Help! - Hijacked By Error Smart

ieisenberg
ieisenberg
in Logs analysis

I did that dumb thing - downloaded Error Smart, before reading what a monster it is. Can't get it out of my task bar (by the clock, etc)


It keeps rebooting despite several attempts to uninstall it with several sharewares.


Here is logfile:


thanks in advance to anyone who can help a newbie!!!)


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 10:43:07 PM, on 9/6/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16705)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\SYSTEM32\WISPTIS.EXE


C:\WINDOWS\System32\tabbtnu.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\system32\ctfmon.exe


C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


C:\WINDOWS\System32\digtizer.exe


C:\WINDOWS\System32\wltrysvc.exe


C:\WINDOWS\System32\bcmwltry.exe


C:\zimbra\zdesktop\zdesktop.exe


C:\PROGRA~1\AVG\AVG8\avgrsx.exe


C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe


C:\PROGRA~1\AVG\AVG8\avgemc.exe


C:\PROGRA~1\AVG\AVG8\avgtray.exe


C:\Program Files\ErrorSmart\ErrorSmart.exe


C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe


C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe


C:\WINDOWS\system32\wuauclt.exe


C:\Program Files\Orb Networks\Orb\bin\Orb.exe


C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe


C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


C:\Program Files\Internet Explorer\IEXPLORE.EXE


C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


C:\Program Files\Windows Media Player\wmplayer.exe


C:\WINDOWS\system32\taskmgr.exe


C:\Program Files\Juno\bin\juno.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:\Program Files\Interapple\@Start\www.atstart.org.htm


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll


O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll


O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe


O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup


O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe


O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c


O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000


O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll


O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll


O15 - Trusted Zone: www.atstart.org.htm


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190939165964


O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll


O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe


O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe


O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe


O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


O23 - Service: Zimbra Desktop Service - Unknown owner - C:\zimbra\zdesktop\zdesktop.exe


Here is logfile:

Comments

  • Niels
    Niels

    Hello ieisenberg,


    Please download smitfraudfix. Save it on your desktop. Now reboot your pc but keep pressing the F8 button before you see the windows splash screen select safe mode log in with your account double click on SmitfraudFix. Type 2 press enter. You will be prompted Do you want to clean the registry ? Press y and enter. If you see this message (this doesn't always appear) Replace infected file ? Type also y. A reboot could be necessary. When you are back in normal mode can you please do this go to start,my computer double click on the icon of your hard disk were you store software or were windows is installed on. You should find a textfile called rapport. Please copy and paste the content to your reply or attach it to your next reply.


    Kind regards,


    Niels

  • csalgau
    csalgau ✭✭

    If you still have problems after running smitfraudfix, please find AVIS in the HowTo section and upload an AVIS log.

All Time Leaders

Categories

Defenders of the month