Cannot remove Smitfraud-C. NEED HELP PLEASE!!!

ncarvain · Mar 3, 2007

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-02 19:23:57
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\SYSTEM32\svchost.exe[308] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[308] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[308] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[308] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[308] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[308] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\csrss.exe[640] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\csrss.exe[640] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\csrss.exe[640] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\csrss.exe[640] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\csrss.exe[640] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[664] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[664] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[664] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[664] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[664] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\services.exe[708] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\services.exe[708] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\lsass.exe[720] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\lsass.exe[720] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\lsass.exe[720] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\lsass.exe[720] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\lsass.exe[720] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[860] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[860] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[860] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[884] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[884] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[884] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[884] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[884] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[940] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[940] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[940] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\MSGSYS.EXE[992] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\MSGSYS.EXE[992] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\MSGSYS.EXE[992] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\MSGSYS.EXE[992] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\MSGSYS.EXE[992] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\MSGSYS.EXE[992] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1020] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1020] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1020] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1020] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1068] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1068] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[1232] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[1232] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[1232] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[1232] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[1232] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\alg.exe[1292] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\alg.exe[1292] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\alg.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\alg.exe[1292] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\alg.exe[1292] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\alg.exe[1292] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\QuickTime\qttask.exe[1384] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\qttask.exe[1384] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1384] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1384] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1384] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[1392] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[1392] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[1392] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[1392] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\ctfmon.exe[1392] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

ncarvain · Mar 3, 2007

.text C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe[1400] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe[1400] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe[1400] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe[1400] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe[1400] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[1408] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[1408] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[1408] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[1408] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[1408] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\explorer.exe[1448] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1448] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\explorer.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[1448] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[1448] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SYSTEM32\spoolsv.exe[1592] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\spoolsv.exe[1592] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SYSTEM32\spoolsv.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\spoolsv.exe[1592] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SYSTEM32\spoolsv.exe[1592] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\D-Link AirPlus G\AIRPLUS.exe[1632] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\D-Link AirPlus G\AIRPLUS.exe[1632] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\D-Link AirPlus G\AIRPLUS.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\D-Link AirPlus G\AIRPLUS.exe[1632] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\D-Link AirPlus G\AIRPLUS.exe[1632] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\D-Link AirPlus G\AIRPLUS.exe[1632] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1688] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1688] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1688] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1688] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1756] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1756] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1756] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1756] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\NavNT\rtvscan.exe[1796] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\NavNT\rtvscan.exe[1796] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\NavNT\rtvscan.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\NavNT\rtvscan.exe[1796] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\NavNT\rtvscan.exe[1796] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\DOCUME~1\Dawn\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2924] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\Dawn\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2924] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\DOCUME~1\Dawn\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2924] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\DOCUME~1\Dawn\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2924] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\DOCUME~1\Dawn\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2924] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\DOCUME~1\Dawn\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2924] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

---- EOF - GMER 1.0.12 ----

Mr_JAk3 · Mar 3, 2007

OK good

How is the computer running now? Any issues?

:bigthumb:

ncarvain · Mar 5, 2007

Seems pretty good. Fast too. Are the logs showing I am clean??

If so, Thanks for all your help! Not sure if you are paid for things like this but would be willing to give positive feedback for all the time spent helping me! :bigthumb:

Mr_JAk3 · Mar 6, 2007

Hi again, it is looking clean now

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:

Now you can clean AVG's Quarantine:

Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program

You can remove the tools we used.

Now you can make your hidden files hidden again.

Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date
Visit Windows Update regularly. How to enable Automatic Updates?
Keep your antivirus and firewall up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein
So how did I get infected in the first place?
Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe

Cannot remove Smitfraud-C. NEED HELP PLEASE!!!

ncarvain

New member

ncarvain

New member

Mr_JAk3

Security Expert-Emeritus

ncarvain

New member

Mr_JAk3

Security Expert-Emeritus