Hi

I'm Bod and here to help you with your Hijack This log.

Please only use this topic for your replies on this problem. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.

I've had a look through your log and I now have some instructions for you to follow.

Before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.

You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.

Please follow and carry out all the steps in the instructions in the order I've listed them.

Please do not try any other "fixes" you may have found on the internet while we are sorting this problem out, it's important that we work through the fix in a systematic manner.


Download SmitfraudFix from http://siri.urz.free.fr/Fix/SmitfraudFix.zip and save the file to your desktop.
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder created in step 1 and double-click " smitfraudfix.cmd". Please do not try to use any of the other files in the folder until instructed.
Select option " 1 - Search" by typing " 1" and pressing " Enter" on the keyboard.
A text file will appear, which lists infected files (if present). We are only generating a report at this stage, not cleaning yet.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
See http://www.beyondlogic.org/consulting/proc...processutil.htm

Please copy/paste the content of the report generated into your next reply. The report can be found at the root of the system drive, usually at C:\rapport.txt.

I'll check the report and get back to you with the next stage of the fix.

Thanks,

Bod

Thanks for the advice. Here is the requested scan file data.

 

SmitFraudFix v2.81

Scan done at 20:29:11.56, 23/08/2006
Run from C:\Documents and Settings\Jenny\My Documents\My Received Files\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jenny\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jenny\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\IntCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Hi again,

Next stage of the fix.

Again, before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.

Please follow and carry out all the steps in the instructions in the order I've listed them.

Step 1
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option " 2 - Clean" by typing " 2" and press " Enter" to delete infected files.

You will be prompted : " Registry cleaning - Do you want to clean the registry ?"; type " Y" and press " Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); type " Y" and press " Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, reboot as normal.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Step 2
Download ATF Cleaner from http://www.atribune.org/ccount/click.php?id=1

Run ATF Cleaner. Click on the check box to select the following options:
Windows Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Recycle Bin
Click " Empty Selected". Exit when finished.

Step 3
Download Ewido from www.ewido.net/en/download, and install. At the end of the installation process, leave the tick in the " Run Ewido Anti-Spyware 4.0" checkbox. Click " Finish"

When opening screen appears, click " change state" for " Resident Shield" to change state to " inactive" This is done to prevent the resident shield interferring with our attempts to fix the problems present on the pc.

Ewido will automatically update, and a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.

Close Ewido.

Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.

Run Ewido again, click Scanner > Complete System Scan.

At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the " Action" entry if necessary.

Click " Apply all actions"

When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post.

Reboot as normal.

Step 4
Run Hijack This, " Scan" and post the log, together with a copy of the SmitFraudFix and Ewido logs, as a reply to this thread. I'll check it through, and get back to you.

Thanks,

Bod

Hi,

It's now been at least 7 days since your last post. I am presuming now that your problem has been solved and this topic is now inactive.

I will keep tabs on this post for another 7 days from this date, after which if you need help you should start a new topic.

If you should wish to reply before the 7 days has passed then simply please post a fresh HJT log before proceeding further.

Thanks,

Bod

Ok, that's good.

These are my suggestions to help keep your computer clean.

Step 1 - Microsoft Windows Update
Click Start > All Programs > Windows Update. This will take you to the Windows Update site. Follow the instructions to download and install all of the latest critical updates. Repeat this as many times as necessary, until there are no more updates available. Reboot whenever instructed.
Click Start > Control Panel > Security Centre and make sure that Automatic Updates are On.

Step 2 - Hide System Files
Click Start > My Computer > Tools > Folder Options > View Tab. Un-check " Show hidden files and folders" in the Hidden files and folders section, and Select " Hide protected operating system files (recommended)" option. Click Yes > OK.

Step 3 Create a clean system restore point
Click Start > Control Panel > System > System Restore Tab and click to put a tick in the " Turn off System Restore" check box, then click " Apply".

Reboot, then click Start > Control Panel > System > System Restore Tab and click to remove the tick in the " Turn off System Restore" check box, and then click Apply > OK to create a new restore point and then close Control Panel.

Step 4 - Make your Internet Explorer more secure
Open Internet Explorer click Tools > Options > Security tab >Internet icon to highlight >Custom Level, then select the following options:-
Change " Download signed ActiveX controls" to " Prompt"
Change " Download unsigned ActiveX controls" to " Disable"
Change " Initialise and script ActiveX controls not marked as safe" to " Disable"
Change " Installation of desktop items" to " Prompt"
Change " Launching programs and files in an IFRAME" to " Prompt"
Change " Navigate sub-frames across different domains" to " Prompt"
Click " OK", then Apply
Click on the " Privacy" tab and move the slider up to " Medium High", then Apply > OK to exit the Internet Properties page.

Step 5 - Anti Virus Software
It is very important that your computer has an anti-virus software running on your machine and that it is kept up to date.

You have Symantec, so make sure it is updated at least weekly, preferably daily. If your anti-virus is a trial copy or your subscription has expired, you can use one of these, both of which have a free version for home, non-networked, single user use.
Grisoft AVG http://free.grisoft.com/doc/1
Avast http://www.avast.com/

For more information on anti-virus programs see http://forum.malwareremoval.com/viewtopic.php?p=53#53

Step 6 - Firewall
You have Symantec, so make sure it is kept up to date. If your firewall is a trial copy or your subscription has expired, you can use one of these, both of which have a free version for home, non-networked, single user use.
ZoneAlarm http://www.zonelabs.com/store/content/home.jsp
Kerio http://www.sunbelt-software.com/Kerio.cfm

For more information on firewalls see http://forum.malwareremoval.com/viewtopic.php?p=56#56

Step 7 - Windows Defender
You have Windows Defender, make sure it is kept up to date and scans your pc regularly.

Step 8 - Ewido
You downloaded Ewido as part of the fix. Even when the trial period has expired you can still use it as a manual scanner. Manually update Ewido and scan your pc weekly.

Step 9 - SpywareBlaster
Download and install Javacools SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.html. When installed, run SpywareBlaster, click "Enable All Protection", then "Download Latest Protection Updates" and follow the instructions to download and enable the latest update.
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Hopefully these will help keep your computer clean, glad I could be of assistance,

Bod