Yep...you guessed it.....

Another systemuptodate.net thread..if someone can I help I will be very grateful, thanks.

here is my HJT log


Logfile of HijackThis v1.99.1
Scan saved at 8:41:07 PM, on 6/3/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\aiysha\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00FE84D0-995B-0237-F649-3A662D0CB732} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01102885-67C4-0CA8-7F84-59B63A3181A9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {019A37E7-B02F-26AB-232C-0B9460F2C8C3} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01A815F0-8DD8-58EB-A180-041443095616} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {02709A70-D993-19C0-0EA3-2583196FE228} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {02F1942B-DA9B-0943-5EC4-23781576EA2A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0478A18B-E30F-4914-E82A-363D111B28D0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0713AB94-2335-0418-6883-54F3193D9454} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {07D81C7B-6217-182A-5E85-19E91BBEA3C5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0809D701-4669-666C-C7CD-37817D14528E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0921EAA8-7BA3-4168-009C-5EA050D275CD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0AAABF9E-2726-09AA-732A-23DE379A5054} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0C6F1415-0247-4D7D-52D7-487462BCFA3E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0D23AEC4-48C6-4B97-12BA-66DC0DD5E406} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0F7F6720-4864-2C5B-C576-319A530E743F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {100D6AF6-9568-6DED-37CE-43E049382434} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {102D161A-7542-31A8-FB72-310750C57992} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1195F734-45CA-0541-9B22-65A244017D50} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1283C229-A5C5-7179-5CA7-31E63F9A3F2D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {12FE8359-E768-552F-723F-7D27054BBB2F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {15EC53C1-7709-3B9D-92C9-41410D9443CF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {164B982B-F526-44D7-0C67-5229730CAF87} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {173DBEC4-EB18-4BD6-B7A6-35B131BF1E8D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {17C871B6-5146-482F-F94C-7ED07D773E36} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {17D5A851-BB22-7DA2-3847-2CED6341B35F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18289060-F847-553E-DEE2-4E201D3B0674} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18316897-F45B-0F99-BB66-31B35DA15DCB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18495E7D-9B20-5D99-CA87-407B5D5F323E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18AA8396-99BC-2732-7470-65024B7A8D0A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1ACD43F3-82C7-36D0-48B5-51F00F0D323C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1C89F9F5-7A37-4588-8796-3E1359C9C6D5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1D366DD3-D33A-7A08-C66D-02973C33AA57} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1DC12E4A-36A9-29C4-9BB2-361D03910987} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1DCBC308-735E-2282-1305-6ABD1C904363} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1E0C258E-7028-5612-A015-0E02110ADEBF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1E116739-2D78-5CF9-9811-68FD539A48C0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20131A4E-36A7-7979-B2D0-3D5114EFD6E4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2026B42E-6A98-6CA4-4DEE-01F61826FFAD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {208A6BDC-E09A-3EBA-D974-792E63CF1AEF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {209ECA33-3995-5AEE-D36E-640125A46077} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23175916-B217-47CB-11FF-49030D7D6DE9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23697CCE-E887-6122-B2B4-28A23C05FDB0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23BF078D-D288-56F0-EE82-55C0640EA225} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23E7B72D-0109-1A95-A1FE-3173667B33C9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2409ADA8-D3E9-2670-4C9F-197302C25231} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {241ACE2F-3325-768F-B352-7C8A278224B6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {259EE075-EEE7-3818-E707-07DF19A12591} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2709A3C1-60D2-7C37-9108-1B58420BEC86} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {27CFA4FA-0F9B-268D-E573-07070B5A46BE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {280D7141-C363-7DAD-0FA4-321F564BE2DF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {29364B12-FB3C-4E31-710D-1E6A36A50DE0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {297560C7-D66E-08D6-A1C3-479B13232073} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2A3A16A9-2D73-6E82-DD87-32F56E0EFBFE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2A69D068-50C5-4A06-2EDC-44571B362E9C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2AE6C496-2F00-3CD4-4A74-6928419AD673} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2B536AFE-4117-09BA-1CF6-33AC327888BB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2B8933EF-B669-1D54-B518-468C3E3B1F18} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2DEA7356-D02A-6E07-EA33-60786FDBB8C0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2E6D4B18-271D-6403-DD77-73565488C1AB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2EB36893-1FB1-0AAB-98BC-4CFF321C03F6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2ED22580-BC8D-6BA7-1743-57F97BAD64CA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2FC44244-BA0B-5BF8-DCA4-7C7C782CAA79} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2FDF264A-9ADC-44B6-B210-111B2EA5D7E2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {326020DC-1E43-3296-FE20-71C24FF0111B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3344D414-A55D-4D7C-0714-1E3775949C96} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {35041934-9AD1-0E41-2256-48AF3176F0DE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {352BA196-818A-5517-D03A-77A06589C225} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {36029521-FABD-702F-5ED6-67C55224B654} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {36345F5E-4487-5CE2-D87D-65E50F41B2BE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3679DE86-5937-292D-78D4-35657E31D5BC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3848579C-A35E-7D25-C7EF-3E702ADE901A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3890F2D2-660F-222C-D9AB-13A7075E0A07} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3B7668DF-ED1C-2FB6-E862-496A3B782BE5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3BC4AA63-748C-5FB4-5417-0FBC085696C8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3C23DC94-B45A-3D63-7293-2BB419D012C7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3C6E875C-DC46-3FBE-C1DF-5F15733F23C1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3D0CC5D5-9BF4-20BB-A90B-29EB52B7678F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3E74BB87-AC03-6D84-0052-3BEC5B4E9284} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4134C42F-ADD1-18E1-80C9-26B95C8B942C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4148DF8C-7C3D-7C61-6166-58E57041C9F6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {432BE7CE-D3AF-601D-23F6-22561CA8F939} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {433CE8AE-208F-76FE-9AE1-524427C77F3B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {45D4633D-37A6-04DA-D75A-282C40B49354} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {466D3341-87B3-1310-4443-1397375F1465} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {46B20890-8C20-70C5-DDD3-10AE42DFA3E2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {46F3EA1A-B900-0484-F1CD-24D9121B0369} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4AF2ECB0-DE7A-1BC3-6809-43BA04965A92} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4C46ED8F-5AAE-3DA7-2FD1-7E025F9D6063} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4F8C754A-F9EB-19F4-C139-0561743E0B39} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {50037CD8-8330-5B51-2ACD-16F9326D7885} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {516C1797-FC86-6D2B-FBB8-1BDB280562E5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5243076E-65F0-1DC2-C1AE-3F722843034B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {53263B7F-3326-480F-D0A3-219C7302A2EA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5441B4F7-F4C5-3F9A-A0C3-324A6BEC7A09} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {552E733E-DBAF-3827-9EAE-1D5864889008} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {55769002-9D0F-2853-4E5F-6C190A937D62} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {57CA0063-B80D-5D41-BC94-358543ABC04A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {59D5ADFD-A035-0FD6-EFA1-014811882847} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5B18BEA7-5B36-04C1-69AE-2D6B2FB6C08D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5BE95223-9B0C-5EC7-3E41-5F9F5A5B88C8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5C082F4A-3B47-0D69-3D86-2DC312A9209D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5D6BD77B-CF20-2767-CBF4-0BE733A1BBE5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5E03337A-DBD9-178E-ADA1-05ED7997C16E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5E61F6BE-9204-109C-1A9C-00DB691387A9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5EDF5D4F-3917-11F0-24AA-4C495B3EB8C2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5EF77402-3326-7750-975F-49103C4B8F3A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5FE24639-5191-6073-5A6A-6F616CC3BCEA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6045A65E-A4AE-7416-9E0E-2CD34B27FCA7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {605B5AD6-6070-338A-F401-39B3366EB4D0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {60DD4DA6-D022-1A60-40F3-0043231844F8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6346037A-42C4-1A1D-B923-0D80356249F1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {64755E5B-5C30-6552-594A-48B72AB3A8CD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {64AE0F58-60BF-3EF4-ED2E-402024BE2164} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {657DAC42-8A84-37D5-9D5A-05600F398313} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {665A793F-1601-7A09-DBE9-0F430A793017} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {668D44A7-25A4-6D3C-9E00-14F12802D7FE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {66D97CC8-F1AA-6D8B-C5D1-7C6411656BF7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {67532963-7662-6BE2-F8BB-5EF072F8D0AF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6862EEBD-6034-50E5-8E6F-4FA939546BC1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {69819C90-6A19-390C-1B1B-2D76683694F0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6BC2E095-8344-6B1C-C8CC-0E262848F2B8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6CEF2AB1-AB44-18FF-A40A-6E376AE80813} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6DCB42B0-DEAD-5E02-A476-515878D446FC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6DD06EE2-34BA-24A3-C2AF-0CDB1E656CBF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6E34B698-85A0-721C-BD70-691A6DAA4EC0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6FD13497-2DA3-57B4-11DC-37F159BAD47D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7022C128-E251-597C-C013-7C53522262E5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {723D1658-2A55-53E6-4004-279B6AE10EA8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7328CCEC-416A-7B96-9C9E-5D184C35DCC1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {74278819-94C0-454C-D091-5BF0455312F5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {752B7524-6AE8-3B3E-8DFF-277973421478} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {766E8DCB-7CD6-3026-0104-4DDB551CE2A5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {775BA7BB-E03E-0734-125B-5BC359F1CD48} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {77B07696-3DCE-7E6F-C146-3EC50B00EC5F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {78EDFA32-2B56-0E86-4CDF-0A940308BE19} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {798200B5-AE74-677E-B2B3-07F560DAEF4D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {79B6290F-3A6E-771A-8EF4-526A7F8D180E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {79EE45FF-9BF8-7C26-525F-23BB425A9D8B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7D1563FC-7790-5548-FB3F-59B37F9EE9ED} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7D686F3F-CF48-1AB8-AF76-568E0C240BD5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7D6FC2D0-B8A1-26A6-8ADB-0A99751565E5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7DD24F26-2A96-560C-9BD6-33FD3A31F560} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7EE0C4DC-8BFF-6FC3-8E98-6F5470B9B114} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F5E3A9A-4B07-58AA-6821-351C1614C242} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F64ECF7-708C-2600-8ABC-58753D600E55} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

 

anybody there?

 

someone will be along soon buddy! trust me i think these guys are gods! just be patient theyre helping everyone out!!! im half way through sortin my problem, the problem is now sorted but im waiting for one of the guys to check im clean before being too optomistic! just hang in there dude!

 

Hi david_sim

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

 

thank you for replying

here are the contents of the txtfile:


SmitFraudFix v2.53

Scan done at 10:46:19.99, Sun 06/04/2006
Run from C:\Documents and Settings\aiysha\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\aiysha\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\aiysha\FAVORI~1

C:\DOCUME~1\aiysha\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a0c51615-738a-4542-801a-5af61614e182}"="bedimples"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"

[HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Uninstall via add/remove programs:

RXToolbar

Move HjT into own folder -> C:\hjt

Fix with HjT (do a system scan only, checkmark these and press fix checked):

O16 - DPF: {00FE84D0-995B-0237-F649-3A662D0CB732} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01102885-67C4-0CA8-7F84-59B63A3181A9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {019A37E7-B02F-26AB-232C-0B9460F2C8C3} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01A815F0-8DD8-58EB-A180-041443095616} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {02709A70-D993-19C0-0EA3-2583196FE228} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {02F1942B-DA9B-0943-5EC4-23781576EA2A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0478A18B-E30F-4914-E82A-363D111B28D0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0713AB94-2335-0418-6883-54F3193D9454} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {07D81C7B-6217-182A-5E85-19E91BBEA3C5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0809D701-4669-666C-C7CD-37817D14528E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0921EAA8-7BA3-4168-009C-5EA050D275CD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0AAABF9E-2726-09AA-732A-23DE379A5054} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0C6F1415-0247-4D7D-52D7-487462BCFA3E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0D23AEC4-48C6-4B97-12BA-66DC0DD5E406} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0F7F6720-4864-2C5B-C576-319A530E743F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {100D6AF6-9568-6DED-37CE-43E049382434} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {102D161A-7542-31A8-FB72-310750C57992} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1195F734-45CA-0541-9B22-65A244017D50} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1283C229-A5C5-7179-5CA7-31E63F9A3F2D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {12FE8359-E768-552F-723F-7D27054BBB2F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {15EC53C1-7709-3B9D-92C9-41410D9443CF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {164B982B-F526-44D7-0C67-5229730CAF87} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {173DBEC4-EB18-4BD6-B7A6-35B131BF1E8D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {17C871B6-5146-482F-F94C-7ED07D773E36} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {17D5A851-BB22-7DA2-3847-2CED6341B35F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18289060-F847-553E-DEE2-4E201D3B0674} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18316897-F45B-0F99-BB66-31B35DA15DCB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18495E7D-9B20-5D99-CA87-407B5D5F323E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {18AA8396-99BC-2732-7470-65024B7A8D0A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1ACD43F3-82C7-36D0-48B5-51F00F0D323C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1C89F9F5-7A37-4588-8796-3E1359C9C6D5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1D366DD3-D33A-7A08-C66D-02973C33AA57} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1DC12E4A-36A9-29C4-9BB2-361D03910987} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1DCBC308-735E-2282-1305-6ABD1C904363} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1E0C258E-7028-5612-A015-0E02110ADEBF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1E116739-2D78-5CF9-9811-68FD539A48C0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {20131A4E-36A7-7979-B2D0-3D5114EFD6E4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2026B42E-6A98-6CA4-4DEE-01F61826FFAD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {208A6BDC-E09A-3EBA-D974-792E63CF1AEF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {209ECA33-3995-5AEE-D36E-640125A46077} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23175916-B217-47CB-11FF-49030D7D6DE9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23697CCE-E887-6122-B2B4-28A23C05FDB0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23BF078D-D288-56F0-EE82-55C0640EA225} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {23E7B72D-0109-1A95-A1FE-3173667B33C9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2409ADA8-D3E9-2670-4C9F-197302C25231} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {241ACE2F-3325-768F-B352-7C8A278224B6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {259EE075-EEE7-3818-E707-07DF19A12591} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2709A3C1-60D2-7C37-9108-1B58420BEC86} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {27CFA4FA-0F9B-268D-E573-07070B5A46BE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {280D7141-C363-7DAD-0FA4-321F564BE2DF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {29364B12-FB3C-4E31-710D-1E6A36A50DE0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {297560C7-D66E-08D6-A1C3-479B13232073} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2A3A16A9-2D73-6E82-DD87-32F56E0EFBFE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2A69D068-50C5-4A06-2EDC-44571B362E9C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2AE6C496-2F00-3CD4-4A74-6928419AD673} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2B536AFE-4117-09BA-1CF6-33AC327888BB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2B8933EF-B669-1D54-B518-468C3E3B1F18} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2DEA7356-D02A-6E07-EA33-60786FDBB8C0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2E6D4B18-271D-6403-DD77-73565488C1AB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2EB36893-1FB1-0AAB-98BC-4CFF321C03F6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2ED22580-BC8D-6BA7-1743-57F97BAD64CA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2FC44244-BA0B-5BF8-DCA4-7C7C782CAA79} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2FDF264A-9ADC-44B6-B210-111B2EA5D7E2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {326020DC-1E43-3296-FE20-71C24FF0111B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3344D414-A55D-4D7C-0714-1E3775949C96} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {35041934-9AD1-0E41-2256-48AF3176F0DE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {352BA196-818A-5517-D03A-77A06589C225} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {36029521-FABD-702F-5ED6-67C55224B654} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {36345F5E-4487-5CE2-D87D-65E50F41B2BE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3679DE86-5937-292D-78D4-35657E31D5BC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3848579C-A35E-7D25-C7EF-3E702ADE901A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3890F2D2-660F-222C-D9AB-13A7075E0A07} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3B7668DF-ED1C-2FB6-E862-496A3B782BE5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3BC4AA63-748C-5FB4-5417-0FBC085696C8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3C23DC94-B45A-3D63-7293-2BB419D012C7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3C6E875C-DC46-3FBE-C1DF-5F15733F23C1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3D0CC5D5-9BF4-20BB-A90B-29EB52B7678F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3E74BB87-AC03-6D84-0052-3BEC5B4E9284} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4134C42F-ADD1-18E1-80C9-26B95C8B942C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4148DF8C-7C3D-7C61-6166-58E57041C9F6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {432BE7CE-D3AF-601D-23F6-22561CA8F939} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {433CE8AE-208F-76FE-9AE1-524427C77F3B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {45D4633D-37A6-04DA-D75A-282C40B49354} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {466D3341-87B3-1310-4443-1397375F1465} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {46B20890-8C20-70C5-DDD3-10AE42DFA3E2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {46F3EA1A-B900-0484-F1CD-24D9121B0369} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4AF2ECB0-DE7A-1BC3-6809-43BA04965A92} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4C46ED8F-5AAE-3DA7-2FD1-7E025F9D6063} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4F8C754A-F9EB-19F4-C139-0561743E0B39} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {50037CD8-8330-5B51-2ACD-16F9326D7885} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {516C1797-FC86-6D2B-FBB8-1BDB280562E5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5243076E-65F0-1DC2-C1AE-3F722843034B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {53263B7F-3326-480F-D0A3-219C7302A2EA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5441B4F7-F4C5-3F9A-A0C3-324A6BEC7A09} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {552E733E-DBAF-3827-9EAE-1D5864889008} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {55769002-9D0F-2853-4E5F-6C190A937D62} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {57CA0063-B80D-5D41-BC94-358543ABC04A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {59D5ADFD-A035-0FD6-EFA1-014811882847} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5B18BEA7-5B36-04C1-69AE-2D6B2FB6C08D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5BE95223-9B0C-5EC7-3E41-5F9F5A5B88C8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5C082F4A-3B47-0D69-3D86-2DC312A9209D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5D6BD77B-CF20-2767-CBF4-0BE733A1BBE5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5E03337A-DBD9-178E-ADA1-05ED7997C16E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5E61F6BE-9204-109C-1A9C-00DB691387A9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5EDF5D4F-3917-11F0-24AA-4C495B3EB8C2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5EF77402-3326-7750-975F-49103C4B8F3A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5FE24639-5191-6073-5A6A-6F616CC3BCEA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6045A65E-A4AE-7416-9E0E-2CD34B27FCA7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {605B5AD6-6070-338A-F401-39B3366EB4D0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {60DD4DA6-D022-1A60-40F3-0043231844F8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6346037A-42C4-1A1D-B923-0D80356249F1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {64755E5B-5C30-6552-594A-48B72AB3A8CD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {64AE0F58-60BF-3EF4-ED2E-402024BE2164} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {657DAC42-8A84-37D5-9D5A-05600F398313} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {665A793F-1601-7A09-DBE9-0F430A793017} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {668D44A7-25A4-6D3C-9E00-14F12802D7FE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {66D97CC8-F1AA-6D8B-C5D1-7C6411656BF7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {67532963-7662-6BE2-F8BB-5EF072F8D0AF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6862EEBD-6034-50E5-8E6F-4FA939546BC1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {69819C90-6A19-390C-1B1B-2D76683694F0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6BC2E095-8344-6B1C-C8CC-0E262848F2B8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6CEF2AB1-AB44-18FF-A40A-6E376AE80813} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6DCB42B0-DEAD-5E02-A476-515878D446FC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6DD06EE2-34BA-24A3-C2AF-0CDB1E656CBF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6E34B698-85A0-721C-BD70-691A6DAA4EC0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6FD13497-2DA3-57B4-11DC-37F159BAD47D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7022C128-E251-597C-C013-7C53522262E5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {723D1658-2A55-53E6-4004-279B6AE10EA8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7328CCEC-416A-7B96-9C9E-5D184C35DCC1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {74278819-94C0-454C-D091-5BF0455312F5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {752B7524-6AE8-3B3E-8DFF-277973421478} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {766E8DCB-7CD6-3026-0104-4DDB551CE2A5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {775BA7BB-E03E-0734-125B-5BC359F1CD48} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {77B07696-3DCE-7E6F-C146-3EC50B00EC5F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {78EDFA32-2B56-0E86-4CDF-0A940308BE19} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {798200B5-AE74-677E-B2B3-07F560DAEF4D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {79B6290F-3A6E-771A-8EF4-526A7F8D180E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {79EE45FF-9BF8-7C26-525F-23BB425A9D8B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7D1563FC-7790-5548-FB3F-59B37F9EE9ED} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7D686F3F-CF48-1AB8-AF76-568E0C240BD5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7D6FC2D0-B8A1-26A6-8ADB-0A99751565E5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7DD24F26-2A96-560C-9BD6-33FD3A31F560} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7EE0C4DC-8BFF-6FC3-8E98-6F5470B9B114} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F5E3A9A-4B07-58AA-6821-351C1614C242} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F64ECF7-708C-2600-8ABC-58753D600E55} - http://85.255.113.214/1/gdnFR2218.exe
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://download.ewido.net/ewido-signatures-full-current.exe Make sure to close Ewido before installing the update.

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Delete if found:

C:\Program Files\RXToolBar

* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Then launch ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Reboot back to normal mode

Send ewido report, a fresh HjT log and contents of c:\rapport.txt

 

Ok everything seems to be working fine, thank you very much..

here is new HJT logfile

Logfile of HijackThis v1.99.1
Scan saved at 11:28:55 AM, on 6/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\aiysha\My Documents\Anwar al Awlaki\hijackthis\HijackThis.exe

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

and C:/rapport file

Scan done at 11:05:35.32, Sun 06/04/2006
Run from C:\Documents and Settings\aiysha\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a0c51615-738a-4542-801a-5af61614e182}"="bedimples"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"

[HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

Fix with HjT:

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

Reboot.

Send a fresh HjT log, ewido report and all contents of c:\rapport.txt, that was incomplete