Removing smitfraud.exe (using info in sticky)

Based on what I saw in those logs, you need to do the below.


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Well it is a good thing I suggested that you run the READ ME. You had a ton of issues that it removed. I'm looking thru your logs now. I will let you know your status when I finish reading them all.

 

Can I assume you made the below policies to use the Classic style Control Panel yourself.

Uninstall the below old versions of software:
Java(TM) 6 Update 3

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

File::
C:\Program Files\180search Assistant Programs
C:\Program Files\180solutions
C:\Program Files\Accoona
C:\Program Files\Bho Plugin
C:\Program Files\C2Media
C:\Program Files\CAS
C:\Program Files\cmeii
C:\Program Files\CMMan
C:\Program Files\Companion Wizard
C:\Program Files\couponsandoffers
C:\Program Files\Daily Weather Forecast
C:\Program Files\DriveCleaner Free
C:\Program Files\Epicenter
C:\Program Files\ErrorGuard
C:\Program Files\funwebproducts
C:\Program Files\FYI
C:\Program Files\gmt
C:\Program Files\hbinst
C:\Program Files\hotbar
C:\Program Files\InetGet
C:\Program Files\Internet Security
C:\Program Files\MailSkinner
C:\Program Files\MBKWBar
C:\Program Files\Media Gateway
C:\Program Files\MediaLoads
C:\Program Files\Media_Codec
C:\Program Files\MyglobalSearch
C:\Program Files\mysearch
C:\Program Files\mywebsearch
C:\Program Files\NavExcel
C:\Program Files\Notify
C:\Program Files\OIN Search
C:\Program Files\Outlook
C:\Program Files\ql
C:\Program Files\SearchRelevant
C:\Program Files\SpySpotter
C:\Program Files\SpyTrooper
C:\Program Files\SpywareHeal
C:\Program Files\SufSideKick 3
C:\Program Files\Sysconfig
C:\Program Files\toolbar
C:\Program Files\TV Media
C:\Program Files\tvs
C:\Program Files\vb
C:\Program Files\Video Access Activex
C:\Program Files\Video Access Add-on
C:\Program Files\ViewPoint
C:\Program Files\VVSN
C:\Program Files\Webhance
C:\Program Files\WebRebates4
C:\Program Files\Windows ControlAd
C:\Program Files\wildtangent
C:\Program Files\Windupdates
C:\Program Files\WinMediaCodec
C:\Program Files\Winsupdater
C:\Program Files\wintools
C:\Program Files\winupdates
C:\Program Files\ZipCodec
C:\Program Files\Common Files\BTLink
C:\Program Files\Common Files\CMEII
C:\Program Files\Common Files\Companion Wizard
C:\Program Files\Common Files\Download
C:\Program Files\Common Files\DriveCleaner Free
C:\Program Files\Common Files\fqmu
C:\Program Files\Common Files\InetGet2
C:\Program Files\Common Files\Malware-Wiped
C:\Program Files\Common Files\Oem Common
C:\Program Files\Common Files\qrww
C:\Program Files\Common Files\SearchUpgrader
C:\Program Files\Common Files\Windows ControlAd
C:\Program Files\Common Files\WinSoftware
C:\Program Files\Common Files\zuqr
C:\WINDOWS\cfgmgr52
C:\WINDOWS\elitebar
C:\WINDOWS\elitesidebar
C:\WINDOWS\elitetoolbar
C:\WINDOWS\Exefld
C:\WINDOWS\inet20091
C:\WINDOWS\inet20026
C:\WINDOWS\inet20027
C:\WINDOWS\iNetPal
C:\WINDOWS\isrvs
C:\WINDOWS\Winsecurity
C:\WINDOWS\system32\netwrap.dll  
C:\WINDOWS\system32\wiatwain.dll 
C:\WINDOWS\system32\svchosts.dll 
C:\WINDOWS\system32\ioctrl.dll   
C:\WINDOWS\system32\wbeconm.dll  
C:\WINDOWS\system32\adobepnl.dll
C:\Documents and Settings\Kevin\ZGUICFGW.DAT
 
Folder::
C:\4808159f1f1085949a
 
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

These may not be related to malware. The sound problems at startup may just be due to all the software you are loading. As far as wireless connections issues, you may need to reinstall software and drivers. This would be better discussed in the Hardware Forum.

Kazaa is probably in your registry from having it installed at some time.

You did not answer my question about those policies on control panel.


Do you see the below files on your PC?
C:\WINDOWS\system32\netwrap.dll
C:\WINDOWS\system32\wiatwain.dll
C:\WINDOWS\system32\svchosts.dll <--- Becareful this does not say svchost.exe
C:\WINDOWS\system32\ioctrl.dll
C:\WINDOWS\system32\wbeconm.dll
C:\WINDOWS\system32\adobepnl.dll

If you see them, right click on each one and select delete. Tell me what you find and if they were deleted.

Also delete the below files too:
C:\Program Files\WebRebates
C:\Documents and Settings\All Users\Complete


Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below log:

• C:\MGlogs.zip

Other than the above your logs are clean. How are things running now?

 

Note: I would like to have you run step 2 of the SmitFraudFix procedure again. The same one you posted the log form in your second post. Apparently there were many items not fixed there and I want to make sure we got all of them. The 6 DLL files I asked you to delete in my last message were part of the items that SmitFraudFix was not able to remove. I'm very surprised that ComboFix was not able to remove them.

 

Why did you install Avast on your PC???? I did not ask you to do this. You must not do anything that we do not request during the time we are trying to clean your PC. You already had McAfee installed and you have now violated one of the first very important instructions in the READ & RUN ME. You must not install multiple antivirus programs!!! You must uninstall Avast now! You may have also cause issues with McAfee by doing this.

NO!!! If you deleted those you would now be reinstalling Windows. Those are required system files.

We have some more to delete that was now picked up by SmitFraudFix. Your PC was in really bad shape, but we are getting there!


Locate the below and delete them. Let me know the results!
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\kernels64.exe
C:\WINDOWS\system32\mscornet.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\msdrives

Then reboot! After reboot run step 2 of the SmitFraudFix procedure again. And then attach another new log from it. We may need to keep repeating this until we have manually removed everything that it cannot delete.

 

Are you sure McAfee is all gone? Often it does not uninstall properly. Let's check your logs.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below log:

• C:\MGlogs.zip

 

NO! You must not do this! See the first important notes in the READ ME. You must either uninstall McAfee or Avast immediately and then attach a new MGlogs.zip file.

If you decide that it is McAfee that you will uninstall then run the below afterwards and before getting a new log.
McAfee Consumer Product Removal Tool

 

No! Because you have a lot of other baggage that came from McAfee. The below services are all running:

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

You have their whole security center installed which you should not have installed if you want Avast to provide your security. If you want McAfee, then uninstall Avast and reinstall all of McAfee. Otherwise uninstall McAfee and install a different firewall. There are plenty of very good free firewalls which you will see in the link in my final instructions below.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
12. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
13. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Your logs are clean. Make sure that you have followed all of my final instructions now.