Results 1 to 5 of 5

Thread: Virus not detected, persistant

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    7

    Unhappy Virus not detected, persistant

    Hello,

    I got a virus, first detected as smitfraud, I ran adaware, pccillin, spybot, I had to do this a few times and reboot quite a few times. Now nothing is detected, however when I browse to legitimate sites, I get a random popup that I need virus software to remove a virus. It's obviously more malware, but I can't seem to get rid of the dumb popup, and nothing is detecting it. Here was my log when it detected the smitfraud.

    Please help!! I don't want to reload


    ------>


    --- Search result list ---
    Smitfraud-C.: Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-4160378380-2760707263-1256863938-1006\Software\AdwareDisableKey3

    Smitfraud-C.: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDisableKey3

    Smitfraud-C.: Executable (File, fixed)
    C:\WINDOWS\system32\ishost.exe

    Smitfraud-C.: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-4160378380-2760707263-1256863938-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\ishost.exe

    Smitfraud-C.: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ishost.exe


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-10-04 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-09-29 Includes\Cookies.sbi (*)
    2006-09-29 Includes\Dialer.sbi (*)
    2006-09-29 Includes\Hijackers.sbi (*)
    2006-09-29 Includes\Keyloggers.sbi (*)
    2006-09-29 Includes\Malware.sbi (*)
    2006-09-29 Includes\PUPS.sbi (*)
    2006-09-29 Includes\Revision.sbi (*)
    2006-09-29 Includes\Security.sbi (*)
    2006-09-29 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-09-29 Includes\Trojans.sbi (*)



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
    / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
    If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
    For more information, visit http://support.microsoft.com/kb/917283
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows XP / SP3: Windows XP Hotfix - KB834707
    / Windows XP / SP3: Windows XP Hotfix - KB867282
    / Windows XP / SP3: Windows XP Hotfix - KB873333
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Security Update for Windows XP (KB883939)
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888239
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Hotfix for Windows XP (KB888795)
    / Windows XP / SP3: Windows XP Hotfix - KB889673
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890047
    / Windows XP / SP3: Windows XP Hotfix - KB890175
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB890923
    / Windows XP / SP3: Hotfix for Windows XP (KB891593)
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893066)
    / Windows XP / SP3: Windows XP Hotfix - KB893086
    / Windows XP / SP3: Hotfix for Windows XP (KB893357)
    / Windows XP / SP3: Security Update for Windows XP (KB893756)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Update for Windows XP (KB894391)
    / Windows XP / SP3: Hotfix for Windows XP (KB895953)
    / Windows XP / SP3: Hotfix for Windows XP (KB896256)
    / Windows XP / SP3: Hotfix for Windows XP (KB896344)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896422)
    / Windows XP / SP3: Security Update for Windows XP (KB896423)
    / Windows XP / SP3: Security Update for Windows XP (KB896424)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Security Update for Windows XP (KB896688)
    / Windows XP / SP3: Update for Windows XP (KB896727)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Hotfix for Windows XP (KB899337)
    / Windows XP / SP3: Hotfix for Windows XP (KB899510)
    / Windows XP / SP3: Security Update for Windows XP (KB899587)
    / Windows XP / SP3: Security Update for Windows XP (KB899588)
    / Windows XP / SP3: Security Update for Windows XP (KB899589)
    / Windows XP / SP3: Security Update for Windows XP (KB899591)
    / Windows XP / SP3: Update for Windows XP (KB900485)
    / Windows XP / SP3: Security Update for Windows XP (KB900725)
    / Windows XP / SP3: Security Update for Windows XP (KB901017)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB902400)
    / Windows XP / SP3: Hotfix for Windows XP (KB902841)
    / Windows XP / SP3: Security Update for Windows XP (KB903235)
    / Windows XP / SP3: Security Update for Windows XP (KB904706)
    / Windows XP / SP3: Security Update for Windows XP (KB905414)
    / Windows XP / SP3: Security Update for Windows XP (KB905749)
    / Windows XP / SP3: Security Update for Windows XP (KB905915)
    / Windows XP / SP3: Hotfix for Windows XP (KB906569)
    / Windows XP / SP3: Security Update for Windows XP (KB908519)
    / Windows XP / SP3: Security Update for Windows XP (KB908531)
    / Windows XP / SP3: Hotfix for Windows XP (KB909095)
    / Windows XP / SP3: Update for Windows XP (KB910437)
    / Windows XP / SP3: Hotfix for Windows XP (KB910728)
    / Windows XP / SP3: Update for Windows XP (KB911280)
    / Windows XP / SP3: Security Update for Windows XP (KB911562)
    / Windows XP / SP3: Security Update for Windows XP (KB911567)
    / Windows XP / SP3: Security Update for Windows XP (KB911927)
    / Windows XP / SP3: Hotfix for Windows XP (KB912024)
    / Windows XP / SP3: Security Update for Windows XP (KB912812)
    / Windows XP / SP3: Security Update for Windows XP (KB912919)
    / Windows XP / SP3: Update for Windows XP (KB912945)
    / Windows XP / SP3: Security Update for Windows XP (KB913580)
    / Windows XP / SP3: Security Update for Windows XP (KB914388)
    / Windows XP / SP3: Security Update for Windows XP (KB914389)
    / Windows XP / SP3: Hotfix for Windows XP (KB914906)
    / Windows XP / SP3: Security Update for Windows XP (KB916281)
    / Windows XP / SP3: Update for Windows XP (KB916595)
    / Windows XP / SP3: Security Update for Windows XP (KB917159)
    / Windows XP / SP3: Security Update for Windows XP (KB917344)
    / Windows XP / SP3: Security Update for Windows XP (KB917422)
    / Windows XP / SP3: Security Update for Windows XP (KB917537)
    / Windows XP / SP3: Security Update for Windows XP (KB917953)
    / Windows XP / SP3: Security Update for Windows XP (KB918439)
    / Windows XP / SP3: Security Update for Windows XP (KB918899)
    / Windows XP / SP3: Security Update for Windows XP (KB919007)
    / Windows XP / SP3: Security Update for Windows XP (KB920214)
    / Windows XP / SP3: Security Update for Windows XP (KB920670)
    / Windows XP / SP3: Security Update for Windows XP (KB920683)
    / Windows XP / SP3: Security Update for Windows XP (KB920685)
    / Windows XP / SP3: Update for Windows XP (KB920872)
    / Windows XP / SP3: Security Update for Windows XP (KB921398)
    / Windows XP / SP3: Security Update for Windows XP (KB921883)
    / Windows XP / SP3: Update for Windows XP (KB922582)
    / Windows XP / SP3: Security Update for Windows XP (KB922616)
    / Windows XP / SP3: Security Update for Windows XP (KB925486)


    --- Startup entries list ---
    Located: HK_LM:Run, ATICCC
    command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    size: 45056
    MD5: 64c4c17bf6a40ff1cd21205e6fd415b8

  2. #2
    Junior Member
    Join Date
    Oct 2006
    Posts
    7

    Default the rest

    Located: HK_LM:Run, Broadcom Wireless Manager UI
    command: C:\WINDOWS\system32\WLTRAY.exe
    file: C:\WINDOWS\system32\WLTRAY.exe
    size: 1236992
    MD5: f11c343318da14137669ae14ade27df1

    Located: HK_LM:Run, ehTray
    command: C:\WINDOWS\ehome\ehtray.exe
    file: C:\WINDOWS\ehome\ehtray.exe
    size: 64512
    MD5: 7a21e06385e748e9cb0252f1bbc493f1

    Located: HK_LM:Run, elebxnn.dll
    command: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\elebxnn.dll,golqqtf
    file: C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, MSKDetectorExe
    command: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    file:

    Located: HK_LM:Run, NeroFilterCheck
    command: C:\WINDOWS\system32\NeroCheck.exe
    file: C:\WINDOWS\system32\NeroCheck.exe
    size: 155648
    MD5: 3e4c03cefad8de135263236b61a49c90

    Located: HK_LM:Run, pccguide.exe
    command: "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    file: C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    size: 3112960
    MD5: cbac1a72422b6a77b725e698957de3e5

    Located: HK_LM:Run, prskofg.dll
    command: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\prskofg.dll,sklxgdb
    file: C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

    Located: HK_LM:Run, Recguard
    command: %WINDIR%\SMINST\RECGUARD.EXE
    file: C:\WINDOWS\SMINST\RECGUARD.EXE
    size: 212992
    MD5: d3cc7a3813123e955b3a497c04b404e2

    Located: HK_LM:Run, Reminder
    command: %WINDIR%\Creator\Remind_XP.exe
    file: C:\WINDOWS\Creator\Remind_XP.exe
    size: 966656
    MD5: bacc877db547bd8f421891ebfb6282ed

    Located: HK_LM:Run, SigmatelSysTrayApp
    command: stsystra.exe
    file: C:\WINDOWS\stsystra.exe
    size: 413696
    MD5: 35643c90b523a7e5602b9a3bdb1d2f60

    Located: HK_LM:Run, SynTPEnh
    command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 688218
    MD5: 55582f239914c8efccf89bd632639542

    Located: HK_LM:Run, SynTPLpr
    command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 98394
    MD5: 3665ba88b993554db062ff96542d85ff

    Located: HK_LM:Run, WinampAgent
    command: C:\Program Files\Winamp\winampa.exe
    file: C:\Program Files\Winamp\winampa.exe
    size: 35328
    MD5: ea7b08147c0cb85eeb4e48dc3444208e

    Located: HK_CU:Run, OE
    command: "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
    file: C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
    size: 315392
    MD5: b59c1a32f3988acdc26324256bc9304a

    Located: HK_CU:Run, Power2GoExpress
    command: NA
    file:

    Located: System.ini, AtiExtEvent
    command: Ati2evxx.dll
    file: Ati2evxx.dll

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, winjrs32
    command: winjrs32.dll
    file: winjrs32.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll



    --- Browser helper object list ---
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    BHO name:
    CLSID name: AcroIEHlprObj Class
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: http://www.adobe.com/products/acrobat/readstep2.html
    info source: TonyKlein
    Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 9/13/2006 8:12:02 PM
    Date (last access): 10/4/2006 4:22:00 PM
    Date (last write): 12/14/2004 2:56:50 AM
    Filesize: 63136
    Attributes: archive
    MD5: 42729C3DE75A7A51FC6F9EF6546C9199
    CRC32: 4D60BD07
    Version: 7.0.0.1333

    {13BE67A6-D733-8042-9917-0090E29D33DE} ()
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: cfloqr.dll
    Short name:
    Date (created): 10/4/2006 3:50:42 PM
    Date (last access): 10/4/2006 4:52:50 PM
    Date (last write): 10/4/2006 3:50:42 PM
    Filesize: 72704
    Attributes: archive
    MD5: 5D4846DEDEAD21C7F6D89DE96B573C8E
    CRC32: 5BFAD5C1

    {376751F7-8B55-BA9B-C456-08795A50CDBC} ()
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: qjimece.dll
    Short name:
    Date (created): 10/4/2006 2:10:58 PM
    Date (last access): 10/4/2006 4:48:24 PM
    Date (last write): 10/4/2006 2:10:58 PM
    Filesize: 72704
    Attributes: archive
    MD5: 14257D0431309E418E12D59725EA2B59
    CRC32: FBAADDA7

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\Program Files\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 10/4/2006 3:03:56 PM
    Date (last access): 10/4/2006 4:53:52 PM
    Date (last write): 5/31/2005 1:04:00 AM
    Filesize: 853672
    Attributes: archive
    MD5: 250D787A5712D7768DDC133B3E477759
    CRC32: D4589A41
    Version: 1.4.0.0

    {a43385f0-7113-496d-96d7-b9b550e3fcca} ()
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: ixt0.dll

    {CA6319C0-31B7-401E-A518-A07C3DB8F777} (Browser Address Error Redirector)
    BHO name: Browser Address Error Redirector
    CLSID name: CBrowserHelperObject Object
    Path: c:\windows\system32\
    Long name: bae.dll
    Short name:
    Date (created): 9/13/2006 8:09:14 PM
    Date (last access): 10/4/2006 4:23:04 PM
    Date (last write): 1/31/2006 12:54:30 PM
    Filesize: 94208
    Attributes: archive
    MD5: 3467178AE878796650290CA54361C810
    CRC32: 9C59917B
    Version: 1.1.0.1



    --- ActiveX list ---
    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.5.0_02\bin\
    Long name: NPJPI150_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/4/2005 4:36:50 AM
    Date (last access): 10/4/2006 4:54:48 PM
    Date (last write): 3/4/2005 4:54:18 AM
    Filesize: 69746
    Attributes: archive
    MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
    CRC32: 55F989EE
    Version: 5.0.20.9

    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_02
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: NPJPI150_02.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.5.0_02\bin\
    Long name: NPJPI150_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/4/2005 4:36:50 AM
    Date (last access): 10/4/2006 4:54:48 PM
    Date (last write): 3/4/2005 4:54:18 AM
    Filesize: 69746
    Attributes: archive
    MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
    CRC32: 55F989EE
    Version: 5.0.20.9



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 884 ( 4) \SystemRoot\System32\smss.exe
    PID: 936 ( 884) \??\C:\WINDOWS\system32\csrss.exe
    PID: 964 ( 884) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 1008 ( 964) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 1020 ( 964) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 1220 (1008) C:\WINDOWS\system32\Ati2evxx.exe
    size: 405504
    MD5: 5784A06FDC2AC7954225A1A79E1A8F00
    PID: 1236 (1008) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1320 (1008) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1360 (1008) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1464 (1008) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1492 (1008) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1656 (1008) C:\WINDOWS\System32\WLTRYSVC.EXE
    size: 18944
    MD5: 61E71BC3CD3530444000A9B68F7EE931
    PID: 1676 (1656) C:\WINDOWS\System32\bcmwltry.exe
    size: 1093632
    MD5: 9A0CE1DB25F1CDD3ED11236884800538
    PID: 1792 (1008) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1920 (1008) C:\WINDOWS\eHome\ehRecvr.exe
    size: 237568
    MD5: B03BCD810A2EE089FA08E47B5200BE31
    PID: 1932 (1008) C:\WINDOWS\eHome\ehSched.exe
    size: 102912
    MD5: A53243709439AC2A4C216B817F8D7411
    PID: 2040 (1008) C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    size: 1544192
    MD5: 5AA9681E35792E898EAB5D216A380407
    PID: 236 (1008) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    size: 172032
    MD5: 33D7285F12D934268A34206DFC4AD1B3
    PID: 308 (1008) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 380 (1008) C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    size: 503808
    MD5: 52D456DC5043053FA042DCA4B586AD9C
    PID: 400 (1008) C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    size: 933949
    MD5: 08F98944284DED21CF33DE4203B29A19
    PID: 440 (1008) C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    size: 561220
    MD5: 5A5DF11D10F1CA108833393DB4505555
    PID: 668 (1008) C:\WINDOWS\ehome\mcrdsvc.exe
    size: 99328
    MD5: DF0A511F38F16016BF658FCA0090CB87
    PID: 1516 (1008) C:\WINDOWS\system32\dllhost.exe
    size: 5120
    MD5: DD87DB7387B9EB441C5674888A0D840C
    PID: 1684 (1008) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 1912 (1008) C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    size: 196608
    MD5: 31AA8AC3BD6BE8BCBA39AD5EC04DD40F
    PID: 2252 ( 964) C:\WINDOWS\system32\Ati2evxx.exe
    size: 405504
    MD5: 5784A06FDC2AC7954225A1A79E1A8F00
    PID: 2484 (2312) C:\WINDOWS\Explorer.EXE
    size: 1032192
    MD5: A0732187050030AE399B241436565E64
    PID: 2800 (2484) C:\WINDOWS\ehome\ehtray.exe
    size: 64512
    MD5: 7A21E06385E748E9CB0252F1BBC493F1
    PID: 2816 (2484) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    size: 98394
    MD5: 3665BA88B993554DB062FF96542D85FF
    PID: 2868 (2484) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 688218
    MD5: 55582F239914C8EFCCF89BD632639542
    PID: 2888 (2788) C:\WINDOWS\system32\ismini.exe
    size: 6656
    MD5: 295EE02EE150BAA011D77630C79E0CD1
    PID: 2952 (2484) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    size: 45056
    MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
    PID: 2972 (2484) C:\WINDOWS\stsystra.exe
    size: 413696
    MD5: 35643C90B523A7E5602B9A3BDB1D2F60
    PID: 3000 (2484) C:\WINDOWS\system32\WLTRAY.exe
    size: 1236992
    MD5: F11C343318DA14137669AE14ADE27DF1
    PID: 3024 (2484) C:\Program Files\Winamp\winampa.exe
    size: 35328
    MD5: EA7B08147C0CB85EEB4E48DC3444208E
    PID: 3072 (2484) C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    size: 3112960
    MD5: CBAC1A72422B6A77B725E698957DE3E5
    PID: 3316 (2484) C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: DA285490BBD8A1D0CE6623577D5BA1FF
    PID: 3392 (1236) C:\WINDOWS\eHome\ehmsas.exe
    size: 46592
    MD5: 03A905FBA1D62317087DB5C21C0F8F62
    PID: 3444 (2484) C:\WINDOWS\system32\rundll32.exe
    size: 33280
    MD5: DA285490BBD8A1D0CE6623577D5BA1FF
    PID: 3476 (2484) C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
    size: 315392
    MD5: B59C1A32F3988ACDC26324256BC9304A
    PID: 3616 (2952) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    size: 45056
    MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
    PID: 3624 (2952) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    size: 45056
    MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
    PID: 4080 (1008) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 3056 (2484) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 3936 (3072) C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
    size: 3014656
    MD5: 980D324880A32D39A0384AE50DF28B41
    PID: 2432 (3072) C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
    size: 1503232
    MD5: 1F36C42C8297B0AFDC74DB28B00EE9F7
    PID: 3400 ( 868) C:\Program Files\Internet Explorer\iexplore.exe
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8
    PID: 2588 (2700) C:\Program Files\Internet Explorer\iexplore.exe
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8
    PID: 2392 (2484) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 7190637
    MD5: 43658E87F7B183F2245491FBCC695E05
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 10/4/2006 5:24:14 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.gateway.com/g/startpage.h...s=PTB&M=MX6453
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.gateway.com/g/startpage.h...s=PTB&M=MX6453
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.gateway.com/g/startpage.h...s=PTB&M=MX6453
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E186E5A-A29F-4533-BD69-D527E697B668}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E186E5A-A29F-4533-BD69-D527E697B668}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A457B15-F129-4310-A1ED-17B7C4B0BB9B}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    7

    Default last part

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A457B15-F129-4310-A1ED-17B7C4B0BB9B}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{807199B4-06FD-42F9-B66F-01EDDBCE49B7}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{807199B4-06FD-42F9-B66F-01EDDBCE49B7}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{506B92FB-A770-49DE-B465-8EA15A95D517}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{506B92FB-A770-49DE-B465-8EA15A95D517}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E02061F1-C8BA-4BD9-9327-9B0269DD363E}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E02061F1-C8BA-4BD9-9327-9B0269DD363E}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    cammy1174:

    Quote Originally Posted by cammy1174 View Post
    I got a virus, first detected as smitfraud …
    Smitfraud is not a virus. It is actually malware delivered (downloaded and accepted by you) from unscrupulous sales "affiliates" of questionable anti-spyware companies who are paid between 40% and 90% commission to get you to buy these questionable anti-spyware products.

    Follow the instructions posted here:

    Then open a "New thread" in the following forum:

    Make sure that you include in your initial post the following items that should have been produced when following the above instructions:
    • c:\rapport.txt
      AVG Anti-Spyware log
      The HJT log

    Someone will assist you and make sure that the Smitfraud problem is removed.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Junior Member
    Join Date
    Oct 2006
    Posts
    7

    Default thanks!

    Thank you very much for the info, I will try that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •