log attached
combofix
log attached
report
as I attached the attach.zip I get: Internet Explorer has encountered a problem and needs to close.
ESET
infected files 0
claened files 0
manage quarantine
c:\Doc&setting\..\remove trojins\Smitfraudfix\SmitfraudFix.zip, restart.exe, Precess.exe, SmitfraudFix.exe
tic box: should I check?
Uninstall application on close
Delete quarantined files
DDS
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Kevin Austin at 12:32:43 on 2011-08-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.205 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Boostyb.Core.BHO: {42ad2408-abba-2408-1972-4706560e817b} - mscoree.dll
BHO: PDF-XChange Viewer IE-Plugin: {c5d07eb6-bbce-4dae-acbb-d13a8d28cb1f} - c:\program files\tracker software\pdf viewer\PDFXCviewIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Boostyb.Toolbar.Toolbar: {42ad2408-baaa-408d-b13e-4706560e817b} - mscoree.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\kevina~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EB945A3D-F4B0-46A4-9556-A7C148137910} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2011-7-20 38976]
R1 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2011-7-20 53312]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-10-26 822424]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
.
=============== Created Last 30 ================
.
2011-08-13 01:56:10 98816 ----a-w- c:\windows\sed.exe
2011-08-13 01:56:10 518144 ----a-w- c:\windows\SWREG.exe
2011-08-13 01:56:10 256000 ----a-w- c:\windows\PEV.exe
2011-08-13 01:56:10 208896 ----a-w- c:\windows\MBR.exe
2011-08-11 00:52:35 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 00:50:56 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-21 01:58:22 -------- d-----w- c:\documents and settings\kevin austin\local settings\application data\Nikozen
2011-07-21 01:56:54 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2011-07-21 01:56:52 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2011-07-21 01:56:43 -------- d-----w- c:\program files\Nikozen
2011-07-18 02:01:26 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-07-18 02:01:26 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-07-18 02:01:22 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-07-18 02:01:22 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2011-07-17 11:50:20 90112 ----a-w- c:\windows\unvise32.exe
2011-07-17 11:35:26 -------- d-----w- c:\documents and settings\all users\application data\SmartSound Software Inc
2011-07-17 11:35:25 -------- d-----w- c:\program files\SmartSound Software
2011-07-17 11:33:33 86016 ----a-w- c:\windows\unvise32qt.exe
2011-07-17 11:33:31 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-17 11:33:31 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-17 11:33:31 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-17 11:33:31 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-17 11:33:31 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-17 11:33:31 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-17 11:33:31 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-17 11:33:22 -------- d-----w- c:\windows\system32\QuickTime
2011-07-17 11:32:13 89088 ----a-w- c:\windows\system32\atl71.dll
2011-07-17 11:32:12 84992 ----a-w- c:\windows\system32\ATL70.DLL
2011-07-17 11:32:06 57856 ----a-w- c:\windows\system32\masd32.dll
2011-07-17 11:32:06 27648 ----a-w- c:\windows\system32\ma32.dll
2011-07-17 11:32:06 196096 ----a-w- c:\windows\system32\macd32.dll
2011-07-17 11:32:06 138752 ----a-w- c:\windows\system32\mase32.dll
2011-07-17 11:32:06 136192 ----a-w- c:\windows\system32\mamc32.dll
2011-07-17 11:31:33 171008 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2011-07-17 11:31:20 41219 ----a-w- c:\windows\RSETPATH.exe
2011-07-17 11:28:04 -------- d-----w- c:\windows\Downloaded Installations
2011-07-17 11:27:52 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2011-07-17 11:27:52 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2011-07-17 11:27:51 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2011-07-17 11:27:51 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2011-07-17 11:27:51 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL
2011-07-17 11:27:51 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2011-07-17 11:27:51 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2011-07-17 11:27:51 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2011-07-17 11:27:51 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2011-07-17 11:27:50 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2011-07-17 11:26:32 -------- d-----w- c:\documents and settings\all users\application data\Pinnacle Studio
2011-07-17 11:23:51 -------- d-----w- c:\program files\Pinnacle
2011-07-17 11:23:28 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2011-07-16 18:49:05 -------- d-----w- C:\Python25
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-22 03:28:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:33:09.21 ===============
Hi,
Delete quarantined files.tic box: should I check?
Uninstall application on close
Delete quarantined files
How's the system doing now?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
days
let me see how things go for a couple of days, I will have to reload one software, today its ok but I will let you know.
Thanks for yoru help.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
update
after moving around in the internet for a while I will get: internet explorer encountered a problem and needs to close.
do you think I just need to reload or update IE or do I have some other problem?
Avg
also I ran the AVG virus scan and it shows this:
c:\programfiles\pinnacle\studio 10\OEM\hhupd.exe
this file signed with a broken digital signature, issued by microsoft corp.
Hi,
Upload c:\programfiles\pinnacle\studio 10\OEM\hhupd.exe to http://www.virustotal.com (reanalyse if prompted) and post back link to the results.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
link
http://www.virustotal.com/file-scan/...3e3-1313535270
File name: hhupd.exe
Submission date: 2011-08-16 22:54:30 (UTC)
Current status: queued queued analysing finished
Result: 0/ 43 (0.0%)
also I had to reload Real Flight sim software and when i try to run it AVG thinks some of the file (3 I think) should not e ran, I have ot click allow and then software appears to run ok.
also when uploading this file to the site every time i get IE encountered problems...
thanks
Do you get any specific message?AVG thinks some of the file (3 I think) should not e ran
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Posting Permissions
