Results 1 to 1 of 1

Thread: I have something lurking..it was smitfraud b

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    1

    Default I have something lurking..it was smitfraud b

    I have something lurking..it was smitfraud b. I ran spybot and it deleted it i think. I than ran combofix and it found .... this.

    Edit
    FYI:
    Please do NOT run 'FIXES' (ComboFix etc) without being asked
    The Waiting Room: Post here if waiting for help four days

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Public\zaSetupWeb_101_079_000_2.exe
    c:\windows\system32\SET2629.tmp
    c:\windows\system32\SET46E2.tmp
    c:\windows\system32\SETC594.tmp
    c:\windows\system32\SETCF03.tmp

    So i am wondering if I still have something lurking? Thanks in advance!

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Jimmy at 1:47:44 on 2012-01-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.1059 [GMT -5:00]
    .
    AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\windows\system32\ASTSRV.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\windows\system32\igfxsrvc.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=41648106&gct=hp
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\jimmy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{960875BB-D655-4F8F-9C5D-E67EB717ADF4} : DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{C3926A49-64FA-4275-BEE6-34C5FB24BA4E} : DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{C3926A49-64FA-4275-BEE6-34C5FB24BA4E}\2375942554035333 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{C3926A49-64FA-4275-BEE6-34C5FB24BA4E}\254523536313F563 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jimmy\appdata\roaming\mozilla\firefox\profiles\jqd5hs18.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jimmy\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\jimmy\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\jimmy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2011-5-2 57344]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-11-14 89376]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-14 1153368]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-27 185712]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-4-11 24064]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-15 9216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-11 135664]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-8-6 8192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-11 135664]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-4-11 51512]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
    S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-11 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-11 1343400]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    .
    =============== Created Last 30 ================
    .
    2012-01-06 06:21:37 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{973d5db6-70d3-4fb0-af1b-51dd87511f39}\offreg.dll
    2012-01-06 05:59:31 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-01-06 05:59:26 -------- d-----w- c:\users\jimmy\appdata\local\temp
    2012-01-05 20:28:25 -------- d-----w- c:\programdata\WeCareReminder
    2012-01-05 20:27:53 98304 ----a-w- c:\windows\system32\redmonnt.dll
    2012-01-03 07:05:36 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{973d5db6-70d3-4fb0-af1b-51dd87511f39}\mpengine.dll
    2011-12-29 22:14:44 -------- d-----w- C:\Looking in 2009
    2011-12-29 20:42:24 -------- d-----w- c:\program files\Western Digital
    2011-12-24 02:37:11 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2011-12-24 02:37:11 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2011-12-24 02:37:11 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2011-12-24 02:37:11 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2011-12-21 16:51:43 527208 ------w- c:\windows\system32\HPDiscoPM5512.dll
    2011-12-21 16:49:24 -------- d-----w- c:\program files\HP
    2011-12-21 16:49:09 -------- d-----w- c:\users\jimmy\appdata\local\HP
    2011-12-16 14:38:16 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
    2011-12-16 00:29:05 235520 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5in.DLL
    2011-12-16 00:28:52 122368 ----a-w- c:\windows\system32\hpzpnp.dll
    2011-12-16 00:28:51 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL
    2011-12-16 00:28:51 61440 ----a-w- c:\windows\system32\HPNRA.EXE
    2011-12-16 00:28:51 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL
    2011-12-16 00:28:50 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL
    2011-12-15 04:52:35 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 04:52:21 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 04:52:19 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 04:51:46 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-15 04:51:44 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 04:51:38 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-11 23:13:53 -------- d-----w- c:\program files\iPod
    2011-12-11 23:13:52 -------- d-----w- c:\program files\iTunes
    2011-12-11 23:09:20 -------- d-----w- c:\program files\Bonjour
    2011-12-08 02:51:13 -------- d-----w- c:\program files\ESET
    .
    ==================== Find3M ====================
    .
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-19 02:25:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 21:35:28 51024 ----a-w- c:\windows\system32\vcomp100.dll
    2011-10-16 23:45:36 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-08-06 06:40:43 8192 --sha-w- c:\windows\system32\srvany.exe
    .
    ============= FINISH: 1:48:54.53 ===============
    Last edited by tashi; 2012-02-01 at 20:20. Reason: Date of archive

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •