Smitfraud Help Needed Please

[freeskier3912]

I have run Spybot and AVG Anti-Spyware in Safe Mode, and after that I have rebooted and run the SmitFraud Fix. Before any of that I ran the Kaspersky Online Scanner. It keeps popping back up, and nothing in my computers performance improves. Here are the logs from those scans.

AVG Anti-Spyware:
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189971.dll -> Adware.CommAd : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189972.exe -> Adware.CommAd : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189973.dll -> Adware.Maxifiles : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189965.exe -> Downloader.Adload.ma : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189959.EXE -> Downloader.Small.buy : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189970.dll -> Downloader.VB.bvx : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189958.exe -> Downloader.VB.bwb : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189966.exe -> Downloader.VB.bzi : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189967.exe -> Downloader.VB.bzi : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189968.exe -> Downloader.VB.bzi : No action taken.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe -> Dropper.Agent.dgo : No action taken.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189951.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189952.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189953.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189954.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189955.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189956.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0190000.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0190002.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0191000.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0191002.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0192000.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0192002.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0192008.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0192010.exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0192086.exe -> Dropper.Agent.dgo : No action taken.
C:\WINDOWS\system32\rqopo.exe -> Dropper.Agent.dgo : No action taken.
[1880] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe -> Dropper.Agent.dgo : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189957.exe -> Dropper.Agent.vr : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189963.exe -> Hijacker.VB.vx : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189964.exe -> Hijacker.VB.vx : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189975.exe -> Not-A-Virus.Adware.TTC : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189976.EXE -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
:mozilla.66:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.68:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.40:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.44:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.45:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.46:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.47:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.48:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.92:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.93:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.94:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.96:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.97:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.98:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.71:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.10:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.17:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.18:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.19:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.11:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.12:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.13:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.14:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.15:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.16:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.55:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.119:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.120:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.121:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.122:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.ktb\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189969.dll -> Trojan.BHO.agz : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189960.vbs -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189961.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP647\A0189962.exe -> Trojan.Small : No action taken.


::Report end

The Kaspersky scan is too long and I can post it in a reply later if that is needed.

[Shaba]

Hi freeskier3912 and welcome to Safer Networking Forums

You seem to have infected with vundo file infector, let's find out:

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.