Results 1 to 4 of 4

Thread: Smitfraud-C.Toolbar888!!!

  1. #1
    Junior Member
    Join Date
    Feb 2008
    Location
    UK
    Posts
    13

    Angry Smitfraud-C.Toolbar888!!!

    Hi!
    erm...as the title suggests I am having problems with Smitfraud-C.Toolbar888 (I came home and my dad tells me some things wrong with the PC *whisper*he was at home by himself today, "supposedly" ill *whisper*) anyway back to the point:

    Spybot:S&D can't seem to get rid of this problem and I have looked at other threads and have realised that each persons problem is unique since they have different things on their PC (GENIUS)

    Well I have got hijacker and got a log file too here it is:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:14:40, on 25/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

    127.0.0.1;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {522443ED-6F9E-4528-B006-6B91AC1D4C1F} - C:\WINDOWS\system32\gebxxwt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: {351f9417-66e9-2d3a-e1e4-84f7fbba0a5a} - {a5a0abbf-7f48-4e1e-a3d2-9e667149f153} -

    C:\WINDOWS\system32\tpcintwu.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar2.dll (file missing)
    O2 - BHO: (no name) - {ED076DCA-9922-4924-B373-2603D9A5AE70} - C:\WINDOWS\system32\awvvs.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar2.dll (file missing)
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"

    /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common

    Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common

    Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6

    "USB001" /M "Stylus C42"
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

    Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

    8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [f0950c57] rundll32.exe "C:\WINDOWS\system32\mpuvgvyt.dll",b
    O4 - HKLM\..\Run: [BMf3a63fcb] Rundll32.exe "C:\WINDOWS\system32\fhxfdesq.dll",s
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus C42 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S3.tmp"
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk

    Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and

    Settings\Adnan\Start Menu\Programs\System etc.\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

    http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsu...cab?1166613895

    671
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: gebxxwt - C:\WINDOWS\SYSTEM32\gebxxwt.dll
    O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} -

    C:\WINDOWS\system32\vpxnk.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple

    Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION -

    C:\WINDOWS\system32\E_S00RP2.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

    Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. -

    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program

    Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. -

    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. -

    C:\WINDOWS\system32\UAService7.exe

    Your help is greatly appreciated!

    oh and please could someone help me solve this problem I had some class project I wanted to finish today and I can't!! because of this Smitfraud-C.Toolbar888... PEACE OUT!

  2. #2
    Junior Member
    Join Date
    Feb 2008
    Location
    UK
    Posts
    13

    Exclamation

    one more thing

    does doing this in the admin area mean that all other user areas are effected i.e. would the problem be solved for other user areas too?

    Regards & Thanks

    Setikh!

  3. #3
    Junior Member
    Join Date
    Feb 2008
    Location
    UK
    Posts
    13

    Default

    sorry it seems I can't edit past messages

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi there,

    Please take a look at this topic: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    It might be best if you started again and produced the HJT log from the correct version and in the right format, single spaced.

    Also, adding comments takes away zero response, which is what our helpers look for.

    Best wishes.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •