Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91866 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Smitfraud and Zlob worm imitator


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rikkuna

Rikkuna

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 26 April 2008 - 09:14 PM

I used this to check if there were any remains of a smitfruad and zlob infection I am trying to get rid of, I wishto know if anything from this log file is harmful and are bits and pieces of that infection This is the 5th time I've used a number of programs to get rid of the worm files, but they keep coming back and I believe HiJackThis has the answers to what files I missed
<br />
<br />
Logfile of HijackThis v1.99.1<br />
Scan saved at 10:03:54 PM, on 4/26/2008<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
MSIE: Internet Explorer v7.00 (7.00.6000.16640)</p>
<p>Running processes:<br />
C:\\\\WINDOWS\\\\System32\\\\smss.exe<br />
C:\\\\WINDOWS\\\\system32\\\\winlogon.exe<br />
C:\\\\WINDOWS\\\\system32\\\\services.exe<br />
C:\\\\WINDOWS\\\\system32\\\\lsass.exe<br />
C:\\\\WINDOWS\\\\system32\\\\svchost.exe<br />
C:\\\\WINDOWS\\\\system32\\\\svchost.exe<br />
C:\\\\WINDOWS\\\\explorer.exe<br />
C:\\\\Documents and Settings\\\\Owner\\\\Desktop\\\\HijackThis.exe</p>
<p>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\\\PROGRA~1\\\\Yahoo!\\\\Companion\\\\Installs\\\\cpn\\\\yt.dll<br />
F2 - REG:system.ini: Shell=explorer.exe<br />
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\\\Program Files\\\\Orbitdownloader\\\\orbitcth.dll<br />
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\\\PROGRA~1\\\\Yahoo!\\\\Companion\\\\Installs\\\\cpn\\\\yt.dll<br />
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\ActiveX\\\\AcroIEHelper.dll<br />
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\\\PROGRA~1\\\\SPYBOT~1\\\\SDHelper.dll<br />
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)<br />
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Windows Live\\\\WindowsLiveLogin.dll<br />
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\\\program files\\\\google\\\\googletoolbar1.dll<br />
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\\\Program Files\\\\Windows Live Toolbar\\\\msntb.dll<br />
O2 - BHO: (no name) - {C57910E2-F661-4E22-8972-EEB5EBD8C43C} - (no file)<br />
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\\\program files\\\\google\\\\googletoolbar1.dll<br />
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\\\PROGRA~1\\\\Yahoo!\\\\Companion\\\\Installs\\\\cpn\\\\yt.dll<br />
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\\\Program Files\\\\Windows Live Toolbar\\\\msntb.dll<br />
O3 - Toolbar: dpevflbg - {C71F6A92-8438-46A4-9237-15A1F1AF179D} - C:\\\\WINDOWS\\\\dpevflbg.dll<br />
O4 - HKLM\\\\..\\\\Run: [ehTray] C:\\\\WINDOWS\\\\ehome\\\\ehtray.exe<br />
O4 - HKLM\\\\..\\\\Run: [NeroFilterCheck] C:\\\\WINDOWS\\\\system32\\\\NeroCheck.exe<br />
O4 - HKLM\\\\..\\\\Run: [SunKistEM] C:\\\\Program Files\\\\Digital Media Reader\\\\shwiconem.exe<br />
O4 - HKLM\\\\..\\\\Run: [CHotkey] zHotkey.exe<br />
O4 - HKLM\\\\..\\\\Run: [SigmatelSysTrayApp] sttray.exe<br />
O4 - HKLM\\\\..\\\\Run: [IntelAudioStudio] \\”C:\\\\Program Files\\\\Intel Audio Studio\\\\IntelAudioStudio.exe\\” BOOT<br />
O4 - HKLM\\\\..\\\\Run: [Reminder] %WINDIR%\\\\Creator\\\\Remind_XP.exe<br />
O4 - HKLM\\\\..\\\\Run: [Recguard] %WINDIR%\\\\SMINST\\\\RECGUARD.EXE<br />
O4 - HKLM\\\\..\\\\Run: [RemoteControl] \\”C:\\\\Program Files\\\\CyberLink\\\\PowerDVD\\\\PDVDServ.exe\\”<br />
O4 - HKLM\\\\..\\\\Run: [IgfxTray] C:\\\\WINDOWS\\\\system32\\\\igfxtray.exe<br />
O4 - HKLM\\\\..\\\\Run: [HotKeysCmds] C:\\\\WINDOWS\\\\system32\\\\hkcmd.exe<br />
O4 - HKLM\\\\..\\\\Run: [Persistence] C:\\\\WINDOWS\\\\system32\\\\igfxpers.exe<br />
O4 - HKLM\\\\..\\\\Run: [QuickTime Task] \\”C:\\\\Program Files\\\\QuickTime\\\\QTTask.exe\\” -atboottime<br />
O4 - HKLM\\\\..\\\\Run: [iTunesHelper] \\”C:\\\\Program Files\\\\iTunes\\\\iTunesHelper.exe\\”<br />
O4 - HKLM\\\\..\\\\Run: [avgnt] \\”C:\\\\Program Files\\\\Avira\\\\AntiVir PersonalEdition Classic\\\\avgnt.exe\\” /min<br />
O4 - HKLM\\\\..\\\\Run: [EPSON Stylus CX4200 Series] C:\\\\WINDOWS\\\\System32\\\\spool\\\\DRIVERS\\\\W32X86\\\\3\\\\E_FATIAEA.EXE /P26 \\”EPSON Stylus CX4200 Series\\” /O6 \\”USB001\\” /M \\”Stylus CX4200\\”<br />
O4 - HKLM\\\\..\\\\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\\\\WINDOWS\\\\System32\\\\spool\\\\DRIVERS\\\\W32X86\\\\3\\\\E_FATIAEA.EXE /P35 \\”EPSON Stylus CX4200 Series (Copy 1)\\” /O6 \\”USB001\\” /M \\”Stylus CX4200\\”<br />
O4 - HKCU\\\\..\\\\Run: [Yahoo! Pager] \\”C:\\\\Program Files\\\\Yahoo!\\\\Messenger\\\\YahooMessenger.exe\\” -quiet<br />
O4 - HKCU\\\\..\\\\Run: [ctfmon.exe] C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe<br />
O4 - HKCU\\\\..\\\\Run: [updateMgr] C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\AdobeUpdateManager.exe AcRdB7_0_9<br />
O4 - HKCU\\\\..\\\\Run: [SpybotSD TeaTimer] C:\\\\Program Files\\\\Spybot - Search & Destroy\\\\TeaTimer.exe<br />
O4 - HKCU\\\\..\\\\Run: [MSMSGS] \\”C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\” /background<br />
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\reader_sl.exe<br />
O4 - Global Startup: Install Pending Files.LNK = C:\\\\Program Files\\\\SIFXINST\\\\SIFXINST.EXE<br />
O8 - Extra context menu item: &AOL Toolbar search - res://C:\\\\Program Files\\\\AOL Toolbar\\\\toolbar.dll/SEARCH.HTML<br />
O8 - Extra context menu item: &Download by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/201<br />
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/204<br />
O8 - Extra context menu item: &Windows Live Search - res://C:\\\\Program Files\\\\Windows Live Toolbar\\\\msntb.dll/search.htm<br />
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...uickadd.aspx<br />
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/203<br />
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/202<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\\\PROGRA~1\\\\MICROS~2\\\\OFFICE11\\\\EXCEL.EXE/3000<br />
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\\\bdoscandel.exe (file missing)<br />
O9 - Extra \\’Tools\\’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\\\bdoscandel.exe (file missing)<br />
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\\\PROGRA~1\\\\MICROS~2\\\\OFFICE11\\\\REFIEBAR.DLL<br />
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\\\\WINDOWS\\\\system32\\\\Shdocvw.dll<br />
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\\\\Documents and Settings\\\\Owner\\\\Start Menu\\\\Programs\\\\IMVU\\\\Run IMVU.lnk<br />
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\\\PROGRA~1\\\\SPYBOT~1\\\\SDHelper.dll<br />
O9 - Extra \\’Tools\\’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\\\PROGRA~1\\\\SPYBOT~1\\\\SDHelper.dll<br />
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\\\Network Diagnostic\\\\xpnetdiag.exe (file missing)<br />
O9 - Extra \\’Tools\\’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\\\Network Diagnostic\\\\xpnetdiag.exe (file missing)<br />
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe<br />
O9 - Extra \\’Tools\\’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe<br />
O11 - Options group: [INTERNATIONAL] International*<br />
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....MSNPUpld.cab<br />
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coolsavings.c......cmv5X.cab<br />
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo......ader3.cab<br />
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd......scan8.cab<br />
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi......135967093<br />
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.......PkMSN.cab<br />
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.......WXMSN.cab<br />
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon......56907.cab<br />
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse......oader.cab<br />
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\\\PROGRA~1\\\\WI1F86~1\\\\MESSEN~1\\\\MSGRAP~1.DLL<br />
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\\\PROGRA~1\\\\WI1F86~1\\\\MESSEN~1\\\\MSGRAP~1.DLL<br />
O20 - Winlogon Notify: igfxcui - C:\\\\WINDOWS\\\\SYSTEM32\\\\igfxdev.dll<br />
O21 - SSODL: wdpoefan - {9A540731-6D8D-4CAC-863C-8364A01F4310} - C:\\\\WINDOWS\\\\wdpoefan.dll<br />
O21 - SSODL: vadokmxt - {280FDD8E-62A8-473D-8F52-3CEA839484D4} - C:\\\\WINDOWS\\\\vadokmxt.dll<br />
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\\\\Program Files\\\\Avira\\\\AntiVir PersonalEdition Classic\\\\sched.exe<br />
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\\\\Program Files\\\\Avira\\\\AntiVir PersonalEdition Classic\\\\avguard.exe<br />
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\\\\Program Files\\\\Common Files\\\\Apple\\\\Mobile Device Support\\\\bin\\\\AppleMobileDeviceService.exe<br />
O23 - Service: iPod Service - Apple Inc. - C:\\\\Program Files\\\\iPod\\\\bin\\\\iPodService.exe<br />
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\\\\Program Files\\\\Common Files\\\\New Boundary\\\\PrismXL\\\\PRISMXL.SYS</p>
<p>

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 03 May 2008 - 08:39 AM

Posted Image

Sorry about the delay in responding :(

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 May 2008 - 06:29 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users