Member Avatar for innershadow101

Hi, Id first like to say I am so happy that a website like this exists and i plan on visiting the forums every day to learn as much as possible.

That being said, my problem is a normal one, had a virus, killed it, but was still locked out of desktop backgrounds.

I downloaded the smitfraud.reg file that was suggested to a few other people, however when i click "yes" to add it to the registry it says...

"Cannot import C:\Documents and Settings\Administrator\Desktop\smitfraud.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor."

Any suggestions? I do love having a background that isnt solid black =P.

(P.s) I believe this may be in the wrong forum , but I could not located a better one, I apologize if this is true.

  • 2 Contributors
  • 5 Replies
  • 172 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 5 Replies

Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

Download HijackThis from here. Download it to your desktop and NOT a temporary folder.


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Member Avatar for innershadow101

SmitFraudFix v2.320

Scan done at 16:37:12.46, Fri 05/09/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data

C:\Documents and Settings\Administrator\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"

[HKEY_CLASSES_ROOT\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"="cshwa.exe"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Belkin Wireless G Desktop Card #3 - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.162
DNS Server Search Order: 85.255.112.92

Description: Belkin Wireless G Desktop Card #3 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 38.8.82.2

Description: Belkin Wireless G Desktop Card #3 - Packet Scheduler Miniport
DNS Server Search Order: 65.32.5.74
DNS Server Search Order: 65.32.5.75

Description: Belkin Wireless G Desktop Card #3 - Packet Scheduler Miniport
DNS Server Search Order: 65.32.5.111
DNS Server Search Order: 65.32.5.112

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39DECEB5-DE3F-4742-BFBC-6039BDF9F7B0}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CCS\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5A8CEEA1-1317-401A-9075-BA3DB02ADE7C}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A0AC0306-5FCB-4C20-A11D-2DE8A7A412BE}: DhcpNameServer=192.168.1.1 38.8.82.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C29B9706-8D1E-47DF-A436-9740D24A0D61}: DhcpNameServer=65.32.5.111 65.32.5.112
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D6BF5336-B520-4AEF-A839-91238945A815}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39DECEB5-DE3F-4742-BFBC-6039BDF9F7B0}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5A8CEEA1-1317-401A-9075-BA3DB02ADE7C}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A0AC0306-5FCB-4C20-A11D-2DE8A7A412BE}: DhcpNameServer=192.168.1.1 38.8.82.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C29B9706-8D1E-47DF-A436-9740D24A0D61}: DhcpNameServer=65.32.5.111 65.32.5.112
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D6BF5336-B520-4AEF-A839-91238945A815}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{39DECEB5-DE3F-4742-BFBC-6039BDF9F7B0}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5731104B-D5F3-4EB6-B1F5-A8C508B38430}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5731104B-D5F3-4EB6-B1F5-A8C508B38430}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5A8CEEA1-1317-401A-9075-BA3DB02ADE7C}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D6BF5336-B520-4AEF-A839-91238945A815}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{39DECEB5-DE3F-4742-BFBC-6039BDF9F7B0}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5A8CEEA1-1317-401A-9075-BA3DB02ADE7C}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A0AC0306-5FCB-4C20-A11D-2DE8A7A412BE}: DhcpNameServer=192.168.1.1 38.8.82.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C29B9706-8D1E-47DF-A436-9740D24A0D61}: DhcpNameServer=65.32.5.111 65.32.5.112
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: DhcpNameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D6BF5336-B520-4AEF-A839-91238945A815}: NameServer=85.255.116.162,85.255.112.92
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.111 65.32.5.112
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.111 65.32.5.112
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.162 85.255.112.92
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.111 65.32.5.112
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:04 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: {c0be4230-a5f6-8709-c184-acc2014c9ab2} - {2ba9c410-2cca-481c-9078-6f5a0324eb0c} - C:\WINDOWS\system32\kumbphgl.dll (file missing)
O2 - BHO: (no name) - {56D0A174-495A-49A4-8BA0-DB3241C40CF9} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Ozaibtra\thgdgybv.dll (file missing)
O2 - BHO: (no name) - {7BED1F14-57E9-4E35-943F-CE1688F6CB4E} - C:\WINDOWS\system32\tuvwtqp.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Risk\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F0EB56-9A40-4B3A-B589-0BFE91F331D5}: NameServer = 85.255.116.162,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{53C4300E-2488-4309-B533-413EB35575C6}: NameServer = 85.255.116.162,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{96041D86-409C-49F5-BC59-0C4484AB4B87}: NameServer = 85.255.116.162,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD292230-6FA4-4058-B204-68BA4D3702CC}: NameServer = 85.255.116.162,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6BF5336-B520-4AEF-A839-91238945A815}: NameServer = 85.255.116.162,85.255.112.92
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.162 85.255.112.92
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: tuvwtqp - tuvwtqp.dll (file missing)
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O21 - SSODL: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - (no file)
O22 - SharedTaskScheduler: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4569 bytes

Member Avatar for crunchie

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

==

Please download FixWareout from this site:
http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log please.

Member Avatar for innershadow101

Ty very much,this fixed the problem. In fact.. i apparently cleared 4gigs of temp files as well... lol... 4 gigs

Member Avatar for crunchie

Up to you, but there is a reason I asked for those logs.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.