Click to view attachmentClick to view attachmentClick to view attachmentClick to view attachmentseems to have worked the best. i have downloaded 3 programs recommended by pctools,spydoctor and etc.. this really worked

1. rapport.txt

1. ewido scan report

1. panda activescan report

1. fresh hijackthis log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:47:13 PM, 5/26/2006
+ Report-Checksum: D1D2FBC6

+ Scan result:

HKU\S-1-5-21-3171702385-4001767341-4241610731-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
C:\WINDOWS\_detmp.2:vickx -> Downloader.Agent.bc : Cleaned with backup


::Report End

---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 2:13:18 PM, 5/26/2006
+ Report-Checksum: B33DA6D8

0: System Process
4: System Process
252: C:\Program Files\ewido anti-malware\SecuritySuite.exe
368: C:\Program Files\iTunes\iTunesHelper.exe
416: \SystemRoot\System32\smss.exe
464: C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
472: \??\C:\WINDOWS\system32\csrss.exe
496: \??\C:\WINDOWS\System32\winlogon.exe
540: C:\WINDOWS\system32\services.exe
552: C:\WINDOWS\system32\lsass.exe
700: C:\WINDOWS\system32\svchost.exe
760: C:\WINDOWS\system32\svchost.exe
828: C:\WINDOWS\System32\svchost.exe
868: C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
904: C:\WINDOWS\System32\svchost.exe
972: C:\WINDOWS\System32\svchost.exe
1176: C:\Program Files\iPod\bin\iPodService.exe
1224: C:\WINDOWS\Explorer.EXE
1276: C:\WINDOWS\system32\spoolsv.exe
1404: C:\WINDOWS\System32\nvsvc32.exe
1484: C:\WINDOWS\System32\svchost.exe
1556: C:\WINDOWS\system32\wdfmgr.exe
1852: C:\Program Files\Internet Explorer\iexplore.exe
2000: C:\WINDOWS\System32\alg.exe


SmitFraudFix v2.48

Scan done at 12:56:51.82, Fri 05/26/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll

C:\WINDOWS\system32\wininet.dll infected !

Searching wininet.dll backup file...
C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\wininet.dll
C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
C:\WINDOWS\ServicePackFiles\i386\wininet.dll
C:\WINDOWS\system32\wininet.dll

File Found : C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\\wininet.dll
System Version : 6.0.2900.2861
BackUp Version : 6.0.2900.2861

Wininet.dll Remplacement (reboot necessary)

»»»»»»»»»»»»»»»»»»»»»»»» End




Incident Status Location

Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-42e537af-3af2790a.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-42e537af-3af2790a.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-42e537af-3af2790a.zip[VerifierBug.class]
Virus:Trj/Classloader.AD Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-42e537af-3af2790a.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-7188ea5b.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-7188ea5b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-7188ea5b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6d048d26-7188ea5b.zip[Beyond.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]

No HiJackThis log was included. Please do not attach files unless requested. It makes more work for us. Copy and paste, using more than one post if necessary.

OK, items needed...

First:
Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware



Second:
Would you please use HiJackThis to produce a startup list and post it here:
1. From HJT main screen, click 'Config' button
2. Click 'Misc Tools' button
3. Check both boxes to the right of 'Generate StartupList Log' button
4. Click 'Generate StartupList Log' button
5. Click 'Yes' in the next dialog
6. Save the log and post a copy in this thread.