Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SMITFRAUDFIX.EXE FOUND TODAY ON AVG SCAN-UPDATED THIS POST WITH COMBOF


  • Please log in to reply

#1
susan spencer

susan spencer

    Member

  • Member
  • PipPip
  • 33 posts
I ran Combofix as my system was working unusually hard. Tried to run Antivirus to check system however AVGs update for 8.0 free version is corrupt and can't be run until they fix. Combofix deleted files and saved log. If files are found and deleted, should log definitely be posted? Please explain when unecessary to do this. Thank you for your help!

UPDATE: AVG CORRECTED THEIR UPDATE AND SCAN THIS MORNING FOUND SMIT/FRAUDFIX/IEDFIX.EXE AND SYSTEM 32/IEDFI.EXE I moved to vault.
ComboFix 08-08-16.01 - 007 2008-08-16 20:13:16.8 - NTFSx86
Running from: C:\Documents and Settings\007\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\007\Application Data\macromedia\Flash Player\#SharedObjects\J78XNJNB\interclick.com
C:\Documents and Settings\007\Application Data\macromedia\Flash Player\#SharedObjects\J78XNJNB\interclick.com\ud.sol
C:\Documents and Settings\007\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\007\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\007\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][2].txt
C:\Documents and Settings\007\Cookies\0[email protected][2].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][3].txt
C:\Documents and Settings\007\Cookies\0[email protected][2].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\007\Cookies\0[email protected][3].txt
C:\Documents and Settings\007\Cookies\0[email protected][1].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My

.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.

2008-08-16 20:09 . 2008-08-16 20:10 <DIR> d-------- C:\327882R2FWJFW
2008-08-06 20:46 . 2008-08-06 20:46 <DIR> d-------- C:\batt_en.tos

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 06:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 06:07 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 16:34 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 16:34 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-03 16:34 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-01 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-01 04:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-01 04:00 --------- d-----w C:\Documents and Settings\007\Application Data\SUPERAntiSpyware.com
2008-07-01 03:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 04:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-29 22:01 4,298 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 06:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-29 16:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-24 01:21 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-19 04:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2007-12-27 00:06 1,658 ------w C:\Documents and Settings\007\Application Data\wklnhst.dat
2007-07-31 20:06 622,928 ------w C:\Documents and Settings\Spybot - Search & Destroy\Tools.dll
2007-05-23 20:13 693,848 ------w C:\Documents and Settings\Spybot - Search & Destroy\advcheck.dll
2005-08-14 02:34 12,635 ------w C:\Documents and Settings\Spybot - Search & Destroy\unins000.dat
2005-08-14 02:33 649,378 ------w C:\Documents and Settings\Spybot - Search & Destroy\unins000.exe
2005-05-31 08:04 853,672 ------w C:\Documents and Settings\Spybot - Search & Destroy\SDHelper.dll
2005-05-31 08:04 47,256 ------w C:\Documents and Settings\Spybot - Search & Destroy\blindman.exe
2005-05-31 08:04 417,408 ------w C:\Documents and Settings\Spybot - Search & Destroy\Update.exe
2005-05-31 08:04 4,393,096 ------w C:\Documents and Settings\Spybot - Search & Destroy\SpybotSD.exe
2005-05-31 08:04 28,672 ------w C:\Documents and Settings\Spybot - Search & Destroy\aports.dll
2005-05-31 08:04 22,528 ------w C:\Documents and Settings\Spybot - Search & Destroy\borlndmm.dll
2005-05-31 08:04 15,872 ------w C:\Documents and Settings\Spybot - Search & Destroy\delphimm.dll
2005-05-31 08:04 139,776 ------w C:\Documents and Settings\Spybot - Search & Destroy\ZipDll.dll
2005-05-31 08:04 122,368 ------w C:\Documents and Settings\Spybot - Search & Destroy\UnzDll.dll
2005-05-31 08:04 1,415,824 ------w C:\Documents and Settings\Spybot - Search & Destroy\TeaTimer.exe
2003-08-27 21:19 36,963 ------r C:\Program Files\Common Files\SM1updtr.dll
2008-05-09 21:02 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 21:06 53248]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 15:59 65536]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 16:51 122880]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-23 14:49 98304]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 16:37 151552]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03 1077301]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27 385024]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-01 18:03 155648]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 20:38 28672]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-01 17:59 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 01:05 122939]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 20:08 675840]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 13:51 24576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"ZoomingHook"="ZoomingHook.exe" [2004-04-30 23:03 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 14:03 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-05-23 13:39:00 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 15:26 45056]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 09:34]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 09:34]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 09:34]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 09:34]
.
Contents of the 'Scheduled Tasks' folder

2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

2005-08-13 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 05:00]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = https://login.yahoo....erify2?&.src=ym
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 20:18:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-16 20:21:01
ComboFix-quarantined-files.txt 2008-08-17 03:20:55
ComboFix2.txt 2008-07-06 02:45:35

Pre-Run: 26,655,928,320 bytes free
Post-Run: 26,884,239,360 bytes free

170 --- E O F --- 2008-08-16 23:42:50

Edited by susan spencer, 17 August 2008 - 04:54 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP