Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Richieuk....thank You


  • This topic is locked This topic is locked
4 replies to this topic

#1 HeavyFD

HeavyFD

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 30 March 2008 - 01:10 PM

Hey RichieUK...just wanted to thank you for your help...got some virus off of limewire when i know better what to and not to click...i was drunk looking for a program on there and accidentally clicked one of their 110.6 KB files before i looked at the size. it ended up putting about 22,000 other similar files on my computer. those were easily found and deleted with unlocker but i still kept getting stupid pop-ups even after running Kaspersky, Spybot S&D, and windows defender...Spybot was the only one to find Smitfraud but it was unable to delete it...computer just kept crashing. so i looked up smitfraud and found out the one i had couldnt be deleted by spybot and realized that it was what was causing all the stupid popups that popup defender couldnt stop. i finally found this site and saw your post to someone how to get rid of it without of going thru DOS which i have no clue about and didnt want to mess with. So i installed the new java like you said and then ran combo fix and i havent had a popup yet and the computer is back to running normal. I wrestled with this damn thing for 3 days and probably over 15 hours of computer time trying to get rid of it.

Here is the combo fix log:

ComboFix 08-03-30.2 - Hudson 2008-03-30 12:22:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1617 [GMT -5:00]
Running from: C:\Documents and Settings\Hudson\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Hudson\lsass.exe
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\ftdiskk.sys
C:\WINDOWS\system32\gPpXbccf.ini
C:\WINDOWS\system32\gPpXbccf.ini2
.
---- Previous Run -------
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\atgban.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\winpfz37.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FTDISKK
-------\Legacy_TNIDRIVER
-------\Service_ftdiskk
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-30 11:55 . 2008-03-30 11:55 <DIR> d-------- C:\Program Files\Sun
2008-03-30 11:55 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-30 11:49 . 2008-03-30 11:49 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-30 11:34 . 2008-03-30 11:34 <DIR> d-------- C:\WINDOWS\wt
2008-03-29 22:35 . 2008-03-29 22:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 22:35 . 2008-03-29 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 20:32 . 2008-03-29 20:32 2 --a------ C:\WINDOWS\msoffice.ini
2008-03-29 19:50 . 2008-03-29 19:50 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-29 14:44 . 2008-03-29 14:44 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\Desktopicon
2008-03-29 14:36 . 2008-03-29 15:19 <DIR> d-------- C:\Program Files\Unlocker
2008-03-29 13:50 . 2008-03-29 13:50 <DIR> d-------- C:\Program Files\Uniblue
2008-03-29 13:50 . 2008-03-29 13:50 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\Uniblue
2008-03-29 13:50 . 2008-03-29 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-29 13:07 . 2008-03-29 13:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 19:26 . 2008-03-27 19:26 128 --a------ C:\Documents and Settings\Hudson\services.exe
2008-03-27 19:18 . 2008-03-27 19:18 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-27 19:18 . 2008-03-27 19:18 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-27 19:15 . 2008-03-27 19:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-27 19:15 . 2008-03-30 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-27 19:15 . 2008-03-30 12:27 4,270,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-27 19:15 . 2008-03-30 12:26 58,220 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-27 19:15 . 2008-03-30 12:26 42,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-27 19:15 . 2008-03-30 12:26 4,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-27 19:05 . 2008-03-27 19:05 <DIR> d-------- C:\kav
2008-03-27 18:40 . 2008-03-27 18:40 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-27 15:28 . 2008-03-27 19:46 <DIR> d-------- C:\WINDOWS\system32\winz1
2008-03-27 15:28 . 2008-03-28 17:48 <DIR> d-------- C:\WINDOWS\system32\usnv
2008-03-27 15:28 . 2008-03-27 15:28 <DIR> d-------- C:\WINDOWS\system32\IDME
2008-03-27 15:28 . 2008-03-27 19:44 <DIR> d-------- C:\WINDOWS\system32\bz3
2008-03-27 15:28 . 2008-03-30 12:22 <DIR> d-------- C:\Temp
2008-03-27 15:28 . 2008-03-27 15:28 297 --a------ C:\339.bat
2008-03-27 14:40 . 2008-03-27 15:16 <DIR> d-------- C:\Program Files\VirtualDJ
2008-03-15 16:41 . 2008-03-15 16:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 16:41 . 2008-03-15 16:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 19:22 . 2008-03-14 19:22 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\Sonic
2008-03-14 18:51 . 2008-03-27 19:17 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\LimeWire
2008-03-03 19:33 . 2008-03-03 19:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-25 14:42 . 2001-08-17 14:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-02-25 14:42 . 2001-08-17 14:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-02-23 21:59 . 2008-02-23 21:56 286,720 --a------ C:\WINDOWS\iun507.exe
2008-02-23 21:56 . 2008-02-23 21:59 <DIR> d-------- C:\Program Files\Ultimate Pinball Extreme
2008-02-23 19:04 . 2008-02-23 19:04 <DIR> d-------- C:\Program Files\Microsoft Games
2008-02-16 21:55 . 2008-03-03 19:35 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\AdobeUM
2008-02-10 16:47 . 2008-02-10 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-08 18:37 . 2008-02-08 18:37 219,664 --a------ C:\WINDOWS\system32\klogon.dll
2008-02-08 18:35 . 2008-02-08 18:35 23,604 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-02-05 23:08 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-05 23:08 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-05 23:07 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-05 23:07 . 2001-08-17 15:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-05 21:22 . 2008-02-05 21:22 <DIR> dr-h----- C:\Documents and Settings\Hudson\Application Data\SecuROM
2008-02-05 21:22 . 2008-02-05 21:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-05 21:19 . 2007-04-12 16:00 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-02-05 21:19 . 2004-08-30 15:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-02-05 21:19 . 2004-12-10 11:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-02-05 21:19 . 2007-04-12 16:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2008-02-05 20:52 . 2008-02-05 20:52 <DIR> d-------- C:\Program Files\EA SPORTS
2008-02-05 20:50 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-02-04 20:14 . 2008-03-06 21:54 3,833 --a------ C:\WINDOWS\machine.ver
2008-02-02 14:30 . 2008-02-02 14:30 <DIR> d-------- C:\WINDOWS\Sun
2008-02-02 14:19 . 2008-02-02 14:19 <DIR> d-------- C:\Program Files\Tencent
2008-02-02 14:19 . 2008-02-02 14:19 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\QQ Games Plugin
2008-02-02 14:19 . 2008-02-02 14:19 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\acccore
2008-02-02 14:18 . 2008-02-02 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-02 14:18 . 2008-02-02 14:18 21 --a------ C:\WINDOWS\atid.ini
2008-02-02 14:17 . 2008-02-02 14:19 <DIR> d-------- C:\Program Files\AIM6
2008-02-02 14:17 . 2008-02-02 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-02 03:06 . 2008-02-02 03:11 <DIR> d-------- C:\Documents and Settings\Hudson\Application Data\Move Networks
2008-02-01 13:10 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-01 13:10 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-01 13:10 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-01 13:07 . 2008-02-01 13:07 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 16:55 --------- d-----w C:\Program Files\Java
2008-03-30 01:46 --------- d-----w C:\Program Files\Pure Networks
2008-03-30 01:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-30 01:38 --------- d-----w C:\Program Files\Yahoo!
2008-03-30 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo
2008-03-30 01:36 --------- d-----w C:\Program Files\TOSHIBA
2008-03-30 01:35 --------- d-----w C:\Program Files\Google
2008-03-30 01:33 --------- d-----w C:\Documents and Settings\Hudson\Application Data\AOL
2008-03-30 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-30 01:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AOL
2008-03-29 23:01 --------- d-----w C:\Program Files\PokerStars
2008-03-28 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-10 21:54 --------- d-----w C:\Program Files\Toshiba Games
2008-02-06 02:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 19:18 --------- d-----w C:\Program Files\Viewpoint
2008-02-02 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-30 22:58 --------- d-----w C:\Program Files\Metamail Inc
2008-01-28 19:22 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-28 19:21 --------- d-----w C:\Program Files\Intel
2008-01-28 19:21 --------- d-----w C:\Documents and Settings\Hudson\Application Data\Intel
2008-01-28 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-01-28 19:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-01-28 19:15 --------- d-----w C:\Program Files\AVerMedia
2008-01-28 19:14 --------- d-----w C:\Program Files\InterVideo
2008-01-28 19:14 --------- d-----w C:\Program Files\Common Files\InterVideo
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-03-11 18:03 73728 C:\WINDOWS\system32\TDispVol.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 00:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 00:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 00:55 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56 64512]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 17:02 352256]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 03:34 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 03:32 761945]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 09:29 88203 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 15:25 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 00:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [ ]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 19:13 122880]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 08:20 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 20:37 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 15:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 14:41 602182]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-16 04:56 98304]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ExploreUpdSched"="C:\WINDOWS\system32\kcntkkwd.exe" [ ]
"LSA Shellu"="C:\Documents and Settings\Hudson\lsass.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Metamail Trust Manager.lnk - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2008-01-28 14:14:58 329472]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 11:31:42 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJYPhHY]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 03:05]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 17:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-30 17:30:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-29 19:09:05 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-03-29 19:09:03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 12:28:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-30 12:32:54 - machine was rebooted [Hudson]
ComboFix-quarantined-files.txt 2008-03-30 17:32:50
Pre-Run: 92,735,029,248 bytes free
Post-Run: 92,898,455,552 bytes free
.
2008-03-30 02:09:22 --- E O F ---


and the Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:56 PM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: ljJYPhHY - C:\WINDOWS\
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9138 bytes


Anyways...im pretty sure its clean now, just because of the way its running...just wanted to say I appreciate it and I'll be making a donation since you saved me a couple hundred bucks...Thanks again bro.

BC AdBot (Login to Remove)

 


#2 ktreffin

ktreffin

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:07:37 PM

Posted 11 April 2008 - 03:49 PM

Hi HeavyFD, Welcome to the forums!Posted Image

My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. Please note that I am still in training at Malware Removal University, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I am sorry that there has been such a delay in getting to your log.

Are you still having problems that you need assistance with?

If you still need assistance, please do the following:

Step #1: Please post a new Hijack This Log
  • Launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step #2: Please make an Uninstall List using HiJackThis.

To access the Uninstall Manager you would do the following:1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
If you have been able to get the problem resolved, please let me know so I can have this topic closed.

Thanks,
Ken
Proud Graduate of Malware Removal University
Posted Image
Posted Image
Posted Image

#3 ktreffin

ktreffin

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:07:37 PM

Posted 14 April 2008 - 07:30 AM

Hello

THREE DAY BUMP!

It has been three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Please let me know if there are any problems. Thanks!

Ken
Proud Graduate of Malware Removal University
Posted Image
Posted Image
Posted Image

#4 HeavyFD

HeavyFD
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 14 April 2008 - 08:31 PM

ken thanks for the reply. i guess you didnt read the post...i was just thanking richieuk because i read one of his posts about that smitfraud-c virus and i was able to get rid of it using the steps he gave someone else in another post. machine is running great now...no problems since the fix. thanks though. :thumbsup:

#5 ktreffin

ktreffin

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:FL, USA
  • Local time:07:37 PM

Posted 15 April 2008 - 06:34 PM

Glad that you got everything taken care of. Please let us know if we can assist you in the future.

This Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Proud Graduate of Malware Removal University
Posted Image
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users