Author Topic: This my HJT and Smitfraudfix LOG.PLease help! (Read 8773 times)

kaiman · « **on:** October 16, 2006, 09:03:11 PM »

A month ago i got infected with a trojan.As i am new to viruschecking i did some online search and got ewido,SmitfraudFix,ad-aware,spybot s&d, and avast av to help me get rid of it.I actually found quite more infections which i have removed using these progs.Problem is that something must be still going on because from time to time i get a blue warning screen (which never showed before the initial infection) after which the pc restarts automatically.
Moreover I can't update windows cause the same screen appears when I try to install my downloaded updates..http://images.techguy.org/smilies/frown.gif

Any help will be more than appreciated..http://images.techguy.org/smilies/smile.gif

These are the HJT and SmitfraudFix reports:

Logfile of HijackThis v1.99.1
Scan saved at 7:19:39 μμ, on 16/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [7f8e] C:\WINDOWS\system32\z1201.exe 9idf
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Spiros\LOCALS~1\Temp\200692319012_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Spiros\LOCALS~1\Temp\200692319012_mcinfo.exe /insfin
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - blank (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

SmitFraudFix v2.99

Scan done at 21:57:06,93, ’œ« 11/10/2006
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Spiros\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Spiros\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB3339}"="DCOM Server 3339"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB3339}\InProcServer32]
@="blank"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB3339}\InProcServer32]
@="blank"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

pe386 detected, use a Rootkit scanner

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

PS: I've used rootkitrevealer for this pe386-msguard-lzx32 infection but the app found nothing..

FreewheelinFrank · « **Reply #1 on:** October 16, 2006, 09:40:23 PM »

Hi kaiman,

A quick Google search reveals that AVG anti-rootkit is being recommended for removal of pe386.

Scroll the page here until you come to 'Download and install AVG Antirootkit Beta' and follow the instructions:

http://www.castlecops.com/p838675-Need_my_HJT_log_checked.html

This entry in your HijackThis! log looks very suspicious. If you can find the file, try submitting it to VirusTotal and see if it is detected as malware:

http://www.virustotal.com/en/indexf.html

O4 - HKLM\..\Run: [7f8e] C:\WINDOWS\system32\z1201.exe 9idf

You should have have HijackThis! fix the entry if iis detected as malware. Boot into safe mode after fixing it and delete the file.

You can also fix the following entry with HijackThis!

O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - blank (file missing)

kaiman · « **Reply #2 on:** October 16, 2006, 10:11:37 PM »

THanks for the quick answer.Trying out the avg program.Unfortunately I can't the file u said to send to virus total.
I'll post the results..!

FreewheelinFrank · « **Reply #3 on:** October 16, 2006, 10:28:37 PM »

You may need to enable viewing of hidden files:

http://www.bleepingcomputer.com/tutorials/tutorial62.html

Spiritsongs · « **Reply #4 on:** October 17, 2006, 06:55:55 AM »

Hi Kaiman :

Where did you find that outdated ver ( 2.99 ) of
Smitfraudfix ? The latest ver is 2.109 . There may
be more detected if you use the latest version !?

kaiman · « **Reply #5 on:** October 17, 2006, 03:47:56 PM »

I downloaded AVG rootkit tool and followed the instructions.Seems to have worked cause I managed to update Windows all right.I got Smitfraudfix from http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
I will enable hidden files and check again.
I will also try to get the latest Smitfraudfix ver and rescan.I'll post the new reports.
Thanks for the responses.

Spiritsongs · « **Reply #6 on:** October 17, 2006, 06:09:01 PM »

Hi Kaiman :

Very strange ; at the top of the link you quoted, it says
"v2.110" ( a new "update" from yesterday ), so very
surprised your posted Scan Result shows "2.99" !?

kaiman · « **Reply #7 on:** October 17, 2006, 08:09:24 PM »

Got the updated ver.Had the 2.99 and didnt bother to check for upd..

I'll run tomorrow and post new reports.
Thanks Spiritsongs

kaiman · « **Reply #8 on:** October 18, 2006, 03:21:57 PM »

Ran AVG rootkit tool with ADS spy and added the fix.reg file to the registry.
These are fresh smitfraudfix and HJT reports:

SmitFraudFix v2.110

Scan done at 16:03:11,51, ’« 18/10/2006
Run from C:\Program Files\Virus\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Spiros

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Spiros\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB3339}"="DCOM Server 3339"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB3339}\InProcServer32]
@="blank"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB3339}\InProcServer32]
@="blank"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 4:19:54 μμ, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [7f8e] C:\WINDOWS\system32\z1201.exe 9idf
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Spiros\LOCALS~1\Temp\200692319012_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Spiros\LOCALS~1\Temp\200692319012_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - blank (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

At the momment i can't access fsecure.com to get blacklight.Is this necessary?

Spiritsongs · « **Reply #9 on:** October 18, 2006, 09:24:39 PM »

Hi Kaiman :

First off, when using Smitfraudfix, ONLY the latest version
should be used AND all "old" versions should be
uninstalled .
I see from your latest Smitfraudfix log, that "pe386" is
still there !? And I was unable to find any info as to IF
"DCOM Server 3339" should be on your computer !?
Since HJT & Smitfraudfix logs are best analyzed by
volunteer Experts on antiSPYWARE forums AND you have
Spybot, perhaps you should ask for help on THEIR
Support Forums @ http://forums.spybot.info !?

kaiman · « **Reply #10 on:** October 19, 2006, 11:18:04 PM »

Will do.Thanks for the reply Spiritsongs .

Though I have to say I've come across a similar problem in one of those forums where the smitfraudfix reports before and after removal of the pe386 with AVG antirootkit and ADS spy where exactly like mine(as far as pe386 is concerned).The volunteer expert suggested to the infected user that a final report such as my last post suggested that pe386 was gone..!?

Spiritsongs · « **Reply #11 on:** October 19, 2006, 11:24:36 PM »

Hi :

I rarely recommend the Spybot Support Forums, though they have good Experts
there and their "turnaround" time may be "slow" !? I usually recommend the
forums at www.landzdown.com that also have very good Experts, but their
"turnaround" time seems to be very quick . There are several very good forums.

FreewheelinFrank · « **Reply #12 on:** October 20, 2006, 09:03:57 AM »

This is a positive result for pe386:

Quote

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

pe386 detected, use a Rootkit scanner

This seems to be a negative one:

Quote

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

Kaiman, have you taken the advice in my post?

Quote

This entry in your HijackThis! log looks very suspicious. If you can find the file, try submitting it to VirusTotal and see if it is detected as malware:

http://www.virustotal.com/en/indexf.html

O4 - HKLM\..\Run: [7f8e] C:\WINDOWS\system32\z1201.exe 9idf

You should have have HijackThis! fix the entry if it is detected as malware. Boot into safe mode after fixing it and delete the file.

You can also fix the following entry with HijackThis!

O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - blank (file missing)

The DCOM Server entry has the file missing tag, so it may well be inactive. If you can fix the entry with HijackThis! and it doesn't come back, I shouldn't worry about it.

The z1201.exe I am almost 100% sure is malware, so you really need to remove it.

The inability to access the BlackLight site may be due to malware entries in the hosts file.

http://en.wikipedia.org/wiki/Hosts_file

Once again Spiritsongs, sending people away to another forum while somebody is trying to help them here is only going to really piss off the person trying to help, and I don't seem to be the only person you have annoyed in this way:

Quote

Eptaylor I dont want to be rude but I have deleted almost all of your posts. They all keep telling users to go to other forums. If thats what they wanted they would have joined there in the first place!

http://forum.ccleaner.com/index.php?act=Print&client=printer&f=9&t=2887

kaiman · « **Reply #13 on:** October 20, 2006, 09:58:15 PM »

Hi FreewheelinFrank!

I enabled hidden files but I still can't find z1201.exe.Auto and manual search in windows/system32..
I'll try fix with HJT anyway..this and dcomserver.
Thanks for the reply!!

kaiman · « **Reply #14 on:** October 20, 2006, 10:16:41 PM »

You're right about the hosts file..BTW

Author Topic: This my HJT and Smitfraudfix LOG.PLease help! (Read 8773 times)

kaiman

This my HJT and Smitfraudfix LOG.PLease help!

FreewheelinFrank

Re: This my HJT and Smitfraudfix LOG.PLease help!

kaiman

Re: This my HJT and Smitfraudfix LOG.PLease help!

FreewheelinFrank

Re: This my HJT and Smitfraudfix LOG.PLease help!

Spiritsongs

Outdated ver of Smitfraudfix

kaiman

Re: This my HJT and Smitfraudfix LOG.PLease help!

Spiritsongs

Re: This my HJT and Smitfraudfix LOG.PLease help!

kaiman

Re: This my HJT and Smitfraudfix LOG.PLease help!

kaiman

Re: This my HJT and Smitfraudfix LOG.PLease help!

Spiritsongs

Re: This my HJT and Smitfraudfix LOG.PLease help!

kaiman

Re: This my HJT and Smitfraudfix LOG.PLease help!

Spiritsongs

antiSPYWARE Support Forums

FreewheelinFrank

Re: This my HJT and Smitfraudfix LOG.PLease help!

kaiman

Re: This my HJT and Smitfraudfix LOG.PLease help!

kaiman

Re: This my HJT and Smitfraudfix LOG.PLease help!