunter 4.6
07-06-22 18:32 --------- d-------- C:\Program Files\FileMap By BB v405
07-06-22 17:51 --------- d-------- C:\DOCUME~1\mt\APPLIC~1\RegSweep
07-06-22 17:24 --------- d-------- C:\Program Files\New Folder
07-06-21 10:24 --------- d-------- C:\Program Files\Windows Installer Clean Up
07-06-21 10:23 --------- d-------- C:\Program Files\MSECACHE
07-06-13 00:21 --------- d-------- C:\Program Files\Lavasoft
07-06-13 00:10 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
07-06-04 10:37 0 --a------ C:\AUTOEXEC.BAT
03-10-29 21:58 271 ---h----- C:\Program Files\desktop.ini
03-10-29 21:58 21952 ---h----- C:\Program Files\folder.htt
01-05-08 12:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [03-07-28 15:19 ]
"nwiz"="nwiz.exe" [03-07-28 15:19 C:\WINNT\system32\nwiz.exe]
"SandIcon"="C:\ImageMate CompactFlash USB\SandIcon.Exe" [00-11-13 11:36 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-01 15:57 ]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [03-01-13 14:15 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-06 15:45 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-06-21 21:54 ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
R0 amd751;AMD AGP Bus Filter;C:\WINNT\system32\DRIVERS\amd751.sys
R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
S3 XDva014;XDva014;\??\C:\WINNT\system32\XDva014.sys
S3 XDva016;XDva016;\??\C:\WINNT\system32\XDva016.sys
S3 XDva020;XDva020;\??\C:\WINNT\system32\XDva020.sys
S3 XDva022;XDva022;\??\C:\WINNT\system32\XDva022.sys
S3 xlink;XLink Driver (xlink.sys);C:\WINNT\system32\Drivers\xlink.sys
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
Contents of the 'Scheduled Tasks' folder
2007-08-09 00:56:56 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-07 14:24:34 C:\WINNT\Tasks\Registry Repair.job - C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe
2007-08-12 08:30:02 C:\WINNT\Tasks\RegSweep Scheduled Scan.job - C:\Program Files\RegSweep\RegSweep.exe
2007-06-27 01:06:42 C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-06 01:06:02 C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-02 08:22:22 C:\WINNT\Tasks\Registry Repair4.job - C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-12 09:50:44
Windows 5.0.2195 Service Pack 4 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-12 9:53:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-12 09:53
--- E O F ---
7-Zip 4.42
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Advanced WindowsCare 2.30 Personal
Apple Software Update
ArcSoft VideoImpression 2
Avery® Wizard 2.03 for Microsoft® Word 97
AVG 7.5
AVI Codec Pack
Azureus Vuze
B.I.S.S. Hosts Manager
CCleaner (remove only)
CoffeeCup Free Zip Wizard
Google Video Player
HijackThis 1.99.1
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
ImageMate CompactFlash USB (SDDR-31) Ver. 5.04
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Shockwave Player
Microsoft Office 97, Professional Edition
MSXML 4.0 SP2 (KB927978)
My Screensaver Maker 4.52
NVIDIA Windows 2000/XP Display Drivers
OIN
PCTEL Platinum V.90 Modem
PrintMaster Platinum 4.00
QuickTime
Real Alternative 1.52
Rhapsody Player Engine
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Shockwave
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
StompSoft Registry Repair
The ClueFinders' 4th Grade Adventures
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.6b
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip
xat.com xatshow
Xvid 1.1.2 final uninstall
ZoneAlarm