Can I please have some help with Smitfraud-C
Hi there I have run Adaware and Spy-Bot. I have also followed the instructions from a link on another part of this site. I have downloaded Smitrem and Ewido and followed all the instructions. Upon running Spy-bot again it still comes up with Smitfraud-C. I do not know if this is now a false positive or whether this has now been removed. Any help would be gratefully appreciated I have pasted my Hijack log below. Many thanks for your assistance with this. 
Logfile of HijackThis v1.99.1
Scan saved at 15:24:25, on 05/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Lifestyles
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp8387.tmp (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
O16 - DPF: {0FA8E95B-C23A-11D5-8F5F-0008C7E9C2C6} (Pensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/PensionsPhase2.CAB
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://www.bbc.co.uk/ConnectComputer/nshelp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGTermAssurance.CAB
O16 - DPF: {61DA056C-EDE7-11D7-A20A-000802318089} (EWGBonds.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGBonds.CAB
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {786F41FA-AC32-11D5-9B73-00508B6BAAB3} (exWebStopper.texexweb) - http://exweb.exchange.uk.com/download/update/exWebStopper.CAB
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://exweb.exchange.uk.com/clientbinaries/msxml4.CAB
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {91F82BFF-F70C-11D2-BB68-0008C7E9C2C6} (TEXNBSHELL.ProposalForm) - http://exweb.exchange.uk.com/texonline/core_services/new_business_processing/texnbshell.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A45CF69C-19E0-4090-99DA-286A7C1C257B} (exWebUpdater.clsINIFile) - http://exweb.exchange.uk.com/download/update/exWebUpdater.CAB
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl2.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {AB5ED422-DE26-11D3-AD7A-0050044495F0} (WholeLife.desWOLBlank) - http://exweb.exchange.uk.com/clientbinaries/WholeLife.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/TermAssurance.CAB
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientbinaries/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O16 - DPF: {F952EDBD-84EF-11D5-8F0C-0008C7E9C2C6} (exchange Scripting Update) - http://exweb.exchange.uk.com/download/update/scripting_update.CAB
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lifestyles.local
O17 - HKLM\Software\..\Telephony: DomainName = Lifestyles.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{35160ED7-7BC3-451D-A918-1CC2EE540F33}: NameServer = 192.168.117.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lifestyles.local
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:24:25, on 05/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Lifestyles
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp8387.tmp (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
O16 - DPF: {0FA8E95B-C23A-11D5-8F5F-0008C7E9C2C6} (Pensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/PensionsPhase2.CAB
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://www.bbc.co.uk/ConnectComputer/nshelp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGTermAssurance.CAB
O16 - DPF: {61DA056C-EDE7-11D7-A20A-000802318089} (EWGBonds.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGBonds.CAB
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {786F41FA-AC32-11D5-9B73-00508B6BAAB3} (exWebStopper.texexweb) - http://exweb.exchange.uk.com/download/update/exWebStopper.CAB
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://exweb.exchange.uk.com/clientbinaries/msxml4.CAB
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {91F82BFF-F70C-11D2-BB68-0008C7E9C2C6} (TEXNBSHELL.ProposalForm) - http://exweb.exchange.uk.com/texonline/core_services/new_business_processing/texnbshell.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A45CF69C-19E0-4090-99DA-286A7C1C257B} (exWebUpdater.clsINIFile) - http://exweb.exchange.uk.com/download/update/exWebUpdater.CAB
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl2.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {AB5ED422-DE26-11D3-AD7A-0050044495F0} (WholeLife.desWOLBlank) - http://exweb.exchange.uk.com/clientbinaries/WholeLife.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/TermAssurance.CAB
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientbinaries/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O16 - DPF: {F952EDBD-84EF-11D5-8F0C-0008C7E9C2C6} (exchange Scripting Update) - http://exweb.exchange.uk.com/download/update/scripting_update.CAB
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lifestyles.local
O17 - HKLM\Software\..\Telephony: DomainName = Lifestyles.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{35160ED7-7BC3-451D-A918-1CC2EE540F33}: NameServer = 192.168.117.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lifestyles.local
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
0
This discussion has been closed.
Comments
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Lifestyles
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp8387.tmp (file missing)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
Fix those entries then reboot and post a new log.
Hi there thank you for your time. I have followed the above and have pasted the new hijack log below. I have rerun Spybot and it still shows Smitfraud-C, there are 21 entries under this. Spybot is unable to remove this, hjope this helps. Once again thank you for your time and effort.
Logfile of HijackThis v1.99.1
Scan saved at 09:46:21, on 06/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Hijackthis\HijackThis.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
O16 - DPF: {0FA8E95B-C23A-11D5-8F5F-0008C7E9C2C6} (Pensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/PensionsPhase2.CAB
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://www.bbc.co.uk/ConnectComputer/nshelp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGTermAssurance.CAB
O16 - DPF: {61DA056C-EDE7-11D7-A20A-000802318089} (EWGBonds.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGBonds.CAB
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {786F41FA-AC32-11D5-9B73-00508B6BAAB3} (exWebStopper.texexweb) - http://exweb.exchange.uk.com/download/update/exWebStopper.CAB
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://exweb.exchange.uk.com/clientbinaries/msxml4.CAB
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {91F82BFF-F70C-11D2-BB68-0008C7E9C2C6} (TEXNBSHELL.ProposalForm) - http://exweb.exchange.uk.com/texonline/core_services/new_business_processing/texnbshell.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A45CF69C-19E0-4090-99DA-286A7C1C257B} (exWebUpdater.clsINIFile) - http://exweb.exchange.uk.com/download/update/exWebUpdater.CAB
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl2.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {AB5ED422-DE26-11D3-AD7A-0050044495F0} (WholeLife.desWOLBlank) - http://exweb.exchange.uk.com/clientbinaries/WholeLife.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/TermAssurance.CAB
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientbinaries/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O16 - DPF: {F952EDBD-84EF-11D5-8F0C-0008C7E9C2C6} (exchange Scripting Update) - http://exweb.exchange.uk.com/download/update/scripting_update.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lifestyles.local
O17 - HKLM\Software\..\Telephony: DomainName = Lifestyles.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{35160ED7-7BC3-451D-A918-1CC2EE540F33}: NameServer = 192.168.117.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lifestyles.local
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Hello there, I have posted below the results taken form my Spybot scan this morning. I took this information from the log files in Spybot. I hope this tells you what you need to know otherwise please come back to me. Sorry am a bit of a novice with all this and the miniscule amount I have learnt so far is a soaring upward curve!! I will pick up any replies tomorrow since I am finishing here. I am very grateful for your time and input with this.
--- Report generated: 2005-12-06 09:58 ---
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4
--- Spybot - Search && Destroy version: 1.3 ---
2005-12-02 Includes\Cookies.sbi
2005-12-02 Includes\Dialer.sbi
2005-12-02 Includes\Hijackers.sbi
2005-12-02 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-12-02 Includes\Malware.sbi
2005-12-02 Includes\PUPS.sbi
2005-12-02 Includes\Revision.sbi
2005-12-02 Includes\Security.sbi
2005-12-02 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-12-02 Includes\Trojans.sbi
You have no need to worry, your computer is spyware-free.
Thank you very much matey for all your time and effort you are a star