Is it a Virus? fp.pc-on-internet.com Causes Problems Help Please

Discussion in 'Windows - Virus and spyware problems' started by patchted, Dec 15, 2007.

  1. patchted

    patchted Member

    Joined:
    Jun 17, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    My granddaughter went on my comp I now keep getting pop-up type pages. To describe the page it comes up “Windows security Centre it then does a Smart Scan and tells me Alert Your System is Infected” it won’t let me cancel it without trying to download ‘SpywareSecure_trial_setup.exe’

    I have run my virus checker (Zone Alarm) and AVG (free)
    I have also run Spybot Search & destroy ,Ad-Aware SE personal and done a full scan with System Machanic.
    With all these it says my comp is ok.

    The problem is still with me and getting worse I am now getting redirected to other pages. The one thing in common is it all starts with me being redirected to a site fp.pc-on-internet.com which is shown it the address bar, after this I can be sent anywhere but fp.pc-on-internet.com. comes up the most.

    I use Firefox as my Browser

    Can some one please help..

    Here is my Hijack Log
    Logfile of HijackThis v1.99.1
    Scan saved at 08:59:04, on 15/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Zonelabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H 2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.144.30/DGTx.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: hplun.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe

    Thank you for taking the time to read my post
     
    patchted, Dec 15, 2007
    #1
  2. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    hi,

    that sounds like smitfraud. lets do this first:

    Download SmitfraudFix (by S!Ri) to your Desktop.

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press Enter
    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that lo in your next reply.
     
    echoreply, Dec 15, 2007
    #2
  3. patchted

    patchted Member

    Joined:
    Jun 17, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    echoreply Thank you for getting back to me Since last night Zone alarm did a scheduled scan & did delete something I don't know what but I dont trust it. So I have done another HJ log and as you instruct a SmitFruadFix log if you could please have a look at them and again advise me

    Logfile of HijackThis v1.99.1
    Scan saved at 08:25:36, on 16/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Zonelabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.144.30/DGTx.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe

    And now the rapport.txt

    SmitFraudFix v2.269

    Scan done at 8:13:56.84, 16/12/2007
    Run from C:\Documents and Settings\Moo Moo\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Zonelabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moo Moo


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moo Moo\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MOOMOO~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Motorola SURFboard SB5100 USB Cable Modem #2 - Packet Scheduler Miniport
    DNS Server Search Order: 62.31.176.39
    DNS Server Search Order: 194.117.134.19
    DNS Server Search Order: 195.188.53.175

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F640EEAF-1C67-4DF0-B7AD-EF2E8732EEF0}: DhcpNameServer=62.31.176.39 194.117.134.19 195.188.53.175
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F640EEAF-1C67-4DF0-B7AD-EF2E8732EEF0}: DhcpNameServer=62.31.176.39 194.117.134.19 195.188.53.175
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F640EEAF-1C67-4DF0-B7AD-EF2E8732EEF0}: DhcpNameServer=62.31.176.39 194.117.134.19 195.188.53.175
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.31.176.39 194.117.134.19 195.188.53.175
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.31.176.39 194.117.134.19 195.188.53.175
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.31.176.39 194.117.134.19 195.188.53.175


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Again thank you for helping me
     
    patchted, Dec 16, 2007
    #3
  4. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    hi,

    that smitfraud log looks ok, hjt log also. if you are still getting popups lets do this:

    Download combofix from one of these links and save it to Desktop:

    http://subs.geekstogo.com/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
    echoreply, Dec 16, 2007
    #4
  5. patchted

    patchted Member

    Joined:
    Jun 17, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    Hi echoreply
    I've done what you say and here is the log.
    ComboFix 07-12-16.5 - Moo Moo 2007-12-16 14:59:10.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1070 [GMT 0:00]
    Running from: D:\Backup\DownLoads\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\Documents and Settings\Moo Moo\Local Settings\Application Data\jtcuzypdy.dat
    C:\Documents and Settings\Moo Moo\Local Settings\Application Data\jtcuzypdy.exe
    c:\Documents and Settings\Moo Moo\Local Settings\Application Data\jtcuzypdy_nav.dat
    c:\Documents and Settings\Moo Moo\Local Settings\Application Data\jtcuzypdy_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\Iprip


    ((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
    .

    2007-12-14 16:41 . 2007-12-14 16:41 <DIR> d-------- C:\Program Files\Lavasoft
    2007-12-14 16:41 . 2007-12-14 16:41 <DIR> d-------- C:\Documents and Settings\Moo Moo\Application Data\Lavasoft
    2007-12-06 06:50 . 2007-12-06 06:50 <DIR> d-------- C:\Program Files\SonicWallES
    2007-12-05 17:15 . 2007-12-06 06:50 <DIR> d-------- C:\Documents and Settings\Moo Moo\Application Data\MailFrontier
    2007-12-05 17:12 . 2007-12-15 22:08 15,180,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-05 17:12 . 2007-12-15 22:05 211,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-29 08:35 . 2007-11-29 08:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
    2007-11-27 18:03 . 2007-11-27 18:03 12,291,535 --------- C:\AVG7QT.DAT
    2007-11-27 17:53 . 2007-12-05 17:16 <DIR> d-------- C:\Documents and Settings\Moo Moo\Application Data\AVG7
    2007-11-27 17:53 . 2007-11-27 17:53 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
    2007-11-27 17:53 . 2007-11-27 17:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-15 22:07 127 ----a-w C:\nvdata.dat
    2007-12-15 00:09 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\Azureus
    2007-12-13 21:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
    2007-12-12 06:51 --------- d-----w C:\Program Files\Azureus
    2007-12-08 11:46 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\U3
    2007-12-08 11:39 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\Skype
    2007-12-01 23:58 --------- d-----w C:\Program Files\SSC Service Utility
    2007-11-27 08:18 512 ----a-w C:\ScanSectorLog.dat
    2007-11-27 07:20 --------- d-----w C:\Program Files\EPSON Print CD
    2007-11-22 09:55 --------- d-----w C:\Program Files\DivX
    2007-11-22 09:49 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\dvdcss
    2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-27 09:13 --------- d-----w C:\Program Files\WinAVI Video Converter
    2007-10-24 19:47 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\Ahead
    2007-10-23 20:13 --------- d-----w C:\Program Files\Java
    2007-10-21 21:49 --------- d-----w C:\Program Files\VS Revo Group
    2007-10-20 22:39 --------- d-----w C:\Program Files\Ligos
    2007-10-20 22:23 --------- d-----w C:\Program Files\Ahead
    2007-10-20 22:22 --------- d-----w C:\Program Files\Common Files\Ahead
    2007-10-19 17:07 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\DivX
    2007-10-18 15:51 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\Media Player Classic
    2007-10-17 20:12 --------- d-----w C:\Program Files\RegistryFix
    2007-10-17 19:31 --------- d-----w C:\Documents and Settings\Moo Moo\Application Data\Uniblue
    2007-10-15 09:53 --------- d-----w C:\Program Files\Cobian Backup 8
    2007-06-18 21:58 53,305 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_18_21_57_26_small.dmp.zip
    2007-06-05 17:07 68,107 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_05_17_06_28_small.dmp.zip
    2007-06-05 17:07 63,542 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_06_05_17_06_35_small.dmp.zip
    2007-06-05 17:07 62,785 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_06_05_17_06_33_small.dmp.zip
    2007-05-24 17:05 58,376 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_24_16_57_34_small.dmp.zip
    2007-05-24 17:05 56,637 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_24_16_57_39_small.dmp.zip
    2007-05-24 17:05 53,501 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_24_16_57_29_small.dmp.zip
    2007-05-23 06:08 17,246,916 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_23_07_06_36_full.dmp.zip
    2007-05-19 04:46 17,340,603 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_19_05_30_54_full.dmp.zip
    2007-05-18 06:43 17,297,454 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_18_07_40_22_full.dmp.zip
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-04-18 19:43 C:\WINDOWS\system32\nwiz.exe]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2005-05-04 09:03]
    "EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.exe" [2003-09-11 03:00]
    "WireLessMouse"="C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 11:48]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2004-02-13 10:41]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 16:17]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-27 18:02]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 12:33:22]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]

    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
    R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys
    R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys
    R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys
    R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys
    R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys
    R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
    R1 fsh;fsh;C:\WINDOWS\system32\drivers\fsh.sys
    R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys
    R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
    S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acdd584a-59e4-11dc-8ab7-00111a6ce811}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-15 22:09:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    The program did delete some stuff from my comp and it seems to be running fine now but i shall watch it over the next few hours and report back.
     
    patchted, Dec 16, 2007
    #5
  6. patchted

    patchted Member

    Joined:
    Jun 17, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    16
    The Computer has been running all night and using it I can report the problems I was having now seem to have gone. I would like to thank echoreply for his help and to say without forums like this, people like me who don't understand computers would be lost and having to pay a lot of money to get things fixed.

    I wish I could understand things like the Hijack Log and what things mean, and so again a big thankyou...
     
    patchted, Dec 17, 2007
    #6
  7. dvan1

    dvan1 Guest

    Hello,

    I have been getting pop ups from fp-pc on internet.com for the last 5 days. After browsing through what might be the cause, I found that I am have the same problem as is in this post.

    Can anybody help me to find solution for this problem?

    I have downloaded SmitFraudFix which I THINK may be the cause for my problem. I have done search using Option 1 and I am posting the output of the log file rapport.txt below:

    SmitFraudFix v2.274

    Scan done at 12:38:15.87, 22/12/2007
    Run from C:\Users\BPL\Desktop\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Thomson\ST330\service\st330service.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Windows\V0220Mon.exe
    C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Users\BPL\AppData\Local\jkzhape.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» \


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\akkumar


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\akkumar\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\akkumar\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix.exe by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
    "LoadAppInit_DLLs"=dword:00000001


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Many Thanks,
    Dev
     
    dvan1, Dec 22, 2007
    #7

Share This Page