Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfrau


  • Please log in to reply
12 replies to this topic

#1 scordera

scordera

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 20 March 2007 - 03:14 PM

Hi you guys

Im Steve. Im new here and im pretty much an ignoramus when it comes to my computer. I think i have the dreaded Smitrfraud trojan. I've tried the new Smitrem several times and still no luck. I get this warning as soon as smitrem starts up after clicking through all the directions "C:\smitfrau.reg error accessing registry" I run the program anyway and then when I run Spybot s&d it shows that smitfraud is still there. What do I do now?

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:16 PM

Posted 22 March 2007 - 05:44 PM

Hello scordera and welcome to the BC HijackThis forum. Let's see what's on the system.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 scordera

scordera
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 27 March 2007 - 10:04 PM

Hey Old Timer.

I down loaded your program and tried running it several times. I also tried running it on safe mode. each time it started to scan and my Hard Drive started running but it seems to stall when it is scanning the "Run keys" I believe. At any rate I let it run for a very long time and then when it seems to get stuck I checked the task manager and it says "not responding" I'm so bummed. I am assuming you need this log to figure out exactly what crap I have on my puter. Any other suggestions?

Desperately yours.
Steve.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:16 PM

Posted 28 March 2007 - 04:00 AM

Hi scordera. There was a bug in version 1.0.30 that did that. If that is the version that you have then delete the downloaded file and the folder it created. Then download the latest version from here and extract the folder and run the program again.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 scordera

scordera
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 28 March 2007 - 09:16 AM

Hi Oldtimer,

I tried the scan again (the old one I had was version .28) this time with version .31 but it still stalled while scanning the run keys.

Thanks
Steve

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:16 PM

Posted 28 March 2007 - 02:51 PM

Hi scordera. It might be that the registry is damaged. Let's try a different scanner.

Download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Post the ComboFix log file back here and I will review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 scordera

scordera
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 30 March 2007 - 12:21 PM

Dear Mr. Old Timer,

Thanks so much for all your help here is that log. You are a champ!!!

"Augustus" - Wed 05/23/2007 12:19:29 Service Pack 4
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Augustus\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\DOCUME~1\Augustus\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\Augustus\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Common Files\{10BDA~1\system.dll
C:\Program Files\Common Files\{10BDA~1\Update.exe
C:\WINNT\system32\unsvchosts.lzma
C:\WINNT\svchost.exe
C:\WINNT\system32\v6.exe
C:\DOCUME~1\Augustus\APPLIC~1.\searchtoolbarcorp
C:\Program Files\outerinfo
C:\Program Files\Common Files\{10BDA~1
C:\Program Files\vsadd-in\VSAdd-in.dll
C:\WINNT\system32\svchosts.exe
C:\Program Files\vsadd-in
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Augustus
C:\qoobox\purity\DOCUME~1\Augustus\APPLIC~1
C:\qoobox\purity\DOCUME~1\Augustus\MYDOCU~1
C:\qoobox\purity\DOCUME~1\Augustus\APPLIC~1\from.txt
C:\qoobox\purity\DOCUME~1\Augustus\APPLIC~1\MANTEC~1
C:\qoobox\purity\DOCUME~1\Augustus\APPLIC~1\SSTEM~1
C:\qoobox\purity\DOCUME~1\Augustus\MYDOCU~1\CROSOF~1
C:\qoobox\purity\DOCUME~1\Augustus\MYDOCU~1\from.txt
C:\qoobox\purity\DOCUME~1\Augustus\MYDOCU~1\MCROSO~1
C:\qoobox\purity\DOCUME~1\Augustus\MYDOCU~1\SEMBLY~1
C:\qoobox\purity\Program Files\MBOLS~1
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\Program Files\Common Files\ASKS~1
C:\qoobox\purity\Program Files\Common Files\DOBE~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\SSTEM3~1\chkdsk.exe
C:\qoobox\purity\Program Files\SSTEM3~1\?racle
C:\qoobox\purity\WINNT\FNTS~1
C:\qoobox\purity\WINNT\MCROSO~1.NET
C:\qoobox\purity\WINNT\SEMBLY~1
C:\qoobox\purity\WINNT\SSTEM3~1
C:\qoobox\purity\WINNT\system32\ASEMBL~1
C:\qoobox\purity\WINNT\system32\DOBE~1
C:\qoobox\purity\WINNT\system32\SEMBLY~1
C:\qoobox\purity\WINNT\system32\SSTEM3~1
C:\qoobox\purity\WINNT\system32\WNSXS~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-23 to 2007-05-23 ))))))))))))))))))))))))))))))))))


2007-05-22 12:59 60,928 --a------ C:\WINNT\system32\got.dll
2007-05-21 10:34 1,283,318 ---hs---- C:\WINNT\system32\ponmp.bak1
2007-05-20 13:25 26,730 --a------ C:\WINNT\system32\opnlkjj.dll
2007-05-20 00:38 60,928 --------- C:\WINNT\system32\hforjm.dll
2007-05-19 23:35 132,116 --a------ C:\WINNT\system32\exbclugk.dll
2007-05-19 23:17 48,708 --a------ C:\WINNT\system32\aheerrkg.dll
2007-05-19 21:57 76,412 --a------ C:\WINNT\system32\gbwejgun.dll
2007-05-18 23:16 132,116 --a------ C:\WINNT\system32\qjkslejg.dll
2007-05-17 16:44 132,116 --a------ C:\WINNT\system32\wxbxneqt.dll
2007-05-17 16:41 132,116 --a------ C:\WINNT\system32\bffowwns.dll
2007-05-16 14:32 132,116 --a------ C:\WINNT\system32\hleodsui.dll
2007-05-16 11:44 123,972 --a------ C:\WINNT\system32\mwixecui.dll
2007-05-15 09:38 60,928 --------- C:\WINNT\system32\vodvldxa.dll
2007-05-13 18:02 93,696 --a------ C:\WINNT\system32\drvsal.dll
2007-05-13 18:01 81,408 --a------ C:\WINNT\system32\luhbwjj.dll
2007-05-13 18:01 26,697 --a------ C:\WINNT\system32\pmnomnm.dll
2007-05-13 16:04 <DIR> d-------- C:\WINNT\Content.IE5
2007-05-13 16:03 1,458 --a------ C:\smitfra.reg
2007-05-13 16:02 88,524 --a------ C:\smitfrau.reg
2007-05-13 16:02 16,824 --a------ C:\replace.cmd
2007-05-13 09:42 93,696 --a------ C:\WINNT\system32\drvnuf.dll
2007-05-13 09:42 80,896 --a------ C:\WINNT\system32\iwsfepk.dll
2007-05-13 09:42 26,685 ---hs---- C:\WINNT\system32\khfgdde.dll
2007-05-13 00:43 93,696 --a------ C:\WINNT\system32\drvheh.dll
2007-05-13 00:43 80,896 --a------ C:\WINNT\system32\btmmuoj.dll
2007-05-13 00:42 26,685 ---hs---- C:\WINNT\system32\byxustu.dll
2007-05-12 23:29 88,340 --a------ C:\WINNT\system32\qmjcqfiq.exe
2007-05-12 22:00 93,696 --a------ C:\WINNT\system32\drvnuc.dll
2007-05-12 22:00 80,896 --a------ C:\WINNT\system32\dyabmkn.dll
2007-05-12 22:00 26,685 ---hs---- C:\WINNT\system32\awturqq.dll
2007-05-12 21:58 76,412 --a------ C:\WINNT\system32\bxxnnsdi.dll
2007-05-12 17:11 88,340 --a------ C:\WINNT\system32\yftctryx.exe
2007-05-12 02:52 60,416 --------- C:\WINNT\system32\apekbjo.dll
2007-05-11 14:10 88,340 --a------ C:\WINNT\system32\krcnhubn.exe
2007-05-11 14:10 76,412 --a------ C:\WINNT\system32\lymurrnw.dll
2007-05-11 14:10 132,116 --a------ C:\WINNT\system32\mktsipec.dll
2007-05-11 14:06 93,696 --a------ C:\WINNT\system32\drvjom.dll
2007-05-11 14:06 26,685 ---hs---- C:\WINNT\system32\fcccyab.dll
2007-05-11 10:47 76,412 --a------ C:\WINNT\system32\eveqopfy.dll
2007-05-11 10:47 132,116 --a------ C:\WINNT\system32\haikepmp.dll
2007-05-10 20:30 76,412 --a------ C:\WINNT\system32\tdbychdi.dll
2007-05-10 19:04 60,416 --------- C:\WINNT\system32\eajsxab.dll
2007-05-09 20:29 132,116 --a------ C:\WINNT\system32\excacolc.dll
2007-05-09 15:12 60,416 --------- C:\WINNT\system32\wmeei.dll
2007-05-08 20:29 88,340 --a------ C:\WINNT\system32\pcfirhdv.exe
2007-05-08 20:29 76,412 --a------ C:\WINNT\system32\sxpsbuol.dll
2007-05-08 19:57 60,416 --------- C:\WINNT\system32\tvvcv.dll
2007-05-08 19:55 80,896 --a------ C:\WINNT\system32\gbhebvn.dll
2007-05-08 19:55 57,344 --a------ C:\WINNT\system32\lcrwijj.dll
2007-05-08 19:54 93,696 --a------ C:\WINNT\system32\drvvis.dll
2007-05-08 19:54 26,685 ---hs---- C:\WINNT\system32\mljkllk.dll
2007-05-07 19:58 76,412 --a------ C:\WINNT\system32\eeagbyxn.dll
2007-05-07 19:54 2 --a------ C:\WINNT\system32\wnsinticomsv32.exe
2007-05-06 16:29 56,832 --------- C:\WINNT\system32\mxouukj.dll
2007-05-06 16:28 93,696 --a------ C:\WINNT\system32\drvpip.dll
2007-05-06 16:28 81,408 --a------ C:\WINNT\system32\gnzplpe.dll
2007-05-06 16:28 26,685 ---hs---- C:\WINNT\system32\awttrrs.dll
2007-05-06 16:25 88,340 --a------ C:\WINNT\system32\hivromxb.exe
2007-05-06 16:24 76,412 --a------ C:\WINNT\system32\ymxphivs.dll
2007-05-06 13:03 88,340 --a------ C:\WINNT\system32\odvwtavc.exe
2007-05-06 13:03 76,412 --a------ C:\WINNT\system32\vvfruqrd.dll
2007-05-06 13:03 282,212 --------- C:\WINNT\system32\pmnop.dll
2007-05-06 11:33 93,696 --a------ C:\WINNT\system32\drvxim.dll
2007-05-06 11:33 81,920 --a------ C:\WINNT\system32\djczamk.dll
2007-05-06 11:33 26,685 ---hs---- C:\WINNT\system32\tuvtrst.dll
2007-05-05 02:41 76,412 --a------ C:\WINNT\system32\crvaceab.dll
2007-05-05 02:41 132,116 --a------ C:\WINNT\system32\bwdouula.dll
2007-05-05 02:40 88,340 --a------ C:\WINNT\system32\ljxfpnmb.exe
2007-05-04 20:46 93,696 --a------ C:\WINNT\system32\drvbef.dll
2007-05-04 20:46 81,408 --a------ C:\WINNT\system32\qutbgsk.dll
2007-05-04 20:46 26,685 ---hs---- C:\WINNT\system32\hggfcay.dll
2007-05-04 16:14 131,604 --a------ C:\WINNT\system32\yephjsfq.dll
2007-05-04 16:13 88,340 --a------ C:\WINNT\system32\bnjpxqsi.exe
2007-05-04 16:13 76,412 --a------ C:\WINNT\system32\nhpwpspc.dll
2007-05-04 15:48 93,696 --a------ C:\WINNT\system32\drvhow.dll
2007-05-04 15:48 81,408 --a------ C:\WINNT\system32\xntamyk.dll
2007-05-04 15:47 26,685 ---hs---- C:\WINNT\system32\fccyxvt.dll
2007-05-04 14:36 93,696 --a------ C:\WINNT\system32\drvfus.dll
2007-05-04 14:35 26,685 ---hs---- C:\WINNT\system32\mljklkk.dll
2007-05-04 12:23 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2007-05-04 04:13 71,168 ---h----- C:\Program Files\Common Files\svchost.exe
2007-05-03 13:42 88,340 --a------ C:\WINNT\system32\xwupwanf.exe
2007-05-03 13:42 76,412 --a------ C:\WINNT\system32\eakotcjn.dll
2007-05-03 13:42 131,604 --a------ C:\WINNT\system32\favsfoqx.dll
2007-05-03 13:42 123,412 --a------ C:\WINNT\system32\mhoydhau.dll
2007-05-03 13:36 93,696 --a------ C:\WINNT\system32\drvtit.dll
2007-05-03 13:36 81,408 --a------ C:\WINNT\system32\cogzokl.dll
2007-05-03 13:36 57,856 --a------ C:\WINNT\system32\myxnrwm.dll
2007-05-03 13:36 26,685 ---hs---- C:\WINNT\system32\tuvsrom.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-23 12:30 16384 --a----t- C:\WINNT\system32\perflib_perfdata_2ac.dat
2007-05-23 12:30 1273095 ---hs---- C:\WINNT\system32\ponmp.bak2
2007-05-13 10:29 2 --a------ C:\WINNT\system32\wnsintcc.exe
2007-04-09 18:40 -------- d-a------ C:\Program Files\visioneer onetouch
2007-04-09 18:33 -------- d-------- C:\Program Files\scansoft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Mercora"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -min"
"PPWebCap"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Ctau"="\"C:\\PROGRA~1\\SSTEM3~1\\chkdsk.exe\" -vt yazb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"WG511WLU"="C:\\Program Files\\NETGEAR\\WG511\\Utility\\WG511WLU.exe"
"Omnipage"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"
"HPDJ Taskbar Utility"="C:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"iRiver Updater"="\\Updater.exe"
"AdService"="C:\\WINNT\\system32\\AdService.dll"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"CanonMyPrinter"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
"OneTouch Monitor"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"
"syswin"="C:\\WINNT\\system32\\v6.exe"
"cogzokl.dll"="C:\\WINNT\\system32\\rundll32.exe \"C:\\Documents and Settings\\Augustus\\Local Settings\\Application Data\\cogzokl.dll\",othjajc"
"{10BDA6B4-016B-1033-0129-0029000001}"="\"C:\\Program Files\\Common Files\\{10BDA6B4-016B-1033-0129-0029000001}\\Update.exe\" mc-110-12-0000272"
"2chkdsk"="rundll32.exe \"C:\\WINNT\\system32\\mhoydhau.dll\",setvm"
"CTDrive"="rundll32.exe C:\\WINNT\\system32\\drvsal.dll,startup"
"SoundService"="rundll32.exe \"C:\\WINNT\\system32\\mwixecui.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"TFMWhSnid"="{10BDA6B5-BA17-0C1F-81EE-2A7A51F4D62C}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkjj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnop
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winclk32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: Wed 2007-05-23 12:39:49

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:16 PM

Posted 30 March 2007 - 04:36 PM

Hi scordera. Wow, what a mess lol. Let's see if we can clean some of that up. Please print these directions and then proceed with the following steps in order.

Step #1

Download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Step #2

Reboot your computer normally and download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Step #3

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • The SmitFraudFix report - C:\rapport.txt
  • The VundoFix log - C:\vundofix.txt
  • The report from AVG Anti-Spyware
  • Try running WinPFind3u again and if it works post that log back here also. If it doesn't work yet post a new ComboFix log back here.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 scordera

scordera
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 31 March 2007 - 02:07 PM

Dear Old Timer

Here is the log from the AVG scan
beneath that you will find the "rapport" Log

THANKS SO MUCH
STEVE

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:23:56 PM 5/24/2007

+ Scan result:



C:\WINNT\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Softwin\BitDefender8\Quarantine\svchop.exe -> Downloader.Delf.ks : Cleaned with backup (quarantined).
C:\WINNT\system32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup (quarantined).
C:\WINNT\system32\winclk32.dll -> Downloader.Small.cml : Cleaned with backup (quarantined).
[160] C:\WINNT\system32\winclk32.dll -> Downloader.Small.cml : Cleaned with backup (quarantined).
C:\Program Files\Softwin\BitDefender8\Quarantine\nvctrl.exe -> Downloader.Zlob.gw : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3B8324C3-F96C-4B73-8804-758FAA\97BCF888-DBA4-4621-B1C3-F23E0C -> Not-A-Virus.Hoax.Win32.Renos.bv : Cleaned with backup (quarantined).
C:\WINNT\system32\twain32.dll_tobedeleted -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.362:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.438:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.454:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.529:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.406:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.407:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\WINNT\Cookies\augustus@rotator.dex.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\WINNT\Cookies\augustus@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.32:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.35:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.36:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.38:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.110:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.427:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.367:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.368:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.359:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.442:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.663:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@e-2dj6wjkyopdpolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@e-2dj6wjlowiczgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.124:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.176:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.360:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.392:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.738:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.739:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.317:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.318:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.351:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.352:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.353:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.354:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.355:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.374:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.690:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.691:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.692:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.693:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.694:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.695:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.166:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.167:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.314:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.315:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.316:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.576:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.292:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.293:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.294:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.295:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.364:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.365:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.366:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.178:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.179:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.180:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.187:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.188:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.189:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.152:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.153:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.154:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.155:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.156:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.157:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.158:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.159:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.160:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.161:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.162:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.169:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.170:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.171:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.172:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.173:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.174:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.175:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.426:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.608:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.609:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.610:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.611:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.612:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.226:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.227:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.228:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.229:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.230:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.182:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.183:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.184:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.185:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.186:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.373:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.128:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.129:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.130:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.168:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.390:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.652:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.653:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Augustus\Cookies\augustus@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.222:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.223:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.224:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.225:C:\Documents and Settings\Augustus\Application Data\Mozilla\Firefox\Profiles\xk7elvj4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINNT\system32\_dmm_.exe -> Trojan.Dialer.is : Cleaned with backup (quarantined).
C:\os32mgr.dll -> Trojan.Zapchast.p : Cleaned with backup (quarantined).


::Report end











mitFraudFix v2.162

Scan done at 9:31:02.29, Thu 05/24/2007
Run from C:\Documents and Settings\Augustus\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINNT\system32\AdService.dll Deleted
C:\WINNT\system32\drvsal.dll Deleted

DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{47910412-2E51-4273-A954-6EB0BF2CD1C3}: DhcpNameServer=167.206.245.16 167.206.245.15 167.206.245.80
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACAE0CEE-2749-436C-BCF9-5EFBD27E05EE}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1D1F0C7E-FF3B-4286-9852-3A628526D195}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACAE0CEE-2749-436C-BCF9-5EFBD27E05EE}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{47910412-2E51-4273-A954-6EB0BF2CD1C3}: DhcpNameServer=167.206.245.16 167.206.245.15 167.206.245.80
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ACAE0CEE-2749-436C-BCF9-5EFBD27E05EE}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{47910412-2E51-4273-A954-6EB0BF2CD1C3}: DhcpNameServer=167.206.245.16 167.206.245.15 167.206.245.80
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACAE0CEE-2749-436C-BCF9-5EFBD27E05EE}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.16 167.206.245.15 167.206.245.80
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.16 167.206.245.15 167.206.245.80
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.16 167.206.245.15 167.206.245.80


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

Edited by scordera, 31 March 2007 - 02:23 PM.


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:16 PM

Posted 01 April 2007 - 08:54 AM

Looks good. What about the other 2?

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 scordera

scordera
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 01 April 2007 - 09:32 AM

The other two? Were they in the instructions you sent me? I only kept track of the ones you in the directions. WHat are they called and where might they be?

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:16 PM

Posted 01 April 2007 - 09:42 AM

See post #8:

Step #4

Post the following back here:

* The SmitFraudFix report - C:\rapport.txt
* The VundoFix log - C:\vundofix.txt
* The report from AVG Anti-Spyware
* Try running WinPFind3u again and if it works post that log back here also. If it doesn't work yet post a new ComboFix log back here.

The VundoFix and either a WinPFind3u or ComboFix log

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 scordera

scordera
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 01 April 2007 - 09:46 AM

Ooops. Sorry. I printed the directions up and they were truncated. My bad. I'll post the rest tomorrow AM.

Thanks so much for all you're help you guys are truly a combination Justice League and Lone Rangers of the internet.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users