I've struggled with my family's pc for the last couple of hours, thought I was getting somewhere by following other 'smitfraud trojan' removal instructions only to find other trojans called 'downloader.small' by AVG. I'm running AVG and Ad-Aware and have updated them as much as possible, but cannot open Windows Update. I've run out of ideas and would really appreciate the help.
Cheers all!
This is my Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 23:12:54, on 06/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\twain_32\SiPix\SCDeluxe\DELUXECC.exe
C:\WINNT\twain_32\SiPix\SCDeluxe\UsbPnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINNT\system32\atiupdpl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\AOL 8.0\waol.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {11E98689-531B-49B3-B0FE-B090DEBEC948} - C:\WINNT\system32\jagd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinHelp] C:\WINNT\System32\WinHelp.exe
O4 - HKLM\..\Run: [Remote Procedure Call Locator] RUNDLL32.EXE reg678.dll ondll_reg
O4 - HKLM\..\Run: [Program In Windows] C:\WINNT\System32\IEXPLORE.EXE
O4 - HKLM\..\Run: [DELUXECC] C:\WINNT\twain_32\SiPix\SCDeluxe\DELUXECC.exe
O4 - HKLM\..\Run: [DeluxeSgn] C:\WINNT\twain_32\SiPix\SCDeluxe\UsbPnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\winnt\gpalmdevc.dll,_mainRD
O4 - HKLM\..\Run: [atiupdpl] C:\WINNT\system32\atiupdpl.exe
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINNT\system32\atiupdpl.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [atiupdpl] C:\WINNT\system32\atiupdpl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm093XXGB
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D3512-B652-4BF9-8FFF-A6BDF79C2621}: Domain = dur.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{086D3512-B652-4BF9-8FFF-A6BDF79C2621}: NameServer = 129.234.4.13,129.234.4.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4EADB29-3014-4462-9143-641C140DC5DA}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D3512-B652-4BF9-8FFF-A6BDF79C2621}: Domain = dur.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{086D3512-B652-4BF9-8FFF-A6BDF79C2621}: NameServer = 129.234.4.13,129.234.4.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{086D3512-B652-4BF9-8FFF-A6BDF79C2621}: Domain = dur.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\..\{086D3512-B652-4BF9-8FFF-A6BDF79C2621}: NameServer = 129.234.4.13,129.234.4.11
O18 - Filter: text/html - {B409E174-8699-4CAB-A4AD-528EA245939A} - C:\WINNT\system32\jagd.dll
O18 - Filter: text/plain - {B409E174-8699-4CAB-A4AD-528EA245939A} - C:\WINNT\system32\jagd.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG6 Service (AvgServ) - Unknown owner - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ll_reg - Unknown owner - Rundll32.exe (file missing)
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
O23 - Service: NetMeeting Remote Desktop (RPC) Sharing - Unknown owner - Rundll32.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Windows Management Instrumentation Driver Extension - Unknown owner - C:\WINNT\System32\WinDriver.exe (file missing)