1 reply to this topic

[ichtyosis]

I was stupid several days ago and I downloaded and ran a file I thought was some other program I was looking for and installed smitfraud on my PC. I was able to remove it with smitfraudfix but it comes back every hour or so. I tried to disable the Windows BITS service which I though was the backdoor it came back through, but it didn't help. I also installed different anti-spyware programs like spybot and ad-aware, but they don't seem to detect smitfraud.
Today I have installed and used all the programs in your malware removal guide and I'm posting the logs as you requested. I'd be really greatful if you could tell me what to do next to finally get rid of it.

Antivir log:

AntiVir PersonalEdition Classic
Report file date: Saturday, November 24, 2007 14:35

Scanning for 941284 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: DAVID
Computer name: BNEY-7E24FB40B3

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 11:41:59
ANTIVIR3.VDF : 7.0.1.4 11776 Bytes 23/11/2007 11:41:59
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 24/11/2007 11:41:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, November 24, 2007 14:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Enigma Software Group\SpyHunter\Esgiutl1.dll
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyHunter.B.2
[INFO] The file was moved to '47af22ac.qua'!
C:\Program Files\Enigma Software Group\SpyHunter\esgi_md5h.dll
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyHunter.B.1
[INFO] The file was moved to '47af22b0.qua'!
C:\Program Files\Enigma Software Group\SpyHunter\SHSched.dll
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.SpyHunter.B
[INFO] The file was moved to '479b2286.qua'!
C:\WINDOWS\nopctrl.dll
[DETECTION] Is the Trojan horse TR/Zlob.Dll
[INFO] The file was moved to '47b8256e.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\Documents and Settings\DAVID\Desktop\crack.exe
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[INFO] The file was moved to '47a92903.qua'!
Begin scan in 'F:\' <SOFT>
F:\Language Engineering Power Translator Pro v9.0\InstallerFiles\instmsia.exe
[WARNING] The file could not be opened!
F:\Language Engineering Power Translator Pro v9.0\InstallerFiles\instmsiw.exe
[WARNING] The file could not be opened!
F:\Language Engineering Power Translator Pro v9.0\InstallerFiles\setup.exe
[WARNING] The file could not be opened!
Begin scan in 'G:\'
Search path G:\ could not be opened!
The device is not ready.



End of the scan: Saturday, November 24, 2007 16:01
Used time: 1:26:10 min

The scan has been done completely.

10924 Scanning directories
396207 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
396202 Files not concerned
3595 Archives were scanned
8 Warnings
55 Notes

SuperAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/24/2007 at 04:35 PM

Application Version : 3.9.1008

Core Rules Database Version : 3349
Trace Rules Database Version: 1349

Scan type : Complete Scan
Total Scan Time : 00:27:58

Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 6119
Registry threats detected : 19
File items scanned : 35266
File threats detected : 22

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}\InprocServer32
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}\InprocServer32#ThreadingModel
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}\ProgID
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}\Programmable
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}\TypeLib
HKCR\CLSID\{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}\VersionIndependentProgID
C:\WINDOWS\BONSWS.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{422CA3AF-86F1-4607-88E2-BBBD4E9371EB}
HKCR\bonsws.ToolBar.1
HKCR\bonsws.ToolBar.1\CLSID
HKCR\bonsws.ToolBar
HKCR\TypeLib\{2261B65D-0A17-4194-B2F6-E191E6D6618D}
HKCR\TypeLib\{2261B65D-0A17-4194-B2F6-E191E6D6618D}\1.0
HKCR\TypeLib\{2261B65D-0A17-4194-B2F6-E191E6D6618D}\1.0
HKCR\TypeLib\{2261B65D-0A17-4194-B2F6-E191E6D6618D}\1.0\win32
HKCR\TypeLib\{2261B65D-0A17-4194-B2F6-E191E6D6618D}\1.0\FLAGS
HKCR\TypeLib\{2261B65D-0A17-4194-B2F6-E191E6D6618D}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\DAVID\Cookies\david@ads.pointroll[1].txt
C:\Documents and Settings\DAVID\Cookies\david@clickaider[1].txt
C:\Documents and Settings\DAVID\Cookies\david@tribalfusion[1].txt
C:\Documents and Settings\DAVID\Cookies\david@www.cmyporn[1].txt
C:\Documents and Settings\DAVID\Cookies\david@main[2].txt
C:\Documents and Settings\DAVID\Cookies\david@2o7[2].txt
C:\Documents and Settings\DAVID\Cookies\david@advertising[2].txt
C:\Documents and Settings\DAVID\Cookies\david@gomyhit[1].txt
C:\Documents and Settings\DAVID\Cookies\david@atdmt[1].txt
C:\Documents and Settings\DAVID\Cookies\david@adecn[2].txt
C:\Documents and Settings\DAVID\Cookies\david@atwola[1].txt
C:\Documents and Settings\DAVID\Cookies\david@711-OS[2].txt
C:\Documents and Settings\DAVID\Cookies\david@sex4free.co[2].txt
C:\Documents and Settings\DAVID\Cookies\david@serialdevil[1].txt
C:\Documents and Settings\DAVID\Cookies\david@bestsellerantivirus[1].txt
C:\Documents and Settings\DAVID\Cookies\david@0-OS[3].txt
C:\Documents and Settings\DAVID\Cookies\david@ad.msn.co[1].txt
C:\Documents and Settings\DAVID\Cookies\david@1072707600[1].txt
C:\Documents and Settings\DAVID\Cookies\david@a.total-media[1].txt
C:\Documents and Settings\DAVID\Cookies\david@454-OS[3].txt
C:\Documents and Settings\DAVID\Cookies\david@msnportal.112.2o7[1].txt

AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:51:06 PM 11/24/2007

+ Scan result:



C:\Documents and Settings\DAVID\My Documents\Azureus Downloads\Computer Repair Collection 1.1\Computer Repair Collection 1.1\System Utilities\Spyware Killers or Prevention\Kill2Me Remover.exe -> Adware.LookMe : No action taken.
C:\Documents and Settings\DAVID\Local Settings\Temp\ac8zt2.dat/ac8zt2/msmdev.dll -> Downloader.Agent.dag : No action taken.
C:\Documents and Settings\DAVID\Local Settings\Temp\ac8zt2.dat/ac8zt2/main_uninstaller.exe -> Downloader.Zlob.cpx : No action taken.
C:\Documents and Settings\DAVID\My Documents\Azureus Downloads\Computer Repair Collection 1.1\Computer Repair Collection 1.1\Password Crackers\Apps\Dial-Up_Passwords.exe -> Not-A-Virus.PSWTool.Win32.Dialupass.f : No action taken.
C:\Documents and Settings\DAVID\My Documents\Azureus Downloads\Computer Repair Collection 1.1\Computer Repair Collection 1.1\Password Crackers\Apps\Mail_Client_Passwords.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : No action taken.


::Report end

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:26 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Netex Client\NetexTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Netex - {000000A4-5858-4E36-BA5B-FDD80F3D5145} - C:\Program Files\Netex Client\netextb.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Band Class - {EFAE365E-DB89-4353-A952-EB035103204F} - C:\Program Files\Netex Client\netexa.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Netex - {000000A4-5858-4E36-BA5B-FDD80F3D5145} - C:\Program Files\Netex Client\netextb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Tray Application.lnk = C:\Program Files\Netex Client\NetexTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download All Files by HiDownload - e:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - e:\Program Files\HiDownload\HDGet.htm
O9 - Extra button: (no name) - {00000389-CB2E-4FAB-BC54-03FA0B39B465} - C:\Program Files\Netex Client\netextb.dll
O9 - Extra 'Tools' menuitem: Netex - {00000389-CB2E-4FAB-BC54-03FA0B39B465} - C:\Program Files\Netex Client\netextb.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: ??÷? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - e:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ddkret - {40A4D4AB-2743-4AA0-BE77-C624DD84BDE5} - C:\WINDOWS\ddkret.dll
O21 - SSODL: nopctrl - {9184702F-709F-486D-A4E8-E87F380AF9E2} - C:\WINDOWS\nopctrl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 8281 bytes

[Noviciate]

1) Download SmitfraudFix.exe by S!Ri from here and save it to your Desktop.

2) Double click SmitfraudFix.exe - this will open a Command Window and also create the SmitfraudFix folder on your Desktop. Once you have read the information, "press any key to continue..."
Press "1" and then <ENTER> to start the search process.
When the search has completed, a text file, rapport.txt, will open with the results in - Copy and paste this report into your next reply.

A copy of the report can be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
For most, this file can be found by double-clicking My Computer and then Local Disk (C:)

IMPORTANT: Do NOT run any other options until you are asked to do so!

Please Note: Some security programs will incorrectly identify this tool as potentially or actually malicious due to some of it's components. Although these files can be used maliciously, they are an integral part of the fix and I recommend you tell your scanner to mind it's own business this time.

3) Also, run HJT and click on Open the Misc Tools section.

• Click Open Uninstall Manager...
  
• Click Save list... and save it to your Desktop.
  
• Copy and paste the file uninstall_list.txt into your next reply.