Some kinda virus/spyware slow running WinXP

[Aidan]

I have no clue what it is. I just installed WinXP onto this hard drive. I have another drive at my disposition if need be to solve the problem. I has win 2000 pro on it and its fine I know. Okay...

Here's a list of the programs/links that appeared on the computer. A (FAKE) ((I know this because its what the description of the file was when I scanned it with Ad aware)) Spyware scanner called QUAKE cant recall the name I believe I rid myself of that, but I'm having this problem with these two overpowering execs called : dcomcfg.exe and atmclk.exe
Basically, theyre the sourcwe of the slowness of the computer right now. But I have the impression that they are not the Boss because I deleted both these files from the other operating system ( because on here, it won't let me cause it says the programs are in use O.o) Anyways, they reappeared as well as two annoying online security links that are useless also the home page keeps changing back to www.securityupdate.net even when I change the HP settings in the TOOLS >> Internet options menu of EXPLORER.

Pff, I should never have gotten XP I was doing FINE with my 2000 who ever said XP was better... http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'\' />

Anyways, its really a drag. If ya got some clues as to how to shake off this pest, that would be well appreciated.
It's been awhile since I've been on thetechguide. Hope Y'all are doing fine http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />

Oh and incase you need it, heres a HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:43:34 PM, on 28/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\ZoneLabs\isafe.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
D:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\System32\atmclk.exe
D:\WINDOWS\System32\dcomcfg.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\dwwin.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Administrator.BALTHASAR\Desktop\FIX THE CPU\hijackthis.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - D:\WINDOWS\System32\hp110.tmp
O4 - HKLM\..\Run: [SpywareQuake.com] D:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks,
Aidan

[guestolo]

The problem is your running without virus protection and you don't have the latest service pack installed with all the latest high priority updates
If you did have those, you probably wouldn't of got this infection

For now, can you do the following
Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

[Aidan]

heh away from home right now, but I'll reply with the given info as soon as I get bhack tonight. Stupid me, I don't like the windows auto updater, but it would have saved me a whole lot of trouble if I had updated right away...http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'\' />

[Aidan]

Here's the smitfraud data you wanted:

SmitFraudFix v2.53

Scan done at  6:39:12.64, 02/06/2006
Run from D:\Documents and Settings\Aidan\Desktop\smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

D:\WINDOWS\system32\atmclk.exe FOUND !
D:\WINDOWS\system32\dcomcfg.exe FOUND !
D:\WINDOWS\system32\dxole32.exe FOUND !
D:\WINDOWS\system32\hp???.tmp FOUND !
D:\WINDOWS\system32\hp?.tmp FOUND !
D:\WINDOWS\system32\ld?.tmp FOUND !
D:\WINDOWS\system32\ot.ico FOUND !
D:\WINDOWS\system32\regperf.exe FOUND !
D:\WINDOWS\system32\simpole.tlb FOUND !
D:\WINDOWS\system32\stdole3.tlb FOUND !
D:\WINDOWS\system32\ts.ico FOUND !
D:\WINDOWS\system32\wfkduei.dll FOUND !
D:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Aidan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Aidan\FAVORI~1

D:\DOCUME~1\Aidan\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="D:\WINDOWS\System32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="D:\WINDOWS\System32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


PLease reply

[guestolo]

==Download and install Windows CleanUp! 4.5.1
Don't run this yet
NOTE: If you have an older version of Windows CleanUp!, Please uninstall it and use this newer version


==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" UNCHECK
 

"Install background guard"
 "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the auto updater won't work
Please manually update from this link
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
CleanUp, may prompt to run in Demo mode the first time ran, decline, we actually want to run the cleanup portion
When it's done>>Click Close
DECLINE to Log off or Restart the computer

=Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode

==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Reboot back to Normal mode
Post back the following please
1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
3. Post the report from Smitfraudfix again, located at D:\Rapport.txt

[Aidan]

ALright, alot of stuff to do in that last one. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />
Here are the required data in the order they were demanded:

Logfile of HijackThis v1.99.1
Scan saved at 11:12:51 PM, on 05/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wpabaln.exe
D:\WINDOWS\System32\imapi.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\Backup from the HD\Desktop\FIX THE CPU\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         11:07:10 PM, 05/06/2006
 + Report-Checksum:      E20C35AC

 + Scan result:

   :mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i8ucz255.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
   C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\gabriel@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\gabriel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\gabriel@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\gabriel@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\gabriel@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\Gabriel\Cookies\gabriel@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
   C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
   C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
   :mozilla.13:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.14:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.15:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.27:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.28:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.34:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.39:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
   :mozilla.40:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
   :mozilla.47:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.48:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.49:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.50:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.51:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.52:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.56:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.57:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.66:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.73:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.X10 : Cleaned with backup
   :mozilla.74:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.86:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.94:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.95:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.113:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
   :mozilla.114:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
   :mozilla.115:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\hafp6fs5.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
   :mozilla.7:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.16:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.23:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.24:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.25:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.26:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.27:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.28:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.35:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.36:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.37:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.38:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.46:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.54:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.63:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.64:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.65:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.66:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.67:D:\Documents and Settings\gabriel.BALTHASAR\Application Data\Mozilla\Profiles\default\4y9qtzj1.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup


::Report End



SmitFraudFix v2.53

Scan done at 20:12:28.97, 05/06/2006
Run from D:\Documents and Settings\Aidan\Desktop\smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\WINDOWS\system32\atmclk.exe Deleted
D:\WINDOWS\system32\dcomcfg.exe Deleted
D:\WINDOWS\system32\dxole32.exe Deleted
D:\WINDOWS\system32\hp???.tmp Deleted
D:\WINDOWS\system32\ld?.tmp Deleted
D:\WINDOWS\system32\ot.ico Deleted
D:\WINDOWS\system32\regperf.exe Deleted
D:\WINDOWS\system32\simpole.tlb Deleted
D:\WINDOWS\system32\stdole3.tlb Deleted
D:\WINDOWS\system32\ts.ico Deleted
D:\WINDOWS\system32\wfkduei.dll Deleted
D:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




There you go, I hope you can Answer me soon and GIve me the next set of things to do Thanks Alot quest

[guestolo]

Here are the required data in the order they were demanded:

Hee hee, I know, I know, I'm very demanding  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'\' />
It doesn't appear you actually ran Windows CleanUp! before you ran Ewido
Can you run it again in normal mode please, ensure your not running in Demo mode

I would do a couple more steps
Ad-Aware is a great program
I would also
Download and Install Spybot 1.4 from
HERE
 or HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer if any red items were fixed

Back in Windows
I don't see any Anti-Virus software on the computer
You should download a free AV if you don't have your own to install
Select one of these 3
ONLY use one, more than one can cause conflicts
AVG 7 by Grisoft

Avast Home Edition by ALWIL

Avira AntiVir Personal Edition Classic

Run a full updated virus scan once installed
Reboot if anything was found and removed
Come back here and let me know how everything is running, just some final steps

[Aidan]

HEh Well, I DID run Cleanup, but I think something went up cuz it wasnt in the all programs menu like you said I had to go get it in the Program files folder on my hard drive.

I'll Post the stuff you want tonight when I get home,
Also, could you advise me as to which updates/service packs I should get as I am new to Xp and have been on Win 2000 for a while. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> Thanks