954,255 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
6 Years Ago
0

Notification area has spyware icons

My notification area constantly displays a flashing european no sign (circle with line through it) and green wheelchar symbol. It says Virus Alert! when I move my pointer over it, and a window titled "Your computer is infected!" that talks of virus activities and it directs me to a site to buy removal software. Also sometimes a yellow triangle with an exclamation mark in it pops out and alerts me similarly about worms I have, and directs me to another product site. Explorer is randomly popping up ads when I'm only using firefox! Can anyone help? I'll post a Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:16:43 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Media Player\npds.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\My Documents\My Received Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147121971859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147181084453
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

robbo_the_hood
Light Poster
33 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Hello kylethedarkn , welcome to DaniWeb. My name is Justin and I will be helping you with your computer today. I will be helping clean all the maleware and spyware problems associated with your computer. Throughout my fix if you have any questions on the programs I am having you use don't be afraid to ask me.

Step 1

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Step 2

Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.Install ewido anti-malware
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Burton1
Junior Poster in Training
55 posts since May 2006
Reputation Points: 12
Solved Threads: 4
 
5 Years Ago
0

are you sure you posted on the right thread? that's not my screen name.

robbo_the_hood
Light Poster
33 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

Err copy and past stinks at times, i am terribly sorry for the misunderstanding. Yes that post was ment for you just wrong name, please continue with the instructions.

Burton1
Junior Poster in Training
55 posts since May 2006
Reputation Points: 12
Solved Threads: 4
 
5 Years Ago
0

here's smartfix

SmitFraudFix v2.53

Scan done at 15:27:03.48, Fri 06/02/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\FAVORI~1

C:\DOCUME~1\User\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

and here's ewido

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:43:29 PM, 6/2/2006
+ Report-Checksum: 8AC056E1

+ Scan result:

:mozilla.33:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.34:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.35:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.40:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.44:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.45:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.53:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.54:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.59:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.60:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.62:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.70:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.74:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9kq7jwgf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup


::Report End

Although I had ewido installed already with the background guard and text menu thing. Also, www.gamespot.com is not working for me, which is odd because everyother site seems to, maybe it's down but I can't find anything that says so.

robbo_the_hood
Light Poster
33 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

I am sorry it has been awhile since i have gotten to your post. I have been extremely busy.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Burton1
Junior Poster in Training
55 posts since May 2006
Reputation Points: 12
Solved Threads: 4
 
5 Years Ago
0

Here's the report:

SmitFraudFix v2.53

Scan done at 16:21:26.35, Mon 06/05/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\User\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\imfdfcj.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


My desktop was removed, should I stop worrying?

robbo_the_hood
Light Poster
33 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
5 Years Ago
0

Your desktop was removed, like the back round? If so just right click it and change the backround. If you don't know how to do it, just tell me.

Burton1
Junior Poster in Training
55 posts since May 2006
Reputation Points: 12
Solved Threads: 4
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed