Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Go Direct To Sites.


  • Please log in to reply
20 replies to this topic

#1 John in Oman

John in Oman

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 02 September 2008 - 12:42 AM

For apparently no reason I am now being shown a little box not unlike a radio connection, which has Links and the name of the site i am trying to get into in this box. Even when moving from one sector of a site to another this will pop up. Only when I click on the enlarge box in this little pest will I get put through to the site.

Thanking you in advance for any help in getting rid of this.

Edited by John in Oman, 02 September 2008 - 12:43 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 PM

Posted 02 September 2008 - 06:41 AM

Your last threads here were related to proxies and vpn's, could this be related?

Let's investigate a little please

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Chewy

No. Try not. Do... or do not. There is no try.

#3 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 03 September 2008 - 04:47 AM

Thank you again Chewy. As it happens I have noy had the need for any proxy or VPN so I do not thin it is that. I will do as you suggest though and await the results. regards. John

Chewy. I am hesitant to conmtinue. A blue box appeared with something about a joedanger anf fraudulant use or some such thing - is this OK

Edited by John in Oman, 03 September 2008 - 04:53 AM.


#4 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 03 September 2008 - 05:35 AM

Chewy. Take no notice of my last sentence. Have done it and will now try to post it up!!

Cheers John
SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

SmitFraudFix v2.345

Scan done at 11:22:35.63, Wed 09/03/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\User


C:\Users\User\Application Data


Start Menu


C:\Users\User\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


RK



DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 58.69.254.79
DNS Server Search Order: 58.69.254.105
DNS Server Search Order: 58.69.254.12
DNS Server Search Order: 58.69.254.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{437A5BB6-5749-4DD3-BE93-B060F9C897C1}: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=58.69.254.79 58.69.254.105 58.69.254.12 58.69.254.71


Scanning for wininet.dll infection


End

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 PM

Posted 03 September 2008 - 07:41 AM

do you have an entry for search settings in add/remove programs?

my googling keeps hitting limewire and hjt logs where people didn't finish
Chewy

No. Try not. Do... or do not. There is no try.

#6 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 03 September 2008 - 07:30 PM

Yes Chewy I have.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 PM

Posted 03 September 2008 - 07:37 PM

that's the only thing I could find in your log that might relate to the problem


let's run a scan with MBAM and see if anything turns up

http://www.bleepingcomputer.com/forums/ind...st&p=932522
Chewy

No. Try not. Do... or do not. There is no try.

#8 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 03 September 2008 - 09:12 PM

OK have done and nothing was found!

Edited by John in Oman, 03 September 2008 - 09:22 PM.


#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 PM

Posted 03 September 2008 - 09:50 PM

You might uninstall that program

and/or repair IE

http://www.theeldergeek.com/repair_ie6.htm

and or

check under tools in IE under manage addons
Chewy

No. Try not. Do... or do not. There is no try.

#10 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 04 September 2008 - 06:08 AM

Will try all those. Your help is MUCH appreciated Chewy. thank you again!

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 PM

Posted 04 September 2008 - 06:24 AM

In the absence of malware symptoms or when you are getting clean scans, it might be a good idea to post in the VISTA forum as there you can a few more opinions

It's always a good idea to eliminate malware from the equation tho

Edited by DaChew, 04 September 2008 - 06:26 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#12 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 04 September 2008 - 06:27 AM

I have Vista not XP Chewy. That is why I orginally posted under Vista!

Edited by John in Oman, 04 September 2008 - 06:28 AM.


#13 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 05 September 2008 - 07:50 AM

I originally posted in the Vista Forum and was moved here!!!!!!!!!!! What to do? As they say where I live.

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:51 PM

Posted 05 September 2008 - 08:33 AM

have you removed that search settings program and attempted a repair of IE?
Chewy

No. Try not. Do... or do not. There is no try.

#15 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 September 2008 - 04:14 AM

Chewy. I have not used the 'geek' as it is for XP and not vista. I have deleted add ons but not done a repair as i do not know the best way to do this. Could you advise on this please?

Thanks and regards.
John




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users