Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud And Combo Fix For System Alert Problem I Am Having


  • This topic is locked This topic is locked
1 reply to this topic

#1 adar

adar

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 25 June 2007 - 09:55 AM

smitfraudfix and combo fix. I was told to post a new topic with these i think.

SmitFraudFix v2.195

Scan done at 2:49:12.73, Tue 06/26/2007
Run from C:\Documents and Settings\Matt\My Documents\My Received Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matt


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matt\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Matt\FAVORI~1

C:\DOCUME~1\Matt\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5bf53d50-b1ec-47b6-a00a-0bd32baeb7ef}"="damkjernite"

[HKEY_CLASSES_ROOT\CLSID\{5bf53d50-b1ec-47b6-a00a-0bd32baeb7ef}\InProcServer32]
@="C:\WINDOWS\system32\ckimzeb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5bf53d50-b1ec-47b6-a00a-0bd32baeb7ef}\InProcServer32]
@="C:\WINDOWS\system32\ckimzeb.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 202.27.158.40
DNS Server Search Order: 202.27.156.72

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 212.17.32.3
DNS Server Search Order: 212.17.32.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{45AAFDB7-3CD3-4231-8D34-11EF15F132CC}: DhcpNameServer=212.17.32.3 212.17.32.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{626C269C-37D3-4909-8B82-103CA1F0B047}: NameServer=202.27.158.40,202.27.156.72
HKLM\SYSTEM\CS1\Services\Tcpip\..\{45AAFDB7-3CD3-4231-8D34-11EF15F132CC}: DhcpNameServer=212.17.32.3 212.17.32.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{626C269C-37D3-4909-8B82-103CA1F0B047}: NameServer=202.27.158.40,202.27.156.72
HKLM\SYSTEM\CS3\Services\Tcpip\..\{45AAFDB7-3CD3-4231-8D34-11EF15F132CC}: DhcpNameServer=212.17.32.3 212.17.32.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{626C269C-37D3-4909-8B82-103CA1F0B047}: NameServer=202.27.158.40,202.27.156.72
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.17.32.3 212.17.32.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.17.32.3 212.17.32.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.17.32.3 212.17.32.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


"Matt" - 2007-06-26 2:27:57 - ComboFix 07-06-25.3 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ckimzeb.dll


((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))


2007-06-26 02:25 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 02:23 3,870 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-26 02:22 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-26 02:22 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-26 02:22 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-11 22:26 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-11 21:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-11 19:40 <DIR> d-------- C:\DOCUME~1\Matt\.housecall6.6
2007-06-10 19:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-10 15:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-10 15:06 <DIR> d-------- C:\Program Files\RogueRemover
2007-06-10 12:12 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-06-09 23:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-09 23:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-09 23:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-07 11:33 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\DivX
2007-06-07 11:31 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-07 11:31 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-07 11:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-07 11:31 <DIR> d-------- C:\Program Files\DivX
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 18:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 18:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 18:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-31 08:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-31 08:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 13:54:47 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 13:05:31 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-27 07:03:57 -------- d-----w C:\Program Files\Instant Article Creator
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 10:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 10:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 10:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 10:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 10:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 10:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 10:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 10:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 03:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-07 01:20]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2006-02-07 19:35]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2006-10-17 12:44]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 22:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 11:29 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 19:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 23:43 C:\WINDOWS\Alcmtr.exe]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 12:13]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 08:25]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 10:02]
"TDispVol"="TDispVol.exe" [2005-03-12 11:03 C:\WINDOWS\system32\TDispVol.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 20:32]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 11:26]
"AirCardEnabler"="C:\Program Files\Sierra Wireless\Network Adapter Manager\Network Adapter Manager.exe" [2005-06-30 11:19]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 16:38]
"CFSServ.exe"="CFSServ.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-11 12:40]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 20:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 00:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 18:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5bf53d50-b1ec-47b6-a00a-0bd32baeb7ef}"="C:\WINDOWS\system32\ckimzeb.dll" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-06-15 08:23:33 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Matt.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 02:36:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 2:39:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-26 02:38

--- E O F ---

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:58 AM

Posted 01 July 2007 - 10:54 AM

Since you are being helped here by RichieUK
http://www.bleepingcomputer.com/forums/t/95940/annoying-safety-alert-sends-me-to-spycrushcom-spyware-scanner/
I am closing this thread.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users