0

Thank you very much. This worked whereas my anti-virus programs (PCTools Spyware Doctor, Ad-Aware, CCleaner) did not. Here is rapport.txt:
SmitFraudFix v2.383

Scan done at 13:20:15.46, Thu 12/11/2008
Run from C:\Documents and Settings\den\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINNT\system32\c.ico Deleted
C:\WINNT\system32\m.ico Deleted
C:\WINNT\system32\p.ico Deleted
C:\WINNT\system32\s.ico Deleted
C:\DOCUME~1\den\STARTM~1\Cheap Pharmacy Online.url Deleted
C:\DOCUME~1\den\STARTM~1\Search Online.url Deleted
C:\DOCUME~1\den\STARTM~1\SMS TRAP.url Deleted
C:\DOCUME~1\den\STARTM~1\VIP Casino.url Deleted
C:\DOCUME~1\den\FAVORI~1\Search Online.url Deleted
C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

C:\WINNT\system32\ugsaker.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter
DNS Server Search Order: 192.168.0.1

Description: NVIDIA nForce MCP Networking Adapter
DNS Server Search Order: 194.106.56.6
DNS Server Search Order: 194.106.33.42

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BFD42E0D-4D89-4593-93E6-EF91D8DC2ED4}: DhcpNameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C7A0C366-FB27-45E3-8BA1-69C7EEA6791E}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5A5444B-D80F-4CE3-ADD0-3E3E8E1D2C70}: DhcpNameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BFD42E0D-4D89-4593-93E6-EF91D8DC2ED4}: DhcpNameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C7A0C366-FB27-45E3-8BA1-69C7EEA6791E}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5A5444B-D80F-4CE3-ADD0-3E3E8E1D2C70}: DhcpNameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BFD42E0D-4D89-4593-93E6-EF91D8DC2ED4}: DhcpNameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C7A0C366-FB27-45E3-8BA1-69C7EEA6791E}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E5A5444B-D80F-4CE3-ADD0-3E3E8E1D2C70}: DhcpNameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

2
Contributors
1
Reply
2
Views
8 Years
Discussion Span
Last Post by cohen
0

Hello and Welcome to Daniweb,

Can you pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Download hijackthis and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.