Answers Questions
“smitfraud-c. Toolbar888″ And Random Ie Windows?
I am a webmaster, and I am trying to build my website, but my computer keeps acting weird and seems to be going into random hybernation for no reason in the middle of ANYTHING. I tried to do a scan to see if there was any virus/malware that was causing this, but nothing came up.
When I ran Spybot Search and Destroy, “Smitfraud-C. Toolbar888″ came up… for the bazillionth time! What do I do??? Also, random websites just pop up in new windows, and I can’t stop them. Even pop-up blockers with by Browser and Google Toolbar can’t stop them!
Here is some info that I got from HijackThis (You may find Vista applications listed due to the fact that I downloaded the Vista Transformation package from WindowsX):
Logfile of HijackThis v1.99.1
Scan saved at 11:13:27 AM, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\{34960… Start Orb.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\{689E0…
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MDLAAK1Y\Windows-KB890…
c:\5f2b4d98fc082856d2a86ba268e7dad0\mr…
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hijackthis_199\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=5…
R1 – HKCU\Software\Microsoft\Windows\CurrentV… Settings,ProxyOverride = localhost
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: StylerToolBar – {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} – C:\Program Files\Styler\TB\StylerTB.dll
O4 – HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 – HKLM\..\Run: [StorageGuard] “C:\Program Files\VERITAS Software\Update Manager\sgtray.exe” /r
O4 – HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32×86…
O4 – HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 – HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 – HKLM\..\Run: [QuickFinder Scheduler] “C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE”
O4 – HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 – HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 – HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 – HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 – HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 – HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 – HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 – HKLM\..\Run: [ApachInc] rundll32.exe “C:\WINDOWS\system32\ppjickkp.dll”,reals…
O4 – HKLM\..\Run: [MSRegScan] C:\Program Files\CMK Demo\RSCMKDemo.exe
O4 – HKLM\..\Run: [j4211039] rundll32 C:\WINDOWS\system32\j4211039.dll sook
O4 – HKLM\..\Run: [setup] rundll32.exe “C:\WINDOWS\system32\nyfblbrr.dll”,reals…
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\Googl…
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Startup: Vista sidebar.lnk = C:\Program Files\Vista Sidebar\sidebar.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 – Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 – Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 – Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdat…
O4 – Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCE…
O8 – Extra context menu item: Open with WordPerfect – C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D…
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O11 – Options group: [INTERNATIONAL] International*
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} – http://software-dl.real.com/233de769…p…
O16 – DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/S…/…
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsof…?…
O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/…
O16 – DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) – https://secure.logmein.com/activex/RACtr…
O17 – HKLM\System\CCS\Services\Tcpip\..\{BDB36… NameServer = 192.168.1.254
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: F-Prot Antivirus Update Monitor – FRISK Software – C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ProtexisLicensing – Unknown owner – C:\WINDOWS\system32\PSIService.exe
P.S. This is a shared work-related computer on a network, so I don’t know what all may be listed above or downloaded on here that may not be “good,” ya know?
Thanks for any help!
| Print article | This entry was posted by admin on 02/10/2010 at 04:37, and is filed under Internet. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
You must be logged in to post a comment.
No trackbacks yet.
How Do I Choose Between A Linux And Windows Web Hosting Plan For My Domain Name?
about 2 weeks ago - 2 comments
If you’re using asp, choose windows
if php then choose linux
What Is The Difference Between Windows And Linux Web Hosting ?
about 4 weeks ago - 7 comments
Installing Ubuntu Hardy Heron as a web hosting server
The Perfect Server – Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)http://www.howtoforge.com/perfect-server…
Friends of mine would use nothing else and prior to Ubuntu 8.04 LTS they were using Ubuntu 6.06 LTS so apart from the upgrade they saw no reason to change
LUg.
Linux Or Windows Hosting?
about 1 month ago - 7 comments
Hi,
My webmaster is building me website – something like Facebook, but the idea is different. Anyway he told me today that I need to have Linux hosting not Windows and not is the question, how can I manage it later if I don’t have any Linux system on my computer?
He says that windows actually has More >
Whats The Difference Between Windows Web Hosting And Linux Web Hosting ..& Which One Is More Better ?
about 1 month ago - 2 comments
Linux is more secure. That’s why the air force, google, and youtube use it.
Linux servers are what government agencies use.
Whats The Difference Between Windows Web Hosting And Linux Web Hosting ..& Which One Is More Better ?
about 1 month ago - 4 comments
most people prefer linux , many content management systems wont run properly on windows
Go to http://www.samwilson3d.com , there is a list of hosts (right side menu) they all have cpanel and something called “fantastico” the least expensive of these plans is around $50 per YEAR
Godaddy has given me problems of every kind including MySQL and More >
I Have Filezila On Windows, How Do I Transfer Ftp Information Unto Ubuntu Linux? Ex Addresses, User Names, Pws
about 1 month ago - 1 comment
I want switch to ubuntu linux but I can not seem to find a clients password, so I can not switch unless I can I be sure that I will beable to webmaster for her in the future. How do I copy the ftp login information? is there a specific file ?
What Is The Difference Between A Unix, Windows And Linux Hosting Plan?
about 1 month ago - 4 comments
obviously i appreciate that the operating systems are different, but will choosing one over the other affect basic things like mysql, FTP, e-mails, DNS, php etc?
Why Does Windows Freese Screen When Use Several Windows At The Same Time? How Do I Improve This?
about 1 month ago - 5 comments
www.jesuspr.net
webmaster@jesuspr.net
What’s The Difference Between Linux Web Hosting And Windows Web Hosting.?
about 1 month ago - 5 comments
I just want to know what it means so I don’t waste my money on the wrong thing.
What’s The Difference Between Linux Web Hosting And Windows Web Hosting.?
about 1 month ago - 6 comments
I just want to know what it means so I don’t waste my money on the wrong thing.
about 4 weeks ago
Download:
Use this URL to download the latest version (the file contains both English and French versions):http://siri.urz.free.fr/Fix/SmitfraudFix…
Mirrors: Alternate official download locations for Smitfraudfix.ziphttp://siri.geekstogo.com/SmitfraudFix.e…http://downloads.securitycadets.com/Smit…
Zebulon.fr
about 4 weeks ago
get this.http://www.bleepingcomputer.com/files/sm…
Reboot in to safe mode and run it. it will remove SmitFraud.
about 4 weeks ago
Hey, I hope I can help. It kind of depends on what you’ve already tried, but here is what I would do (my first step):http://www.google.com/search?q=Smitfraud…
Then read forums about what people did. I would compare my services to their services, see what matches, and then search those fishy services to see if there’s some kind of alert for it. There’s http://www.processlibrary.com/directory/… that pretty much lists all possible processes that you can check. It’s kind of fun to see what everything is and by canceling non-esential ones at startup you might notice better performance anyway.
Hopefully you’ve already fixed this problem, but, after trying some stuff on google and letting me know what you’ve tried, I’d be glad to help.