securityuptodate.net - Help is extremely appreciated.

Discussion in 'Windows - Virus and spyware problems' started by aphidamas, Jun 4, 2006.

  1. aphidamas

    aphidamas Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Yeah I admit I was careless. Now I have that securityuptodate.net problem. The IE problems, occasional pop-ups, and regular trojan viruses and PUP alerts in McAfee. So like I said, if anyone can help out with this they would have my gratitude.

    Here is the hijackthis log....


    Logfile of HijackThis v1.99.1
    Scan saved at 5:57:16 PM, on 6/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\system32\dcomcfg.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HP Update 3400C] F:\sj652\hpupdate.exe 3400C
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SHOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P43 "Auto EPSON Stylus Photo R200 Series on SHOP" /O19 "\\SHOP\Shop Printer" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SHOPPC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P45 "Auto EPSON Stylus Photo R200 Series on SHOPPC" /O18 "\\SHOPPC\EpsonSHOP" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.thomasville.com/Products/product.asp?ItemID=1674&Zoomview=On&noreloadredir
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/0.8.0794.44/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{47C0C7B8-21D8-44C5-8CD6-4D644FE4AF18}: NameServer = 192.168.2.1
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
    aphidamas, Jun 4, 2006
    #1
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi aphidamas, you got some infections...

    Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Unzip it (folder named SmitFraudFix) to your desktop:

    Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
    Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

    Post the contents of this textfile to here.

    (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

    Then we'll start the cleaning....
     
    JaPK, Jun 4, 2006
    #2
  3. aphidamas

    aphidamas Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Thanks for the help.

    SmitFraudFix v2.53

    Scan done at 22:15:19.59, Sun 06/04/2006
    Run from C:\Documents and Settings\PRIMARY\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PRIMARY\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PRIMARY\FAVORI~1

    C:\DOCUME~1\PRIMARY\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://img70.exs.cx/img70/7932/pacing.gif"
    "SubscribedURL"="http://img70.exs.cx/img70/7932/pacing.gif"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    aphidamas, Jun 4, 2006
    #3
  4. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi again.

    You don't have a firewall on your computer. Download and install one firewall.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    Ok, you got some infections on your computer....

    Cleaning instructions:

    Download and install Ewido anti-malware -> http://www.ewido.net/en/download
    Update it, but do NOT run a scan yet. We'll use it later.

    Go to Control Panel -> Add/Remove programs -> Remove Viewpoint or similar if found

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium...
    O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe

    Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Delete these folders (if found):
    C:\Program Files\Viewpoint

    Clean the Recycle bin and make your hidden files visible again.

    When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.

    Tha log is saved to your local diskdrive, usually C:\rapport.txt.

    Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

    Scan and clean your computer with Ewido and save the report.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> contents of C:\Rapport.txt
     
    Last edited: Jun 5, 2006
    JaPK, Jun 5, 2006
    #4
  5. aphidamas

    aphidamas Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    It seems that everything is running just fine for now. If anything come up I will be sure to post on it.....THANK YOU!

    Logfile of HijackThis v1.99.1
    Scan saved at 6:22:08 AM, on 6/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HP Update 3400C] F:\sj652\hpupdate.exe 3400C
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SHOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P43 "Auto EPSON Stylus Photo R200 Series on SHOP" /O19 "\\SHOP\Shop Printer" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SHOPPC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P45 "Auto EPSON Stylus Photo R200 Series on SHOPPC" /O18 "\\SHOPPC\EpsonSHOP" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/0.8.0794.44/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{47C0C7B8-21D8-44C5-8CD6-4D644FE4AF18}: NameServer = 192.168.2.1
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --------------------------------------------------------------------

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 6:06:15 AM, 6/6/2006
    + Report-Checksum: 16B7FD6B

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9vkur7de.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9vkur7de.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.175:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.176:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.192:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.193:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.208:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.272:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.278:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.279:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.289:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.298:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    :mozilla.325:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.326:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.327:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.328:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.351:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.370:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.371:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.378:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.383:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.384:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.394:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.395:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.396:C:\Documents and Settings\PRIMARY\Application Data\Mozilla\Firefox\Profiles\qvp6jayj.default\cookies.txt -> TrackingCookie.Spinbox : Cleaned with backup
    C:\Documents and Settings\PRIMARY\Cookies\primary@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\PRIMARY\Cookies\primary@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\PRIMARY\Cookies\primary@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\PRIMARY\Cookies\primary@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Downloads\DinerDashSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
    C:\Downloads\MahJong_JADESetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
    C:\Downloads\tw2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup


    ::Report End

    ------------------------------------------------------------------

    SmitFraudFix v2.53

    Scan done at 22:15:19.59, Sun 06/04/2006
    Run from C:\Documents and Settings\PRIMARY\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PRIMARY\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PRIMARY\FAVORI~1

    C:\DOCUME~1\PRIMARY\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://img70.exs.cx/img70/7932/pacing.gif"
    "SubscribedURL"="http://img70.exs.cx/img70/7932/pacing.gif"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    aphidamas, Jun 6, 2006
    #5
  6. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi again aphidamas, You didn't run SmitfraudFix with option 2...

    Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

    When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.

    Tha log is saved to your local diskdrive, usually C:\rapport.txt.

    Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

    Post a new HijackThis log and the contents of C:\rapport.txt
     
    JaPK, Jun 6, 2006
    #6
  7. aphidamas

    aphidamas Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I did run SmitfraudFix...and it did end up removing my wallpaper image.
     
    aphidamas, Jun 10, 2006
    #7
  8. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Yes it does that in order to get you cleaned...

    Post a new HijackThis log and the contents of C:\rapport.txt
     
    JaPK, Jun 10, 2006
    #8

Share This Page