Logfile of HijackThis v1.99.1
Scan saved at 11:20:20, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\d@@@@ent.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dawn\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.madasafish.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [D@@@@ENTEXE] C:\Program Files\Voyager 105 ADSL Modem\d@@@@ent.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157778854921
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

just going off and will try computer tomorrow to see if any more probs were getting there thanks your a star*

okey dokey, let me know.

Hijackthis log is clean.

having problems with accessing the web page and the computer freezing still things not good looking for another free virus soft ware seriously thinking of having the system wiped and starting again? what do you think? thought we had cracked it yesturday only got rid of error dll any ideas thanks so far for your patience !

Freezeing may not be a malware problem could be something else on that.



1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Dawn - 06-09-25 6:09:40.87 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Dawn\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-25 05:59 143,380 --a------ C:\WINDOWS\system32\rokvsfjo.exe
2006-09-25 05:23 143,380 --a------ C:\WINDOWS\system32\inwasjmi.exe
2006-09-23 11:31 45,525 --a------ C:\WINDOWS\system32\afubhnsl.dll
2006-09-23 05:36 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-09-23 05:36 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-09-23 02:20 45,525 --a------ C:\WINDOWS\system32\isoqasah.dll
2006-09-23 01:37 45,525 --a------ C:\WINDOWS\system32\qhskgeuo.dll
2006-09-22 23:30 45,525 --a------ C:\WINDOWS\system32\iekldyov.dll
2006-09-20 02:29 898,540 ---hs---- C:\WINDOWS\system32\tttss.bak2
2006-09-19 22:48 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-09-19 22:48 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-09-19 22:47 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-09-19 22:47 113 --a------ C:\WINDOWS\system32\zon

2006-09-25 05:59 143,380 --a------ C:\WINDOWS\system32\rokvsfjo.exe
2006-09-25 05:23 143,380 --a------ C:\WINDOWS\system32\inwasjmi.exe
2006-09-23 11:31 45,525 --a------ C:\WINDOWS\system32\afubhnsl.dll
2006-09-23 05:36 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-09-23 05:36 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-09-23 02:20 45,525 --a------ C:\WINDOWS\system32\isoqasah.dll
2006-09-23 01:37 45,525 --a------ C:\WINDOWS\system32\qhskgeuo.dll
2006-09-22 23:30 45,525 --a------ C:\WINDOWS\system32\iekldyov.dll
2006-09-20 02:29 898,540 ---hs---- C:\WINDOWS\system32\tttss.bak2
2006-09-19 22:48 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-09-19 22:48 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-09-19 22:47 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-09-19 22:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-09-19 21:04 898,332 ---hs---- C:\WINDOWS\system32\tttss.ini2
2006-09-19 10:34 991,821 ---hs---- C:\WINDOWS\system32\tttss.bak1
2006-09-08 18:16 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-08 16:50 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-09-08 16:50 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-09-08 16:50 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

had to split still having problems with pop ups and freezing the main pop up is adverts for getting rid of viruses etc they just freeze what ever program your on fed up with them !!!

OK,





Please download http://siri.urz.free.fr/Fix/SmitfraudFix.zip (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Please do not run any other option until asked to do so, Thanks

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


Please post a new hijackthis log and the smitfraudfix log. Thanks.


Also run the vundofix program again by following previous instructions on that program. Thanks.

SmitFraudFix v2.101

Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing !
Unzip all the archive in a folder.

Press any key to continue . . .