Hi,

Ok so my laptop was running fine untill a couple of days ago when all of a sudden it started to hang whenever i switched it on. Now when i log on it loads the desktop but the start bar freezes everytime. Sometimes i can get out of it by opening task manager, other times i have to restart my computer. Im fairly sure that this is being caused by spyware, so i did a virus scan with zone alarm and also checked everything with spybot. Spybot found and removed several things, however one thing it couldnt get rid of was called, Smitfraud.cc. In spybot it said to download processxp and to remove some .dll's from the winlogon file, however i couldnt find the specific dll's mentioned in spybot so i have left it alone for fear of destroying my laptop.

Here is my hijack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 15:50:29, on 08/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
D:\program files\quicktime\qttask.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijack This\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\NATHAN~1\LOCALS~1\Temp\20067201823_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD X Studios\DVD X Utilities 1.5\DVDGhost\DVDGhost.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nathanielspace.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

I would really appreciate any help that you could give me as this is a laptop that i really only use for work and so cant really afford to have it out of action. Hopefully ive given you everything you need but if not just let me know.

Thanks in advance for any help.

Nathaniel

Hi Nathaniel
Post a SpyBot results report.
Run SpyBot check for problems, fix all red items, when its finished right click and choose copy results
(not full report) to clipboard and past that back here please.

Also get a panda online scan and post its report.

Hi.

First of all thanks for the response. Ok i have ran spybot and panda online virus scan, please find the reports below. Just to let you know that nothing has changed since my original post, it still hangs at startup and i have also noticed that the sound windows plays at startup is incredibly distorted, this is also true of sound when i play audio or video files. Finally because i havent really used my laptop at all since my initial post spyobt only found about 4 objects and none of these were smitfraud which is what i initially thought was causing my problems.

Spybot Report Log:

ediaPlex: Tracking cookie (Internet Explorer: Nathaniel) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Nathaniel) (Cookie, fixed)


Zanox: Tracking cookie (Internet Explorer: Nathaniel) (Cookie, fixed)


TagASaurus: Tracking cookie (Internet Explorer: Nathaniel) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Nathaniel) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-29 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-10 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-10 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-10 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-10 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-10 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-10 Includes\PUPSC.sbi (*)
2006-11-10 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-10 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-10 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-11-03 Includes\Trojans.sbi (*)
2006-11-10 Includes\TrojansC.sbi (*)

Panda Online Virus Scan:

Incident Status Location

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.fe.lea.lycos.fr/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Nathaniel\Application Data\Mozilla\Firefox\Profiles\ylennpc8.default\cookies.txt[.gostats.com/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@64.62.232[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@888[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@ads.pointroll[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@anm.co[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@ath.belnk[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@belnk[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@bs.serving-sys[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@ccbill[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@entrepreneur[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@fe.lea.lycos[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@i.screensavers[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@kinghost[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@mediaplex[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@mp3search[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@offeroptimizer[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@questionmarket[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@rightmedia[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@searchportal.information[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@serving-sys[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@stats.drivecleaner[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@toplist[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@www.drivecleaner[1].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@www.mp3shits[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@www.systemdoctor[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Nathaniel\Cookies\nathaniel@xmts[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nathaniel\Desktop\Smit Fix 2\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nathaniel\Desktop\Smit Fix 2\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nathaniel\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Nathaniel\Desktop\SmitfraudFix\SmitfraudFix\swsc.exe

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Download then install avg antirootkit
http://fileforum.betanews.com/detail/AVG_AntiRootkit/1154697799/1
fallow the prompts to restart your pc then run the program and do an indepth search, when its finished press save results and post it in your next reply.

Hi.

Once again thanks for the response. Ok i have done everything you have told me so please find the combofix log below. I downloaded and installed AVG antirootkit and ran an in depth search but it didnt find anything and so didnt give me the option to save a log. Thanks for your help so far, Nathaniel

Combofix Log:

Nathaniel - 06-11-14 19:18:17.75 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Nathaniel\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))


2006-11-13 18:24 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-08 15:57 3,572 --a------ C:\WINDOWS\system32\tmp.reg


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-14 13:22 -------- d-------- C:\Program Files\windows media connect 2
2006-11-14 13:09 -------- d-------- C:\Program Files\Messenger
2006-11-14 13:05 -------- d-------- C:\Program Files\Internet Explorer
2006-11-14 13:04 -------- d-------- C:\Program Files\Google
2006-11-14 13:01 -------- d-------- C:\Program Files\Apoint
2006-11-14 01:43 -------- d-------- C:\Program Files\Microsoft.NET
2006-11-13 18:36 -------- d-------- C:\Documents and Settings\Nathaniel\Application Data\Lavasoft
2006-11-13 18:35 -------- d-------- C:\Program Files\Lavasoft
2006-11-13 18:23 -------- d-------- C:\Program Files\Grisoft
2006-11-08 15:05 -------- d-------- C:\Program Files\Windows Media Player
2006-11-05 17:02 -------- d-------- C:\Program Files\Windows Media Connect
2006-10-30 15:51 -------- d---s---- C:\Documents and Settings\Nathaniel\Application Data\Microsoft
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-02 10:30 -------- d-------- C:\Program Files\Sony
2006-10-02 10:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 10:21 -------- d-------- C:\Program Files\WarRock
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 19:00 82944 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 18:55 77568 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-21 18:15 -------- d-------- C:\Documents and Settings\Nathaniel\Application Data\Google
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DVDXGhost"="C:\\Program Files\\DVD X Studios\\DVD X Utilities 1.5\\DVDGhost\\DVDGhost.EXE"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"PDService.exe"="C:\\Program Files\\Utimaco\\SafeGuard PrivateDisk\\pdservice.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"D:\\program files\\quicktime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"msci"="C:\\DOCUME~1\\NATHAN~1\\LOCALS~1\\Temp\\20067201823_mcinfo.exe /insfin"
"Zone Labs Client"="D:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"Alcmtr"="ALCMTR.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"="Execute Hooker"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh EDN Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RSEDNClient"
"hkey"="HKCU"
"command"="C:\\Program Files\\RSSoft\\RSEDNClient.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-14 19:20:53.56
C:\ComboFix.txt ... 06-11-14 19:20

You can uninstall AVG antirootkit.

Im not seeing anything.

Post the same SpyBot results report after using the pc for a few days or when that smithfraud item returns. I do not need to see cookie' or tracks though.

Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM (personal message) and we will re-open it.