Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfraud infected PC

Started by cluelessinseattle , Feb 27 2012 03:20 PM

  • Please log in to reply

#1
cluelessinseattle
Posted 27 February 2012 - 03:20 PM

cluelessinseattle

    New Member

  • Member
  • Pip
  • 1 posts
Background
This virus has been on my PC for about 3 weeks. First logged by Spybot S&D on 2/7. I've been using spybot for years, for almost every virus I've encountered, this program does a great job getting rid of stuff. However, for this specific problem it will say the file is cleaned but the virus still shows up on the next scan. This weekend, i took some time to try and intensively kill the virus. Desperate, I downloaded S!ri's smitfraudfix.exe file but can't seem to get the program to work properly.

How virus was obtained
Assume by clicking on a diseased website/link due to family's facebook habits and interest in random sites

Symptoms
Virus itself causes browser navigation issues. Anytime you click on a link or address there is a random chance ~30% you will be redirected to a random ad site (no pattern as to what causes it or where it goes). No other obvious symptoms

When using spybot, location of virus appears as such:
Smitfraud-C.generic
(SBI $5926A588) Executable
C:\Windows\svchost.exe

Attempted Removal Techniques
1) After trying to use Spybot S&D several times and encountering the same thing (says the virus is clean but upon rescanning it's found again) i decided to try other techniques. Reading different forums i found a recommendation for running ESET's free online scanner. It found about 60 potential issues over the course of a 3 hour scan. Cleaned those files, no luck.

2) Finally, today, I decided to try S!ri's smitfraudfix. I was running as admin in safe mode with both windows defender and spybot's tea-timer set to disabled. When i run the program the blue screen with options comes up. I ran option 1: search - it generates a log file which works fine. However when I click option 2: search it opens a new window and says killing processes followed by several dozen strings of "access is denied" and then the program just dissapears, after which I'm left with a blank safe mode screen. Only way to recover from this is to ctrl+alt+delete and restart from that screen.

Desired End State
A computer free from this annoying virus. A better way to protect from future infections. Any help provided by the forum would be great!


OTL.txt File

OTL logfile created on: 2/27/2012 12:53:49 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 69.52% Memory free
8.00 Gb Paging File | 6.56 Gb Available in Paging File | 82.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 839.77 Gb Free Space | 90.16% Space Free | Partition Type: NTFS

Computer Name: SR-71 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/27 12:53:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2012/02/27 12:20:49 | 000,170,496 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\F0087\8CAE3.exe
PRC - [2012/02/26 14:13:22 | 000,187,392 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\87FDB\lvvm.exe
PRC - [2012/02/22 11:12:17 | 000,282,624 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\F5AF\067.exe
PRC - [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/27 12:20:49 | 000,170,496 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\F0087\8CAE3.exe
MOD - [2012/02/26 14:13:22 | 000,187,392 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\87FDB\lvvm.exe
MOD - [2012/02/25 17:57:49 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/22 11:12:17 | 000,282,624 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\F5AF\067.exe
MOD - [2012/02/16 06:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/11 13:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 13:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 12:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/02 13:21:53 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/08/04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/29 11:58:15 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/05/20 14:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/03/08 22:49:48 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 20:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/10 23:35:05 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/18 15:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 12:48:22 | 000,013,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_TPIO64.sys -- (BS_TPIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/12/28 16:56:32 | 000,026,472 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2010/02/10 23:35:05 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/06/16 08:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BS_I2cIo.sys -- (BS_I2cIo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 A3 2A 0D B8 1A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64222

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64222
FF - prefs.js..network.proxy.type: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/25 17:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/25 17:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2012/02/25 17:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/16 06:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 02:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 02:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/13 11:01:10 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [067.exe] C:\Program Files (x86)\LP\F5AF\067.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [067.exe] C:\Users\Tom\AppData\Roaming\Microsoft\F5AF\067.exe ()
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\Tom\AppData\Roaming\87FDB\lvvm.exe) - C:\Users\Tom\AppData\Roaming\87FDB\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Tom\AppData\Roaming\87FDB\lvvm.exe) - C:\Users\Tom\AppData\Roaming\87FDB\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: freetoolsassociation.com ([activegs] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{128EA0F4-EBB9-4075-85BF-D45381370458}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Tom\AppData\Roaming\F0087\8CAE3.exe) - C:\Users\Tom\AppData\Roaming\F0087\8CAE3.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 12:53:21 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012/02/27 12:22:16 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2012/02/27 12:22:16 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2012/02/27 12:22:16 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2012/02/27 12:22:16 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2012/02/27 12:22:16 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2012/02/27 12:22:16 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2012/02/27 12:22:16 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2012/02/27 12:22:16 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2012/02/27 12:22:16 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2012/02/27 12:22:16 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2012/02/27 12:22:16 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2012/02/27 12:22:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\SmitfraudFix
[2012/02/25 17:41:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Mozilla
[2012/02/25 17:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/02/25 17:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/25 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Finances
[2012/02/25 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/21 20:18:37 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{2296BA15-0DEF-4BDB-8CA2-0D80E1942967}
[2012/02/21 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{61A64E83-E95F-44E0-B2B4-DD8C4E6DCBEB}
[2012/02/16 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{12BC75D3-6764-4725-8554-EC14E8733BD4}
[2012/02/16 17:53:38 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{56401566-D91C-4D0D-B1AE-A22B4D8051DA}
[2012/02/15 08:00:55 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\87FDB
[2012/02/15 08:00:18 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\F0087
[2012/02/13 10:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\87FDB
[2012/02/13 10:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/02/09 15:34:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{C0D02B51-C076-48F5-BB63-F2A76817E344}
[2012/02/09 15:33:38 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{5AEA5E76-4B9A-41EB-A9AE-7F20D17396A8}
[2012/02/03 11:06:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2012/02/27 12:53:48 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 12:53:48 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 12:53:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012/02/27 12:37:21 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/27 12:37:21 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/27 12:37:21 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/27 12:33:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 12:32:57 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 12:31:49 | 000,000,691 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\GetValue.vbs
[2012/02/27 12:31:49 | 000,000,035 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\SetValue.bat
[2012/02/27 12:31:48 | 000,001,650 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2012/02/27 12:11:04 | 001,872,472 | ---- | M] () -- C:\Users\Tom\Desktop\SmitfraudFix(1).exe
[2012/02/27 11:46:35 | 000,001,441 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/27 11:43:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/27 11:43:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/27 11:35:16 | 000,000,373 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/26 22:57:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3935951555-2983364618-1171424198-1000UA.job
[2012/02/26 18:57:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3935951555-2983364618-1171424198-1000Core.job
[2012/02/25 18:03:09 | 000,282,624 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\firefox.exe
[2012/02/25 17:47:05 | 000,282,624 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\iexplore.exe
[2012/02/25 17:41:36 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/22 17:12:47 | 000,282,624 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\java.exe
[2012/02/15 07:59:04 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 03:03:20 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/15 03:02:32 | 000,000,208 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/13 11:01:10 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2012/02/27 12:22:55 | 000,001,650 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2012/02/27 12:22:55 | 000,000,691 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\GetValue.vbs
[2012/02/27 12:22:55 | 000,000,035 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\SetValue.bat
[2012/02/27 12:22:16 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2012/02/27 12:22:16 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2012/02/27 12:22:16 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/02/27 12:11:02 | 001,872,472 | ---- | C] () -- C:\Users\Tom\Desktop\SmitfraudFix(1).exe
[2012/02/27 11:43:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/27 11:43:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/25 18:03:09 | 000,282,624 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\firefox.exe
[2012/02/25 17:41:36 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/25 17:41:36 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/15 14:00:19 | 000,282,624 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\java.exe
[2012/02/15 08:09:11 | 000,282,624 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\iexplore.exe
[2012/02/15 03:02:32 | 000,000,208 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/07 18:34:37 | 000,000,373 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/19 10:18:25 | 000,012,050 | -HS- | C] () -- C:\Users\Tom\AppData\Local\uo6g70ger150gv8y5a8ec20r263037
[2011/06/19 10:18:25 | 000,012,050 | -HS- | C] () -- C:\ProgramData\uo6g70ger150gv8y5a8ec20r263037
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/07 05:32:47 | 000,013,807 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\.minecraft - Shortcut (2).lnk
[2010/11/07 05:32:22 | 000,013,807 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\.minecraft - Shortcut.lnk
[2010/07/03 07:25:07 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/03 05:54:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/08/19 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.minecraft
[2012/02/26 14:13:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\87FDB
[2010/08/02 19:48:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\acccore
[2010/07/03 05:48:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bump Technologies, Inc
[2011/02/16 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Eye-Fi
[2012/02/27 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\F0087
[2011/01/15 05:54:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\fi.eye.center.E430518E652B889A80EC0E8A6E532C09FF36DF62.1
[2010/07/23 12:04:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\LucasArts
[2012/02/27 12:15:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SoftGrid Client
[2010/07/03 07:26:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TP
[2010/08/29 20:50:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Uniblue
[2010/12/10 00:21:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Windows Live Writer
[2011/11/13 16:02:59 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP