PDA

View Full Version : need hlp with smitfraud-c.core and command service pls !!


johnny101
2007-10-25, 01:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:47 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [54a89a04] rundll32.exe "C:\WINDOWS\system32\vvaymjiw.dll",b
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 2391 bytes
johnny101
2007-10-25, 01:24
:\check_LSA7.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\john\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\john\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\john\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\john\Local Settings\History\History.IE5\MSHist012007102420071025\index.dat Object is locked skipped

C:\Documents and Settings\john\Local Settings\Temp\~DF70F2.tmp Object is locked skipped

C:\Documents and Settings\john\Local Settings\Temp\~DFFA51.tmp Object is locked skipped

C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\john\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\john\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\infected\04H3ZDAA.NQF Infected: Trojan.Win32.Agent.bck skipped

C:\Program Files\ESET\infected\FWMJJYAA.NQF Infected: Trojan.Win32.Agent.bck skipped

C:\Program Files\ESET\infected\HXPOMKCA.NQF Infected: Trojan.Win32.Agent.bck skipped

C:\Program Files\ESET\infected\UL4LHPBA.NQF Infected: Trojan.Win32.Agent.bck skipped

C:\Program Files\ESET\infected\XLEZLLCA.NQF Infected: Trojan.Win32.Agent.bck skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\Program Files\Windows Media Player\meso4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\Program Files\Windows Media Player\meso83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP24\A0000424.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP25\A0000479.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aa skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\A0001884.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\A0001884.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\A0001888.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\A0001888.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\A0001888.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\A0001889.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\A0001889.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP26\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\bit2\cbc12wv.exe Infected: Trojan-Downloader.Win32.Small.gci skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\kqkxfypu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped

C:\WINDOWS\system32\nqtwa.tmp2 Object is locked skipped

C:\WINDOWS\system32\oTt02e\oTt02e1065.exe Infected: Trojan-Downloader.Win32.VB.bnq skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\tsitra1000106.exe Infected: Trojan-Downloader.Win32.Agent.ecz skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c9fb976155d6e76aea10cc4e976b8cd_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3314af48c549b257306371e29025e26b_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ed577e869b780b5b38c938f66cedfce_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4878d779fa78f7cdbd86a6b7c28b8787_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54463f79ad6396a03a080058688461da_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\749e0b35f180baf5d0dda2bf1f920b13_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cf50a1ea0f07735ecf0a07342f576fb_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a2fa8eb2b1b5c07115bb76ae8fdd30e_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\905ff20a972188228b26e07ae69b4672_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\928e165d37427636dc1ab327dbb37ca2_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc67130ce94230c0f8261f17fa5b1f07_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c657aef2d136378428209859eed74506_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6dcec925d38f3ef4246b5b9350d0e8d_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d56ccbb133833c4b8d2d561c7991a2f0_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f02d48f9dbb153926675881eb31647c7_b9393473-ecfb-4762-b88d-7261cc44b07a Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloff.zip/startdrv.exe Suspicious: Password-protected-EXE skipped

E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloff.zip ZIP: suspicious - 1 skipped

E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloff2.zip/startdrv.exe Suspicious: Password-protected-EXE skipped

E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloff2.zip ZIP: suspicious - 1 skipped

E:\F7.tmp Infected: Trojan-Downloader.Win32.Agent.ear skipped

E:\F8.tmp Infected: Trojan-Downloader.Win32.Agent.ear skipped

E:\F9.tmp Infected: Trojan-Downloader.Win32.Agent.ear skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{AB9E897D-C5FF-49FF-9575-4ADB3B2EDBBF}\RP25\A0000791.dll Infected: Trojan-Spy.Win32.Banker.exc skipped

E:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

E:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

Scan process completed.
johnny101
2007-10-25, 01:26
these suckers are really messing with my system . i hope that is the info you will need to hlp me remove them .
johnny101
2007-10-26, 15:57
thanks anyway but i got tired of messing with them so i done a full formatt and reinstalled windows ...everything is great now .. thanks anyways guys i know you dudes are very bizzy and could be awhile before hlp arrived. its great you guys are taking the time to hlp people .....thxs agine.
pskelley
2007-11-01, 14:03
I apologize we could not provide service as fast as you required. I am sure you are aware that all helpers are volunteers and taking time from their "real lives" to help. Most forums are running about 3-5 days and here we have this link to keep you from going past four:
The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

Sorry you had to reformat, but sometimes that is the wisest decision, here is valuable information for you.

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.