Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ultimate Defender/cleaner And Winifixer!


  • This topic is locked This topic is locked
13 replies to this topic

#1 shadowhawk9272

shadowhawk9272

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 08 April 2008 - 02:35 PM

Hello my name is Shadowhawk...

I've followed the preparation instructions but when I get to DSS.exe it starts up fine it just never finishes... I let it run for more then 24 hours and it never completed. I know for a fact I have Ultimate Defender, Ultimate Cleaner, and Winifixer on my computer and when I go to task manager and end process on rundll32 it goes away (until I reboot). Also iexplorer.exe shows up in my task manager and trys to connect with the I-net automatically...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:23 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adaptec\USBControl\Ausbctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~2\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~2\fdiebar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6330\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: USBControl.lnk = C:\Program Files\Adaptec\USBControl\Ausbctrl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: USBControl.lnk = C:\Program Files\Adaptec\USBControl\Ausbctrl.exe (User 'Default user')
O4 - Startup: Wallperizer.lnk = C:\Program Files\Wallperizer\Wallperizer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: dlbcserv.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: USBControl.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &Search - ?p=ZSzim001YYUS
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: FreshDownload - {0269AAFA-7FF9-4499-8FE6-D92F52B06E82} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03E667C4-C384-58BF-2082-7E1C1D36E38A} - http://85.255.115.229/1/rdgUS1386.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D965472-F92A-4D12-AF68-9D878688094C}: NameServer = 209.244.0.3 209.244.0.4
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: xpusb - C:\WINDOWS\SYSTEM32\xpusb.dll
O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)
O21 - SSODL: KernelAvp - {3bcdb527-6f54-42bb-9bcd-ae8730d1cbf0} - C:\WINDOWS\Installer\{3bcdb527-6f54-42bb-9bcd-ae8730d1cbf0}\KernelAvp.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9352 bytes

BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 16 April 2008 - 05:31 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log and an Uninstall List (instructions forthcoming)

Step # 1: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Edited by km2357, 16 April 2008 - 10:46 PM.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 shadowhawk9272

shadowhawk9272
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 April 2008 - 07:50 PM

Ok here we go... :thumbsup:

Acoustica MP3 CD Burner
Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 6.0
Adobe Reader 6.0.1
Adobe SVG Viewer
All Video to VCD SVCD DVD Creator & Burner 3.3
American McGee's Alice™
AOLIcon
ArcSoft PhotoImpression 4
Auto Gordian Knot 2.45
avast! Antivirus
AviSynth 2.5
Caillou® Party Fun & Games™
Camera Driver
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Cerberus Privacy Protector 1.2.0.0
Click'N Design 3D (V5)
Crawler Toolbar with Web Security Guard
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
DellSupport
DVD Decrypter (Remove Only)
DVD PixPlay
Easy Chef 1,000,000 Recipes
Easy Chef‘s Barbecue Cookbook
Easy Chef's Pies, Pastries & Cobblers
Easy Chef's Slow Cookin'
Flash Slideshow Maker Pro 4.71
FoneSync
FreshDiagnose
FreshDownload
FreshUI
FreshView
gmax
Google Desktop
Hex Workshop v3.1
HijackThis 2.0.2
Hitman 2: Silent Assassin
HTML-Kit
iConcepts Photo Frame
IGN Download Manager 2.1.2
IncrediMail Xe
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
IphotoDVD 1.8 beta
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2_03
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash 5
Macromedia Flash Player
Medieval Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Greetings 2001
Microsoft Money 2001
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Publisher 97
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Modem On Hold
Monopoly Tycoon
MovieTrack
Mozilla Firefox (2.0.0.12)
Mplayer.com
MSN
MSN Connection Center
MSN Messenger 7.0
Nero 7 Essentials
NVIDIA Drivers
Palm Desktop
Pdf995
PeoplePC Online
Photo Click
Photo to Movie 3.2.1
Photo to VCD SVCD DVD Converter 2.2
Photo Viewer
Picasa 2
Quake II
Quake III Arena
Quake III Arena Point Release 1.32
QuickBooks Simple Start Special Edition
QuickTime
Scrabble
Scrub
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
ShipEdit
Shockwave
Skin Creator
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spyware Terminator
Star Wars Battlefront
Starcraft
Starfleet Command
SuperHeroes Arena
TaxCut Basic 2006
Text To PDF Converter v1.5
The Sims 2
TrueDownloader 0.82
Ultra WMV Converter 3.1.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
USBControl
VDMSound 2.0.4
Veo Digital Studio
Veo Stingray
Viewpoint Media Player
VobSub v2.23 (Remove Only)
Wallperizer
WAV MP3 Converter 1.30
WD Diagnostics
Winamp (remove only)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
WinRAR archiver
WinZip
WMA To MP3 Encoder 6.05
WMV to VCD SVCD DVD Converter 2.5
WordPerfect Office 12
Xfire (remove only)
XviD MPEG4 Video Codec (remove only)
Yahoo! Internet Mail
Yahoo! Messenger
Zelda Classic 2.10w

#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 17 April 2008 - 08:57 PM

Thanks for the Uninstall list. Before we can continue, I do need to see a fresh HiJackThis Log as well. :thumbsup:

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#5 shadowhawk9272

shadowhawk9272
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 April 2008 - 11:06 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:17 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~2\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~2

\fdiebar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1

\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - S-1-5-18 Startup: USBControl.lnk = C:\Program Files\Adaptec\USBControl\Ausbctrl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: USBControl.lnk = C:\Program Files\Adaptec\USBControl\Ausbctrl.exe (User 'Default

user')
O4 - Startup: Wallperizer.lnk = C:\Program Files\Wallperizer\Wallperizer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: dlbcserv.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: USBControl.lnk = ?
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program

Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: FreshDownload - {0269AAFA-7FF9-4499-8FE6-D92F52B06E82} - C:\Program

Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03

\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {03E667C4-C384-58BF-2082-7E1C1D36E38A} - http://85.255.115.229/1/rdgUS1386.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) -

https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!

\Common\yinsthelper.dll
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - http://offers.e-

centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: xpusb - C:\WINDOWS\SYSTEM32\xpusb.dll
O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)
O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007

\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program

Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7495 bytes

#6 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 18 April 2008 - 01:53 PM

For any future logs, please make sure that WordWrap is turned off, it makes the logs a lot easier for me to read. To turn off WordWrap in Notepad, click Edit, and click Word Wrap to remove the checkmark by it. Thanks. :thumbsup:


Disable Windows Defender until the computer is clean

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save

Step # 1: Disable Ad-Aware 2007 Service

Please disable the Ad-Aware 2007 Service as it may interfere with the fix.
  • On your desktop, click Start.
  • Choose Run.
  • Type services.msc in the open box and click OK or press Enter.
  • Scroll down the list of services and double-click Ad-Aware 2007 Service.
  • In the service properties window that opens, click the STOP button.
  • Under Startup Type, use the pull down menu and select Manual from the list of options.
  • Click OK and exit the Services Control Manager.
  • Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable those settings.


Step # 2 Upload Files


Go to http://virusscan.jotti.org
Copy the following line into the white textbox:
C:\WINDOWS\SYSTEM32\xpusb.dll
Click Submit.
Please post the results of this scan to this thread.


If Jotti is busy, Go to VirusTotal and scan the file(s) there.


Step # 3: Remove Hijackthis Entries

Step # 4 Download and run SmitFraudFix

Using one of the links below download SmitfraudFix (by S!Ri) to your Desktop.


here
or
here


Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


In your next post/reply, I need to see the following:

1. Jotti/VirusTotal results
2. SmitFraudFix Log
3. A fresh HiJackThis Log


Use multiple posts if you can't fit everything into one post.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#7 shadowhawk9272

shadowhawk9272
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 18 April 2008 - 11:21 PM

Results from VirusTotal site...

File xpusb.dll_ received on 04.19.2008 06:03:52 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 6/32 (18.75%)
Loading server information...
Your file is queued in position: 6.
Estimated start time is between 56 and 80 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.18 BDS/Ulrbot.C
Authentium 4.93.8 2008.04.18 -
Avast 4.8.1169.0 2008.04.18 -
AVG 7.5.0.516 2008.04.18 Potentially harmful program Logger.DUK
BitDefender 7.2 2008.04.19 -
CAT-QuickHeal 9.50 2008.04.18 -
ClamAV 0.92.1 2008.04.19 -
DrWeb 4.44.0.09170 2008.04.18 -
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 -
Ewido 4.0 2008.04.18 -
F-Prot 4.4.2.54 2008.04.18 W32/Heuristic-KPP!Eldorado
F-Secure 6.70.13260.0 2008.04.19 -
FileAdvisor 1 2008.04.19 -
Fortinet 3.14.0.0 2008.04.19 -
Ikarus T3.1.1.26 2008.04.19 -
Kaspersky 7.0.0.125 2008.04.19 not-a-virus:Monitor.Win32.PCPandora.f
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.19 -
NOD32v2 3038 2008.04.19 -
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.19 Suspicious file
Prevx1 V2 2008.04.19 -
Rising 20.40.50.00 2008.04.19 -
Sophos 4.28.0 2008.04.19 Sus/Dropper-A
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.19 -
TheHacker 6.2.92.284 2008.04.18 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.18 -
Webwasher-Gateway 6.6.2 2008.04.18 -
Additional information
File size: 549281 bytes
MD5...: 86cafc9da6cc0601ae702f57de1fc1b9
SHA1..: 8220f249b2faf290259209ac8ae064767e9bb772
SHA256: 863067940577dfa50008d0ed92979243431d07bc5b9682020b7baf6e17506f38
SHA512: 5d55693ade1b09a571cd53bab4b30dbe71397d9685771c3109d82bfeb9879ac4
8ebbb35ccde550791cee26a87ba0e749376183018dbaaef6ce9da2e61a807989
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1004da4d
timedatestamp.....: 0x472f007b (Mon Nov 05 11:37:31 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x57fd0 0x58000 6.57 13a6e8e993969a3bb159436bd843da26
.rdata 0x59000 0x13595 0x14000 6.25 fadb25f22d58d101759963c6cfa7cb63
.data 0x6d000 0x5b08 0x3000 5.45 8b0f0303a4ecbd6ee6c863439158938f
.reloc 0x73000 0x5b5a 0x6000 4.33 1f1082d22e3eb0c5c35d30a834deae23

( 9 imports )
> PSAPI.DLL: GetModuleFileNameExA
> WTSAPI32.dll: WTSFreeMemory, WTSQuerySessionInformationA, WTSEnumerateSessionsA, WTSEnumerateProcessesA
> KERNEL32.dll: VirtualProtect, GetModuleFileNameA, CreateMutexA, DisableThreadLibraryCalls, GetCurrentProcess, OpenEventA, ProcessIdToSessionId, Sleep, Process32Next, Process32First, CreateToolhelp32Snapshot, CreateThread, HeapFree, GetProcessHeap, FileTimeToSystemTime, GetDateFormatA, GetTimeFormatA, lstrcpynA, lstrcmpiA, GetTickCount, FlushFileBuffers, WriteFile, SetFilePointer, GetCurrentThreadId, CreateFileA, GetCurrentProcessId, GetComputerNameA, OpenProcess, GetSystemDirectoryA, IsBadReadPtr, HeapAlloc, HeapReAlloc, MultiByteToWideChar, lstrlenW, lstrlenA, GetModuleHandleA, lstrcmpA, EnterCriticalSection, LeaveCriticalSection, ResetEvent, SetEvent, InterlockedDecrement, Module32Next, Module32First, GetTempPathA, FindClose, FindFirstFileA, GlobalAlloc, VirtualFreeEx, MapViewOfFile, GetLocalTime, VirtualAllocEx, IsDebuggerPresent, OutputDebugStringA, FormatMessageA, CreateEventA, SetLastError, QueryPerformanceFrequency, TlsGetValue, TlsSetValue, TlsAlloc, QueryPerformanceCounter, DeleteFileA, ExpandEnvironmentStringsA, ReadFile, GetFileSize, SetFileTime, GetFileTime, lstrcatA, lstrcpynW, FindNextFileA, GlobalFree, SetEndOfFile, GetSystemTime, InterlockedIncrement, SetStdHandle, GetStringTypeW, GetStringTypeA, UnhandledExceptionFilter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetLastError, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TerminateProcess, VirtualFree, HeapCreate, SetUnhandledExceptionFilter, GetSystemTimeAsFileTime, LCMapStringW, LCMapStringA, TlsFree, GetCPInfo, GetOEMCP, GetCommandLineA, GetSystemInfo, VirtualAlloc, RtlUnwind, ExitProcess, VirtualQuery, FlushInstructionCache, SystemTimeToFileTime, IsBadCodePtr, LoadLibraryA, GetProcAddress, WideCharToMultiByte, IsBadWritePtr, ReleaseMutex, UnmapViewOfFile, WriteProcessMemory, CreateFileMappingA, GetVersion, WaitForSingleObject, TerminateThread, FreeLibrary, CloseHandle, FindResourceExA, FindResourceA, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LocalFree, HeapSize, CreateRemoteThread, OpenMutexA, HeapDestroy
> USER32.dll: PostThreadMessageA, IsWindow, DefWindowProcA, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassExA, SendMessageW, SendMessageA, SetWindowLongA, DestroyWindow, MessageBoxA, FindWindowA, EnumWindows, WaitForInputIdle, GetWindowLongA, GetNextDlgTabItem, GetClassNameA, wsprintfA, GetWindowTextLengthA, GetWindowTextA
> ADVAPI32.dll: SetNamedSecurityInfoA, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, InitializeAcl, AddAce, GetLengthSid, CopySid, IsValidSid, RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, DuplicateTokenEx, SetTokenInformation, CreateProcessAsUserA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegSetValueExA, RegCreateKeyExA
> ole32.dll: CLSIDFromString, StringFromCLSID, CoTaskMemFree, StringFromGUID2
> OLEAUT32.dll: -, -, -, -, -, -
> SHLWAPI.dll: PathFileExistsA, StrToIntA, PathStripPathA, PathRemoveExtensionA, PathFindExtensionA, PathFindFileNameA, PathAddBackslashA
> WS2_32.dll: -, -

( 109 exports )
OnLockEvent, OnLogoffEvent, OnLogonEvent, OnShutdownEvent, OnStartScreenSaverEvent, OnStartShellEvent, OnStartupEvent, OnStopScreenSaverEvent, OnUnlockEvent, ProcessGroupPolicy, ProcessGroupPolicyEx, _StorageAddChangeNotification@28, _StorageCheckAndRepair@28, _StorageCheckAndRepairCB2@108, _StorageCheckAndRepairCB@72, _StorageCheckFilePassword@28, _StorageCheckPassword@20, _StorageClose@4, _StorageCloseFile@4, _StorageCompact@8, _StorageCreate@32, _StorageCreateCB@80, _StorageCreateDirectory@8, _StorageCreateFile@48, _StorageCreateFileCompressed@60, _StorageDeleteAndRenameFile@12, _StorageDeleteDirectory@8, _StorageDeleteFile@8, _StorageDeleteFileTag@12, _StorageFileExists@12, _StorageFindClose@8, _StorageFindFirst@16, _StorageFindFirstEx@20, _StorageFindNext@8, _StorageFlushFile@4, _StorageForceCreateDirectories@8, _StorageFormatFixedSize@32, _StorageFormatFixedSizeCB@76, _StorageGetAutoCompact@8, _StorageGetBuffering@8, _StorageGetCaseSensitive@8, _StorageGetEncryption@8, _StorageGetFileAttributes@12, _StorageGetFileCompression@20, _StorageGetFileCreationTime@12, _StorageGetFileEncryption@12, _StorageGetFileLastAccessTime@12, _StorageGetFileModificationTime@12, _StorageGetFileSize@8, _StorageGetFileSizeLong@8, _StorageGetFileTag@20, _StorageGetFileTagInfo@20, _StorageGetFileTimes@20, _StorageGetInfo@12, _StorageGetLinkDestination@12, _StorageGetLinkDestinationEx@16, _StorageGetMaxPagesCount@8, _StorageGetSeparator@8, _StorageGetSizes@16, _StorageGetUseAccessTime@8, _StorageGetUseTransactions@8, _StorageGetVersion@4, _StorageIsDirectoryEmpty@12, _StorageIsReadOnly@8, _StorageIsValidStorage@4, _StorageIsValidStorageCB@48, _StorageLink@12, _StorageMoveFile@12, _StorageOpen@20, _StorageOpenCB@68, _StorageOpenFile@36, _StorageOpenReadOnly@20, _StorageOpenRootData@8, _StorageReadFile@16, _StorageReadFileWithSeek@24, _StorageRemoveChangeNotification@8, _StorageResolveLink@16, _StorageSeekFile@16, _StorageSeekFileLong@20, _StorageSetAutoCompact@8, _StorageSetBuffering@8, _StorageSetCaseSensitive@8, _StorageSetCustomCompressionHandlers@16, _StorageSetCustomEncryptionHandlers@24, _StorageSetEncryption@24, _StorageSetEncryptionEx@32, _StorageSetEndOfFile@4, _StorageSetFileAttributes@12, _StorageSetFileCompression@28, _StorageSetFileCreationTime@16, _StorageSetFileEncryption@28, _StorageSetFileLastAccessTime@16, _StorageSetFileModificationTime@16, _StorageSetFilePassword@16, _StorageSetFileSize@8, _StorageSetFileSizeLong@12, _StorageSetFileTag@20, _StorageSetFileTimes@32, _StorageSetLogo@8, _StorageSetMaxPagesCount@8, _StorageSetPassword@12, _StorageSetRegistrationKey@4, _StorageSetSeparator@8, _StorageSetUseAccessTime@8, _StorageSetUseTransactions@8, _StorageTellFile@8, _StorageTellFileLong@8, _StorageWriteFile@16, _StorageWriteFileWithSeek@24

#8 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 19 April 2008 - 12:50 AM

Please do steps 3 and 4 of my last post and post back the SmitFraudFix log and a fresh HiJackThis log for me to look over.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#9 shadowhawk9272

shadowhawk9272
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 19 April 2008 - 02:54 AM

ok... sorry about that... I ran smitfraud and it keeps freezing up... I let it run for like 3 hours and still nothing... it does fine right up until it gets to Scanning Winlogon then nothing. What am I doing wrong?

#10 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 19 April 2008 - 03:43 PM

Try booting into Safe Mode and running it from there.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#11 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 22 April 2008 - 01:32 PM

shadowhawk9272? Do you still need help?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#12 shadowhawk9272

shadowhawk9272
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 23 April 2008 - 07:42 AM

sorry I was not at home most of the past two days... I still can't get smitfraud to work... I ran it in safe mode and it did the same thing as before.

#13 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 23 April 2008 - 01:37 PM

I'll have you try a different tool then. :thumbsup:

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to save ComboFix.exe to your Desktop

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleaning the system:

C:\ComboFix.txt
New HijackThis log.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#14 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:33 AM

Posted 28 April 2008 - 02:05 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

MalWare Removal University Master

Member of ASAP
unite_Invision.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users