To snickets,
Thankyou for your swift reply, and all your time and effort is greatly appreciated
Had a bit of trouble with the last set of instructions.
Firstly with About Buster i ran the scan and it says it was completely succefully, then when i clicked 'ok' a "Runtime error '339' component component 'comct132.ocx' or one of its dependencies not correctly register: a file is missing or invalid" appeared. I downloaded it again from a different source and followed the instructions again but it still appeared.
Next with CWShredder i was only able to fix a few of the boxes as i could only find some of them.
The smittles.txt is as follows:
smitRem log file
version 2.3
by noahdfear
The current date is: Fri 12/08/2005
The current time is: 2:59:02.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
the ewido scan report is as follows:
Incident Status Location
Adware:Adware/Lop No disinfected c:\docume~1\france~1\locals~1\temp\sljnaphp.exe
Adware:Adware/Lop No disinfected C:\DOCUME~1\FRANCE~1\APPLIC~1\WAVEPI~1\play 32.exe
Virus:W32/Smitfraud.B Disinfected Operating system
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\FRANCES O'LEARY\FAVORITES\Online Sex Poker Rooms.url
Adware:adware/sbsoft No disinfected C:\WINDOWS\rdt.ini
Adware:adware/lop No disinfected C:\PROGRAM FILES\C2Media
Adware:adware/psguard No disinfected C:\DOCUMENTS AND SETTINGS\FRANCES O'LEARY\APPLICATION DATA\PSGuard.com
Spyware:spyware/wareout No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\CHIC SETTINGS NURB HOLD\Funk camp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frances O'Leary\Application Data\Chin4\Bike platform.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frances O'Leary\Application Data\Chin4\ltndcycb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frances O'Leary\Application Data\Chin4\Transdogmathdumb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frances O'Leary\Application Data\Chin4\vckeepactive.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frances O'Leary\Application Data\Wave Ping\play 32.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frances O'Leary\Local Settings\Temp\sljnaphp.exe
Adware:Adware/Lop No disinfected C:\Program Files\C2Media\Setup.exe
Virus:W32/Smitfraud.B Disinfected C:\WINDOWS\system32\wininet.dll I removed MessengerPlus3 but left PartyPoker as this program is readily used. Also the files and folders you told me to delete, i couldnt find them.
Here is my HJT log. Continually pop ups and computer slowness remains.
Logfile of HijackThis v1.99.1
Scan saved at 4:33:04 AM, on 13/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frances O'Leary\Desktop\HJT\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.nsiebpqww...6BaZZPFedEt.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F3 - REG:win.ini: load= HPLJSW.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Name - {069AB7FF-85C8-49CE-B6C1-ADFDA1A63F3B} - C:\WINDOWS\System32\msvaj.dll (file missing)
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7F8DC31B-72E8-0011-47E5-1916674F7A0B} - C:\DOCUME~1\FRANCE~1\APPLIC~1\WAVEPI~1\play 32.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dwcrnt.exe] dwcrnt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [nurb hold build multi] C:\Documents and Settings\All Users\Application Data\CHIC SETTINGS NURB HOLD\OptionSite.exe
O4 - HKCU\..\Run: [BoldPhone] C:\DOCUME~1\FRANCE~1\APPLIC~1\Chin4\Bike platform.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1120411656939O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{83404B17-4AFE-4686-92B0-7C1D8A2FAAFA}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{83404B17-4AFE-4686-92B0-7C1D8A2FAAFA}: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: style2 - C:\WINDOWS\q7264816_disk.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
Any further help would be greatly appreciated again.
Cheers, Travbank