TechSpot

Aniti-spyware.biz bad problem

By bellachanel
Apr 6, 2008
  1. Hi, I have the same problem. I have ran smitfraudfix too. My report is attached. I'm still having the pop ups from that site though. Any ideas? Please help! I feel like I've tried everything. Thanks so much. Here's the result from smitfraud #1:

    SmitFraudFix v2.309

    Scan done at 9:34:24.15, Sun 04/06/2008
    Run from C:\Documents and Settings\Sandee\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WS_FTP Pro\ftpsched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\WnvIRQ32.exe
    C:\Documents and Settings\All Users\Application Data\pgbcvady\hcfibmjm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Winnov Videum NT\WvStatus.Exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\AOL\1174943572\ee\AOLSoftware.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\Eyeball\EYEBAL~1\EyeballChat.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\Program Files\ICQ6\ICQ.exe
    C:\WINDOWS\system32\xqrofmfm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\NuvaTime\NuvaTime(tm).exe
    C:\Program Files\Common Files\Sonic Shared\CineTray.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sandee


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sandee\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sandee\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    DNS Server Search Order: 66.75.160.63
    DNS Server Search Order: 66.75.160.64

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B7FC172B-3173-4CE6-A882-1E781558C7E9}: DhcpNameServer=66.75.160.63 66.75.160.64
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B7FC172B-3173-4CE6-A882-1E781558C7E9}: DhcpNameServer=66.75.160.63 66.75.160.64
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B7FC172B-3173-4CE6-A882-1E781558C7E9}: DhcpNameServer=66.75.160.63 66.75.160.64
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.63 66.75.160.64
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.63 66.75.160.64
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.63 66.75.160.64


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Download and Run ComboFix
    • Download ComboFix to your desktop from either of the two below listed places :

      HERE or HERE
    • Then double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Attach that log in your next reply
    WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  3. bellachanel

    bellachanel TS Rookie Topic Starter

    okay.. here's the first log attached. ComboFix gave me a message saying some computers don't make it through the process???? So i hit no. Should I go ahead and do that?? I don't want to risk anything?
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Just go ahead, it will be fine. its a standard message
     
  5. bellachanel

    bellachanel TS Rookie Topic Starter

    I tried and it's saying I can't rename it now. Weird. I will keep trying. THANK YOU SO MUCH!!
     
  6. bellachanel

    bellachanel TS Rookie Topic Starter

    Okay... here we go! Here's the other file you needed. Thanks again for the help! I appreciate it so much!
     
  7. kritius

    kritius TS Guru Posts: 2,084

    Looking over it now, will post back later.
     
  8. bellachanel

    bellachanel TS Rookie Topic Starter

    Thanks a million!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...