11 replies to this topic

[jman4life]

GRRR... freaking myspace! I've tried reading up on this, and it seems that I have to post this rapport.txt... So here it is. Any help is greatly appreciated... I too am having problems with System Alert... ere is my rapport.txt... SmitFraudFix v2.147 Scan done at 11:52:24.78, Mon 03/05/2007 Run from C:\Documents and Settings\Jeremy\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\geplxss.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeremy »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeremy\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jeremy\FAVORI~1 C:\DOCUME~1\Jeremy\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\SpyDawn\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies" [HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32] @="C:\WINDOWS\system32\geplxss.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32] @="C:\WINDOWS\system32\geplxss.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

[Noviciate]

Download a copy of HJTsetup.exe from one of these locations and save it to your Desktop:Location one.
Location two.
Location three.

• Double click HJTsetup.exe to begin installation.
• By default it will install to C:\Program Files\HijackThis.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the prompts from there.
• When HJT opens, click on the Do a system scan and save a log file button.
• When HJT has finished scanning, a window entitled "hijackthis.log" will open - when you close this window the log will be saved into the hijackthis folder.
• Copy and paste this into your next reply.

Also, run HJT and click on Open the Misc Tools section.

• Click Open Uninstall Manager...
• Click Save list... and save it to your Desktop.
• Copy and paste the file uninstall_list.txt into your next reply.

[jman4life]

Thank you, Noviciate, for taking time to reply...

Here is my logfile...

Logfile of HijackThis v1.99.1
Scan saved at 7:46:46 AM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\AOL\1138593201\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\SurMixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.c...mpaign=webda135
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138593201\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Axis Server - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


and here is my uninstall_list...

Acala DVD Audio Ripper 2.3.7
Acala DVD Copy 2.3.3
Acala DVD Creator 2.2.9
Acala DVD Ripper 2.3.9
Ad-Aware SE Enterprise 2005
Ad-Aware SE Professional
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Advanced WMA Workshop version 2.2
Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
Bonjour Core for Windows
Broadcom Gigabit Integrated Controller
Creative MediaSource
Dell ResourceCD
DVD Shrink 3.2
DVD43 v3.7.0
DVDuck
FLAC Installer 1.1.2a (remove only)
GdiplusUpgrade
Guitar Pro 5.0
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
InterActual Player
Ipswitch WS_FTP Professional 2006
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
LimeWire PRO 4.11.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
McAfee SecurityCenter
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (1.5.0.10)
MP3 Magic 2.02
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Nero 6 Ultra Edition
Opera
Power Tab Editor 1.7
Power Tab Editor 1.7
PowerDVD
PowerISO
QuickTime
RealPlayer
Replay Music 2.51
Ruckus Player
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Sonic RecordNow!
Sound Blaster Live! 24-bit
Spybot - Search & Destroy 1.4
SSH Secure Shell
Super DVD Creator 9.25.0
System Alert Popup

[Noviciate]

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware from here and save it to your Desktop.

If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

• Updating AVG Anti-Spyware:
  
  By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
• Click the Update icon at the top and under "Manual Update" - click the Start update button.
• Either AVG A-S will update or inform you that no update was available.
• If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
  Once you have installed AVG A-S, double click avgas-signatures-current.exe to update it.
  
  Disabling the Resident Shield:
  
• By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
  (When the PC has been cleaned you can activate the shield again, if you wish.)
• Click the Shield icon at the top and under "Resident shield is..." - click active.
• This should now change to inactive.
  
  Changing Recommended Actions
  
• Click the Scanner icon at the top and then click the Settings Tab.
• Under "How to act?" click Recommended actions and select "Quarantine" from the menu.

You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

2) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "4" and then <ENTER> to check for updates.
Don't forget to allow SmiUpdate.exe access through your firewall.
Once it has updated, or if there are no updates available, close the window and the folder.

3) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

4) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Go to Start > Control Panel > Add/Remove Programs and remove the following:

MediaTickets by OIN

2) Boot into Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

3) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "2" and then <ENTER> to start the cleaning process.

• Wait for the tool to complete and disk cleanup to finish.
• You will be prompted "Registry cleaning - Do you want to clean the registry ? Press "Y" and then <ENTER>.
• The tool will also check if wininet.dll is infected. You may be prompted to "Replace infected file ?" - press "Y" and then <ENTER>.

Your PC now needs to be rebooted - if this does not happen automatically, you will need to do so manually. Either way, your PC will need to be booted back INTO SAFE MODE.

4) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

5) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

6) Go to Start > Control Panel > Internet Options.

For I.E. 6 - under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

For I.E. 7 - under Browsing History, click delete...
Under Temporary Internet Files, click Delete files...

7) Go to Start > Control Panel > Display.
Select the Desktop Tab, click on Customise Desktop... and then select the Web Tab.
Under Web pages: you may see a checked entry called Security info - or similar. Highlight this entry and then click the Delete button.
Finally click OK > Apply > OK.

8) Empty the Recycle Bin.

9) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG A-S.

• If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
• Click "Complete System Scan"
• While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
• When the scan has completed, any threats that AVG A-S has detected will be displayed.
• Click the Apply all actions button at the bottom.
• When AVG A-S has finished, it will display the message "All actions have been applied".
  
  Saving a report:
  
• Click the Save Report button at the bottom left and the "Reports" window will open.
• The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
• You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
  Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.

Close AVG A-S.

10) Reboot into Normal Mode.

11) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "3" and then <ENTER> to "Delete Trusted Zone".
When prompted "Restore Trusted Zone ?", press "Y" and then <ENTER>.

* Please Note: If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection *

Will you then post the following:

• A new HJT log,
• The AVG A-S log,
• The text file rapport.txt that will be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
  For most, this file can be found by double-clicking My Computer and then Local Disk (C:)
• A description of how your PC is behaving.

This fix is based on a canned speech supplied by Kimberly.

[jman4life]

Thanks for your help, here are the three files that you asked for...


HJT Log...

Logfile of HijackThis v1.99.1
Scan saved at 6:27:29 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\AOL\1138593201\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138593201\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Axis Server - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Rapport.txt...

SmitFraudFix v2.148

Scan done at 18:40:54.79, Wed 03/07/2007
Run from C:\Documents and Settings\Jeremy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\geplxss.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


AVG A-S Report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:46:57 AM 3/8/2007

+ Scan result:



HKU\S-1-5-21-1644491937-412668190-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-

0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023948.exe -> Adware.SpyHeal :

No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP490\A0024377.exe ->

Adware.YazzleSudoku : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023905.exe ->

Downloader.Zlob.bnw : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023807.exe ->

Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023821.exe ->

Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023832.exe ->

Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023806.dll ->

Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023808.exe ->

Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023820.dll ->

Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023822.exe ->

Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023826.exe ->

Downloader.Zlob.bpn : No action taken.
C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023836.exe ->

Downloader.Zlob.bpn : No action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@247realmedia[1].txt -> TrackingCookie.247realmedia : No action

taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@oasc02.247realmedia[2].txt -> TrackingCookie.247realmedia : No

action taken.
:mozilla.20:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.2o7 : No action taken.
:mozilla.52:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : No

action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Adbrite : No action taken.
:mozilla.85:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Adbrite : No action taken.
:mozilla.25:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Atdmt : No action taken.
:mozilla.22:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Doubleclick : No action taken.
:mozilla.23:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Questionmarket : No action taken.
:mozilla.24:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Questionmarket : No action taken.
:mozilla.134:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Realmedia : No action taken.
:mozilla.135:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Realmedia : No action taken.
:mozilla.137:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@revsci[1].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.35:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.36:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.37:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.38:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.39:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.40:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.41:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.42:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.43:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.44:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sexcounter : No action taken.
:mozilla.172:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Sitestat : No action taken.
:mozilla.140:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Specificclick : No action taken.
:mozilla.86:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Specificclick : No action taken.
:mozilla.87:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Specificclick : No action taken.
:mozilla.88:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Specificclick : No action taken.
:mozilla.89:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No

action taken.
C:\Documents and Settings\Jeremy\Cookies\jeremy@specificclick[1].txt -> TrackingCookie.Specificclick : No action

taken.
:mozilla.50:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Statcounter : No action taken.
:mozilla.141:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Tacoda : No action taken.
:mozilla.142:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Tacoda : No action taken.
:mozilla.143:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Tacoda : No action taken.
:mozilla.166:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Tacoda : No action taken.
:mozilla.167:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Tacoda : No action taken.
:mozilla.150:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.151:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.152:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.153:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.154:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.155:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.156:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.157:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Trafficmp : No action taken.
:mozilla.168:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Tribalfusion : No action taken.
:mozilla.30:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Tribalfusion : No action taken.
:mozilla.46:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Wegcash : No action taken.
:mozilla.47:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Wegcash : No action taken.
:mozilla.48:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Wegcash : No action taken.
:mozilla.49:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Wegcash : No action taken.
:mozilla.162:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Yieldmanager : No action taken.
:mozilla.163:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Yieldmanager : No action taken.
:mozilla.164:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Yieldmanager : No action taken.
:mozilla.165:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\y4cntjnb.default\cookies.txt

-> TrackingCookie.Yieldmanager : No action taken.


::Report end


That annoying thing seems to be gone out of my system tray. It seems to be working fine now. Please let me know if you find anything in any of these files that calls attention.


Thank you,
Jeremy

[Noviciate]

The AVG A-S log shows "No action taken" - either you didn't complete the instructions to fix these items or you created the log out of sequence. If you didn't fix the items, you will need to repeat the instructions for AVG A-S.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You are running an old version of Sun Java which needs updating:

• Go here and click on the Download button to the right of Java Runtime Environment (JRE) 6.0.
• Accept the license agreement by clicking the appropriate radio button and then continue.
• Under Windows Platform - Java™ SE Runtime Environment 6, click the Windows Offline Installation, Multi-language link.
• Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Environment and then reboot your PC.
• Navigate to and delete the following folder, if it exists: C:\Program Files\Java.
• Finally double click the installation file that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As long as the above goes OK, I want you to run your PC as normal for a few days. When you are happy that everything is fine, do the following:

Update your anti-virus program,
Disable System Restore,
Boot into Safe Mode,
Scan your computer for viruses.
When you get the all clear, reboot into Normal Mode.
Re-enable System Restore,
Create a Restore Point.
This will give a clean Restore Point should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.

If you have the time, pay a vist to Malware Complaints and register a complaint about the malware that has infected you - in your case it was a Smitfraud infection. If enough people take the time, it could make a difference.

[jman4life]

hmmm... Man I waited for AVG to finish for almost THREE HOURS! I was soooo tired the next day at work! and It didn't even finish... greeatt... I will repeat the steps for AVG when I Get home from work! Thanks again, Jeremy

[jman4life]

Hmm... This one is a lot shorter than the other one....... --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 5:40:24 PM 3/10/2007 + Scan result: HKU\S-1-5-21-1644491937-412668190-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023948.exe -> Adware.SpyHeal : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP490\A0024377.exe -> Adware.YazzleSudoku : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023905.exe -> Downloader.Zlob.bnw : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023807.exe -> Downloader.Zlob.bov : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023821.exe -> Downloader.Zlob.bov : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023832.exe -> Downloader.Zlob.bov : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023806.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023808.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023820.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023822.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023826.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{89B973A3-328B-43A1-AB05-F7F0DF6A7AA6}\RP487\A0023836.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined). ::Report end

[Noviciate]

It still looks OK - the early instructions still apply unless the PC is misbehaving.

[jman4life]

Hi! My computer seems to be running a bit sluggish now. I've used SpyBot S&D, and adaware, and they can't fine anything. But it's still running slow... Any ideas? Jeremy

[Noviciate]

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download ATF Cleaner by Atribune from here and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please Note: This program is for Windows XP and Windows 2000 only.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Go to Start > Run, enter sfc /scannow ( note the space between the "c" and "/" ) and click on OK.

This will look for and attempt to replace any corrupt system files that can be found. There are backups of some of these files on your PC and Windows will check for a copy here first. If you are prompted to insert your Windows XP disc, do so. If you don't have this disc and are asked for it, you will have to cancel at this point.

For details on the System File Checker, click here.

5) Defragment your hard drive. A tutorial for disc defragmentation is available here.

6) Download and run StartUp Inspector.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

[little eagle]

Due to a lack of a responce this topic is now closed.

If you wish it reopened, please send us an email (Click for address) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

To help keep your PC clean follow the recommendations here by shelf life.