Hi ,
Below are Spybot and HiJackThis logs :
--- Search result list ---
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[bleep]-[bleep].org\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4
CoolWWWSearch.BadZoneMap: Ayarlar (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com\*!=W=4
CoolWWWSearch.BadZoneMap: Ayarlar (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1547161642-839522115-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com\*!=W=4
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-08-26 Includes\Dialer.sbi
2005-08-26 Includes\Hijackers.sbi
2005-08-16 Includes\Keyloggers.sbi
2005-08-26 Includes\Malware.sbi
2005-04-27 Includes\Revision.sbi
2005-08-25 Includes\Security.sbi
2005-08-16 Includes\Spybots.sbi
2005-08-26 Includes\Trojans.sbi
2004-11-29 Includes\LSP.sbi
2005-02-17 Includes\Tracks.uti
2005-08-12 Includes\PUPS.sbi
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:19:03, on 03.09.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hurriyetim\Haber Alarmi\hurAlarm.exe
C:\Palm\hotsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\ugur1\My Documents\HijackThis.exe
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKCU\..\Run: [win update] wupda32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Rswo] C:\Documents and Settings\ugur1\Application Data\ertm.exe
O4 - HKCU\..\Run: [Hurriyetim] C:\Program Files\Hurriyetim\Haber Alarmi\hurAlarm.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe
O9 - Extra 'Tools' menuitem: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0465835E-95A0-4EDF-B0B6-44B44FD4B84D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0465835E-95A0-4EDF-B0B6-44B44FD4B84D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D653CF0A-DCB2-4B4C-8045-E0764844E106} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D653CF0A-DCB2-4B4C-8045-E0764844E106} - (no file) (HKCU)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {2FF18E30-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.02) -
http://www.ntvmsnbc....load/nm0321.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cabO16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://www.streamloa...oad/XUpload.ocxO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Procedure Call (RPC) Helper (Ź%AF夶Ŕ¨) - Unknown owner - C:\WINNT\sdkkr32.exe (file missing)
-----------------------
As I indicated before , my PC works OK...No blue/blanks screens or anything ...Just self opening toolbar and beeping once in a while ....But Smitfraud-C keeps coming up in Spybot checks ....
Thanks ,
Ugur