Hi Bob4,
Thankyou for your help.
I could not find SuperBar in add/remove programs.
Cannot remember downloading smithfraud to this pc.
Deleted R3 line as requested.
I did scan with A-squared whilst waiting and it found a few items. I've listed the log below the latest HJT log.
New HJT log as follows:
Logfile of HijackThis v1.99.1
Scan saved at 18:09:13, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search -
res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by1fd.bay1.hotmail.msn.com/resou ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
A-squared log:
a-squared Free - Version 2.1
Scan settings:
Objects: Memory, Traces, Cookies, C:\, F:\
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 04/05/2007 19:30:40
C:\Program Files\intermute\spysubtract detected: Trace.Directory.SpySubtract
C:\WINDOWS\system32\ietie.dll detected: Trace.File.ClearSearch
C:\Program Files\intermute\spysubtract\cwsinstall.exe detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\install.log detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysubtract.log detected: Trace.File.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> app-access-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> auto-backup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> check-network-integrity detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> clean-privacy-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConfigDir detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConnectionType detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> current-theme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Days-remaining detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> db-message-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> debug-messages detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Email detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Evaluation detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> first-run detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> language detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Message detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> monitor-ms detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Oem detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-browser-settings-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-process-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductTag detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductVersion detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Pushcount detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> scan-quick-on-win-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> show-splash detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> sound-scheme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Trial-days detected: Trace.Registry.SpySubtract
C:\Program Files\icqtoolbar detected: Trace.Directory.ICQToolbar
C:\Program Files\icqtoolbar\about.html detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\basis.xml detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\download.html detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\logo_small.gif detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\newversion.txt detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\toolbaru.dll detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\version.txt detected: Trace.File.ICQToolbar
C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe detected: Riskware.RiskTool.Win32.Processor.20
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe detected: Riskware.RiskTool.Win32.Reboot.f
Scanned
Files: 268740
Traces: 112605
Cookies: 1
Processes: 33
Found
Files: 2
Traces: 39
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 04/05/2007 21:27:04
Scan time: 01:56:24
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Deleted Riskware.RiskTool.Win32.Reboot.f
C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Deleted Riskware.RiskTool.Win32.Processor.20
C:\Program Files\icqtoolbar\about.html Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\basis.xml Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\download.html Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\logo_small.gif Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\newversion.txt Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\toolbaru.dll Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\version.txt Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar Deleted Trace.Directory.ICQToolbar
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> app-access-scan Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> auto-backup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> check-network-integrity Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> clean-privacy-on-startup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConfigDir Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConnectionType Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> current-theme Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Days-remaining Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> db-message-on-startup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> debug-messages Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Email Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Evaluation Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> first-run Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> language Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Message Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> monitor-ms Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Oem Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-browser-settings-scan Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-process-scan Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductTag Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductVersion Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Pushcount Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> scan-quick-on-win-startup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> show-splash Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> sound-scheme Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Trial-days Deleted Trace.Registry.SpySubtract
C:\Program Files\intermute\spysubtract\cwsinstall.exe Deleted Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\install.log Deleted Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysubtract.log Deleted Trace.File.SpySubtract
C:\WINDOWS\system32\ietie.dll Deleted Trace.File.ClearSearch
C:\Program Files\intermute\spysubtract Deleted Trace.Directory.SpySubtract
Deleted
Files: 2
Traces: 39
Mike