Windows Explorer restarting every second

omar77

Hi,
Yesterday i downloaded a movie which i shouldn't have and as soon as i extracted the movie explorer kept on restarting. I cannot use normal windows 7 anymore as explorer won't let me. I followed some tuts on getting rid of malware so i went into safe mode and used "superantispyware" to delete 2 trojans and some cookies.
I also tried to delete the damn movie from desktop but i can't, it won't let me even rename the blasted thing.
I went back into normal OS but same old same old:confused2.

I literally spent 9hrs straight trying to fix this issue because i have a new system and i want it to work! It's now 6.30am and i didn't what else to give you so a produced a hijack this log:

---

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:18:36, on 23/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Users\Umar\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SftgLnch] C:\Program Files\Program DJ\Safety Guard\SftgLnch.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [Program DJ3] C:\Program Files\Program DJ\Program DJ3\ProgramDJ3.exe
O4 - HKLM\..\Run: [PdjAssistant] C:\Program Files\Program DJ\Program DJ3\PdjAssistant.exe
O4 - HKLM\..\Run: [IFXSPMGT] "C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe" /NotifyLogon
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [GCTray] C:\Program Files\Program DJ\Green Charger\GCTray.exe
O4 - HKLM\..\Run: [EntranceGuard] C:\Program Files\Program DJ\Entrance Guard\SMFTray.exe HIDE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Umar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SMFGina - C:\Program Files\Smart Face\SMFGina.dll (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
O23 - Service: Entrance Guard Service (EntranceGuard Service) - Unknown owner - C:\Program Files\Program DJ\Entrance Guard\SMFService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7959 bytes

---

I hope someone can help, im really worried about this because i don't want reinstall windows 7 again, on a system that just had it for no more longer than a week.:(

thank you

Thrax

Download and run ComboFix, MBAM and Smitfraudfix in safe mode. Please be sure to rename the .EXE files for each of these programs before running them. Follow up with CCleaner to delete temporary files and junk from the registry.`

omar77

Hi,
Thanks for helping me out. I followed what you told, used all 4 programs and now my system is up and running again.

There is one problem though. I wanted a anti virus program and my friend recommended Microsoft security essentials but it won't install. I removed all anti virus programs carefully but still nothing.

I went on to Microsoft's site and did some tutorial with msconfig to use selective start up. Now i can't install, repair some programs or even uninstall programs.

I went back to msconfig, under the same general tab and every time i check the normal start up boot option, restart OS...nothing happens. Its the same thing. MSConfig has still checked selective start up.:eek3:

thanks again for your help.

PS. do you want the logs from the ccleaner and smitfraud operations.

Thrax

Are there any errors MSE gives you when you try to install it? If that doesn't work, Avast and Avira both offer superior AV protection, and they're both free.

No need for logs.

Tushon

Go back to msconfig and set to normal startup. Leaving on selective is for the birds.

omar77

Just got thinking, maybe something still remained so heres the logs of the reports.

CCleaner, i had to do this 2 times because the first time it finished scanning and deleting but rebooted into normal windows where it just crashed because of w/explorer but second time it stayed in safe mode and created a log.

over here -

---

ComboFix 10-12-23.01 - Umar 23/12/2010 18:11:53.2.4 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3062.2474 [GMT 0:00]
Running from: c:\users\Umar\Desktop\ComboFix.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run

---

.
c:\users\Umar\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Umar\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(2).ddp
c:\users\Umar\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(3).ddp
c:\users\Umar\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video.ddp
c:\users\Umar\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\windows\system32\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 18:24 . 2010-12-23 18:24

---

d

---

w- c:\users\Default\AppData\Local\temp
2010-12-23 03:22 . 2010-12-23 03:22

---

d

---

w- c:\programdata\SUPERAntiSpyware.com
2010-12-23 03:22 . 2010-12-23 03:22

---

d

---

w- c:\program files\SUPERAntiSpyware
2010-12-23 02:58 . 2010-12-23 03:06

---

d

---

w- c:\programdata\MFAData
2010-12-22 21:06 . 2010-12-22 21:34 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-22 21:06 . 2010-12-22 21:13 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-22 21:06 . 2010-12-22 21:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-21 15:25 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7071D7E-2565-418B-B51A-C45F6AFB8CBC}\mpengine.dll
2010-12-21 01:52 . 2010-12-22 21:34 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-21 01:41 . 2010-12-21 01:41 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-12-20 01:29 . 2010-12-20 01:29 2060 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-12-20 00:15 . 2010-12-22 13:38

---

d

---

w- c:\programdata\Electronic Arts
2010-12-20 00:15 . 2010-12-22 13:35

---

d

---

w- c:\program files\Electronic Arts
2010-12-18 13:49 . 2010-12-22 14:00

---

d

---

w- c:\program files\Free Dll Viewer
2010-12-15 22:39 . 2010-12-22 13:37

---

d

---

w- c:\program files\Rosetta Stone
2010-12-15 20:49 . 2010-12-22 14:00

---

d

---

w- c:\program files\PowerISO
2010-12-15 20:36 . 2010-12-22 13:38

---

d

---

w- c:\programdata\Rosetta Stone
2010-12-14 20:44 . 2007-04-09 13:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-12-14 20:44 . 2007-04-09 13:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-12-14 20:44 . 2010-12-22 14:00

---

d

---

w- c:\program files\Microsoft ActiveSync
2010-12-14 20:41 . 2010-12-22 13:31

---

d

---

r- C:\MSOCache
2010-12-12 03:11 . 2010-12-22 14:00

---

d

---

w- c:\program files\Xvid
2010-12-12 03:11 . 2008-12-13 20:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-11 17:25 . 2010-12-22 14:00

---

d

---

w- c:\windows\system32\Adobe
2010-12-10 23:09 . 2010-12-22 14:01

---

d

---

w- c:\windows\system32\Macromed
2010-12-10 23:06 . 2010-12-22 13:37

---

d

---

w- c:\program files\VideoLAN
2010-12-10 23:02 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-10 23:02 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-10 23:02 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-10 23:02 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-12-10 23:02 . 2008-12-04 21:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-10 23:02 . 2008-12-04 21:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-10 23:02 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-12-10 23:02 . 2010-12-22 14:00

---

d

---

w- c:\program files\K-Lite Codec Pack
2010-12-10 22:50 . 2010-12-22 14:00

---

d

---

w- c:\program files\Common Files\PX Storage Engine
2010-12-10 22:50 . 2010-12-22 14:00

---

d

---

w- c:\program files\Common Files\DivX Shared
2010-12-10 22:48 . 2010-12-22 14:00

---

d

---

w- c:\program files\DivX
2010-12-10 22:47 . 2010-12-22 14:00

---

d

---

w- c:\programdata\DivX
2010-12-10 19:45 . 2010-12-22 23:28

---

d

---

w- c:\program files\Steam
2010-12-10 19:45 . 2010-12-22 14:00

---

d

---

w- c:\program files\Common Files\Steam
2010-12-10 19:39 . 2010-12-22 14:00

---

d

---

w- c:\windows\en
2010-12-10 19:34 . 2010-12-22 13:36

---

d

---

w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-10 19:28 . 2010-12-10 19:28

---

d

---

w- c:\windows\PCHEALTH
2010-12-10 19:28 . 2010-12-22 14:00

---

d

---

w- c:\program files\Windows Live
2010-12-10 19:27 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-10 19:27 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-10 19:27 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-10 19:27 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-10 19:26 . 2010-12-22 14:00

---

d

---

w- c:\program files\Microsoft Silverlight
2010-12-10 19:26 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-10 19:26 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-10 19:26 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-10 19:26 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-10 19:26 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-10 19:24 . 2010-12-22 13:34

---

d

---

w- c:\program files\Common Files\Windows Live
2010-12-10 18:26 . 2010-12-23 03:05

---

d

---

w- c:\programdata\Alwil Software
2010-12-10 18:26 . 2010-12-22 13:34

---

d

---

w- c:\program files\Alwil Software
2010-12-10 17:57 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-12-10 17:54 . 2010-12-10 17:54

---

d

---

w- c:\program files\MSXML 4.0
2010-12-10 17:54 . 2010-12-22 13:38

---

d--h--w- c:\programdata\CanonBJ
2010-12-10 17:54 . 2009-07-14 01:15 71168 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL
2010-12-10 17:40 . 2010-12-22 13:34

---

d

---

w- c:\program files\Common Files\Java
2010-12-10 17:39 . 2010-12-10 17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-10 17:39 . 2010-12-22 13:35

---

d

---

w- c:\program files\Java
2010-12-09 22:53 . 2010-12-09 15:02

---

d

---

w- c:\windows\Panther
2010-12-09 22:48 . 2010-12-09 22:48

---

d

---

w- C:\Windows.old
2010-12-09 20:41 . 2010-12-22 14:00

---

d

---

w- c:\programdata\FLEXnet
2010-12-09 20:40 . 2010-12-22 13:34

---

d

---

w- c:\program files\Common Files\Macrovision Shared
2010-12-09 20:38 . 2010-12-22 13:34

---

d

---

w- c:\program files\Common Files\Adobe
2010-12-09 19:23 . 2010-12-22 14:00

---

d

---

w- c:\program files\Lexmark
2010-12-09 19:08 . 2010-12-09 19:08

---

d

---

w- c:\programdata\WowVA
2010-12-09 19:03 . 2010-12-09 19:03

---

d

---

w- c:\programdata\Infineon
2010-12-09 19:02 . 2010-12-22 13:35

---

d

---

w- c:\program files\Infineon
2010-12-09 18:49 . 2010-12-22 14:00

---

d

---

w- c:\users\Public\Public Desktop
2010-12-09 18:49 . 2010-01-13 10:11 36352 ----a-w- c:\windows\system32\SMFPwdFilter.dll
2010-12-09 18:49 . 2010-01-13 10:08 237568 ----a-w- c:\windows\system32\SMFLogonVista.dll
2010-12-09 18:46 . 2009-12-25 15:16 2306048 ----a-w- c:\windows\system32\GCharger.cpl
2010-12-09 18:45 . 2010-12-22 14:00

---

d

---

w- c:\programdata\XP32
2010-12-09 18:45 . 2010-12-22 14:00

---

d

---

w- c:\programdata\Win764
2010-12-09 18:45 . 2010-12-22 14:00

---

d

---

w- c:\programdata\Win732
2010-12-09 18:45 . 2010-12-22 14:00

---

d

---

w- c:\programdata\Vista64
2010-12-09 18:45 . 2010-12-22 14:00

---

d

---

w- c:\programdata\Vista32
2010-12-09 18:44 . 2010-12-22 13:36

---

d

---

w- c:\program files\Program DJ
2010-12-09 18:42 . 2009-06-04 18:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-12-09 18:39 . 2009-11-11 07:20 7367200 ----a-r- c:\windows\system32\RTSUSTORicon.dll
2010-12-09 18:39 . 2009-11-11 07:19 181280 ----a-r- c:\windows\system32\drivers\RtsUStor.sys
2010-12-09 18:38 . 2010-12-22 14:02

---

d

---

w- c:\windows\{D48514E3-5AE7-4375-9B6E-ECE4C7BE3350}
2010-12-09 18:36 . 2010-12-22 14:00

---

d

---

w- c:\program files\Atheros
2010-12-09 18:36 . 2009-12-14 12:44 1245696 ----a-w- c:\windows\system32\athr.sys
2010-12-09 18:35 . 2010-12-09 18:35

---

d

---

w- c:\programdata\Atheros
2010-12-09 18:32 . 2010-01-13 05:17 1247776 ----a-r- c:\windows\RtlExUpd.dll
2010-12-09 18:32 . 2010-12-22 14:00

---

d

---

w- c:\program files\Common Files\InstallShield
2010-12-09 18:20 . 2010-12-22 14:00

---

d

---

w- c:\program files\Microsoft.NET
2010-12-09 18:19 . 2010-12-22 14:01

---

d

---

w- c:\windows\system32\Wat
2010-12-09 18:17 . 2010-12-22 14:00

---

d

---

w- c:\windows\Downloaded Installations
2010-12-09 18:17 . 2010-12-22 14:00

---

d

---

w- c:\program files\Common Files\SPBA
2010-12-09 17:43 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-09 17:43 . 2010-12-22 14:04

---

d

---

w- c:\program files\Protector Suite
2010-12-09 17:42 . 2009-11-25 12:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-09 17:42 . 2009-11-25 12:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-09 17:42 . 2009-11-25 12:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-09 17:42 . 2009-11-25 12:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-09 17:42 . 2009-11-25 12:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-09 17:39 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-09 17:39 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-09 17:39 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-09 17:35 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-09 17:21 . 2010-12-22 13:35

---

d

---

w- c:\program files\Intel
2010-12-09 17:21 . 2010-10-04 22:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-09 17:18 . 2010-12-22 14:00

---

d

---

w- c:\windows\system32\Atheros_L1e
2010-12-09 17:17 . 2010-04-21 15:47 68208 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2010-12-09 17:16 . 2010-12-22 13:34

---

d

---

w- c:\program files\Cisco
2010-12-09 17:16 . 2010-12-22 14:00

---

d--h--w- c:\program files\InstallShield Installation Information
2010-12-09 17:16 . 2010-12-22 13:36

---

d

---

w- c:\program files\REALTEK PCIE Wireless LAN Driver
2010-12-09 17:16 . 2009-02-05 02:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2010-12-09 17:03 . 2010-12-22 14:00

---

d

---

w- c:\program files\Realtek
2010-12-09 17:03 . 2009-12-15 18:26 73928 ----a-w- c:\windows\system32\RTEEL32H.dll
2010-12-09 17:03 . 2009-12-15 18:26 62664 ----a-w- c:\windows\system32\RTEEG32H.dll
2010-12-09 17:03 . 2009-12-15 18:26 355528 ----a-w- c:\windows\system32\RTEEP32H.dll
2010-12-09 17:03 . 2009-12-15 18:26 168648 ----a-w- c:\windows\system32\RTEED32H.dll
2010-12-09 17:02 . 2010-12-09 18:33

---

d--h--w- c:\program files\Temp
2010-12-09 16:58 . 2010-12-22 14:00

---

d

---

w- c:\program files\DIFX
2010-12-09 16:57 . 2010-12-22 13:38

---

d

---

w- C:\swsetup
2010-12-09 16:23 . 2010-12-09 16:23

---

d

---

w- c:\programdata\WinZip
2010-12-09 16:22 . 2010-10-19 10:41 222080 ----a-w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-10 02:54 . 2010-11-10 02:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 02:28 . 2010-11-10 02:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-27 03:59 . 2010-10-27 03:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\system32\aticfx32.dll
2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:51 . 2010-10-27 02:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 02:51 . 2010-10-27 02:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 02:50 . 2010-10-27 02:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-27 02:14 . 2010-10-27 02:14 52736 ----a-w- c:\windows\system32\coinst.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-27 02:13 . 2010-10-27 02:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@=&quot;{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-07 00:42 5065480 ----a-w- c:\program files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@=&quot;{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-07 00:42 5065480 ----a-w- c:\program files\Protector Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Google Update"="c:\users\Umar\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-09 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wow Video&Audio"="c:\program files\Program DJ\Wow Video&Audio\WVAMain.exe" [2009-12-24 3569008]
"WLSS"="c:\program files\Program DJ\Wireless Switch\WLSS.exe" [2009-12-22 882032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"SftgLnch"="c:\program files\Program DJ\Safety Guard\SftgLnch.exe" [2009-01-17 13312]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-15 8432160]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-06 55048]
"Program DJ3"="c:\program files\Program DJ\Program DJ3\ProgramDJ3.exe" [2010-01-05 2340208]
"PdjAssistant"="c:\program files\Program DJ\Program DJ3\PdjAssistant.exe" [2010-01-05 315392]
"IFXSPMGT"="c:\program files\Infineon\Security Platform Software\ifxspmgt.exe" [2009-08-03 1107232]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"GCTray"="c:\program files\Program DJ\Green Charger\GCTray.exe" [2009-05-12 552960]
"EntranceGuard"="c:\program files\Program DJ\Entrance Guard\SMFTray.exe" [2010-01-13 9560064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-04-07 00:18 100616 ----a-w- c:\program files\Protector Suite\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SMFGina]
c:\program files\Smart Face\SMFGina.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DualView Server;DualView Server Service;c:\program files\Program DJ\Dualview Server\dualviewsvc.exe [2009-12-24 126976]
R2 EntranceGuard Service;Entrance Guard Service;c:\program files\Program DJ\Entrance Guard\SMFService.exe [2010-01-13 196608]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\Program DJ\Smart Watchdog\SWDsvc.exe [2009-12-18 208896]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\Drivers\DualViewFilter.sys [2009-12-18 22016]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1343400]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 13680]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-07-18 39712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-28 59904]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-21 68208]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263956823-3404918867-2009936458-1000Core.job
- c:\users\Umar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 16:12]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3263956823-3404918867-2009936458-1000UA.job
- c:\users\Umar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 16:12]
.
.

---

Supplementary Scan

---

.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Umar\AppData\Roaming\Mozilla\Firefox\Profiles\78d3luwe.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-3263956823-3404918867-2009936458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3263956823-3404918867-2009936458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-3263956823-3404918867-2009936458-1000\Software\SecuROM\License information*]
"datasecu"=hex:0b,4d,be,2a,86,77,4a,04,8c,6f,95,79,56,c4,00,b1,57,00,c2,ae,7c,
05,39,7e,ad,5c,cf,82,c7,55,3a,57,a5,bc,8f,62,7a,9d,cc,1b,ec,0b,0d,e0,85,63,\
"rkeysecu"=hex:02,56,fc,17,d6,da,b9,46,4f,95,56,48,ff,a4,0b,c2

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=&quot;FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=&quot;c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=&quot;IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=&quot;{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'lsass.exe'(532)
c:\program files\Protector Suite\psqlpwd.dll
c:\program files\Protector Suite\homefus2.dll
c:\program files\Protector Suite\infql2.dll

- - - - - - - > 'Explorer.exe'(1780)
c:\program files\Protector Suite\farchns.dll
c:\program files\Protector Suite\infql2.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
.
Completion time: 2010-12-23 18:25:52
ComboFix-quarantined-files.txt 2010-12-23 18:25

Pre-Run: 423,270,727,680 bytes free
Post-Run: 423,125,483,520 bytes free

- - End Of File - - FBDE0BBFC2D5421B36C26E500C336E5E

---

This is the MBAM log

---

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

23/12/2010 18:31:31
mbam-log-2010-12-23 (18-31-31).txt

Scan type: Quick scan
Objects scanned: 139002
Time elapsed: 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---

Here is the report for smitfraud before search and delete process

---

SmitFraudFix v2.424

Scan done at 18:35:27.52, 23/12/2010
Run from C:\Users\Umar\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.1.7600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Users\Umar\Desktop\SmitfraudFix\Policies.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Umar


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Umar\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Umar\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Umar\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"RequireSignedAppInit_DLLs"=dword:00000001
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9BC4417C-B072-4DBE-A887-519CC93A2F73}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

---

And heres the post cleaning log

---

SmitFraudFix v2.424

Scan done at 18:37:24.37, 23/12/2010
Run from C:\Users\Umar\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.1.7600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9BC4417C-B072-4DBE-A887-519CC93A2F73}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1520B55E-FE9B-48F6-8200-1F453363F7AC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---

I hope its all good, and thanks again

omar77

Had enough, rebooted system (system was prettty new anyway). Atleast i know how to remove malware.

happy holidays