Ok, some minor issues, but your running processes (the top list of exes) looks mostly clean. The only suspicious entry is RiskDisk, which if not causing all your issues is probably making them worse.

 

It's now cleanin' time! Please print out these instructions or copy them to a Notepad file somewhere, as we're going to be rebooting into Safe Mode with no internet connectivity, so you won't be able to read them from the forums.

 

Next, please reboot your computer in Safe Mode by doing the following :

 

* Restart your computer

* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

* Instead of Windows loading as normal, a menu with options should appear;

* Select the first option, to run Windows in Safe Mode, then press "Enter".

* Choose your usual account.

 

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

 

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

 

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

 

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

 

The report can also be found at the root of the system drive, usually at C:\rapport.txt

 

Please Note: One of the SmitFraud varients changes then locks the user's Windows backdrop, so the fix automatically strips this out during a clean. Consequently, you are likely to have found your backdrop removed when you reboot. Don't panic! This is expected, and you can just reset your backdrop in the usual way.

Ok. Ta. Going to try this now.

Riskdisk is a legitimate program which I need for my business. I can't function without it.

Should be back soon.

Ok. Ta. Going to try this now.

 

Riskdisk is a legitimate program which I need for my business. I can't function without it.

 

Should be back soon.

No problem. If you recognise and trust it, you can leave it there.

You are an absolute genius!!! I followed your instructions (by the way you can restart into Safe Mode with Networking which gives internet access) and I now have Spybot working beautifully!!!

You really saved me, because I believed that I would need to reformat and really don't want to go through that hassle!!!

I did a nslookup for safer-networking.org and it gave the same results with P/i/s/s/Net's pathway bit, but the Ping worked, so I tried installing and it worked - and downloaded updates!!!

In case anything else needs doing the rapport.txt is copied below:

SmitFraudFix v2.423

Scan done at 11:14:03.04, 24/08/2009

Run from C:\Documents and Settings\User\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ULi PCI Fast Ethernet Controller - Packet Scheduler Miniport

DNS Server Search Order: 212.159.13.49

DNS Server Search Order: 212.159.30.50

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D4CAFEE-A4D1-47D9-BBD1-30A05E01FA56}: DhcpNameServer=212.159.13.49 212.159.30.50

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

No problem. If you recognise and trust it, you can leave it there.

Good, because the last thing I need is to lose Riskdisk! Business isn't going to well anyway, don't need more hassle!

You are an absolute genius!!! I followed your instructions (by the way you can restart into Safe Mode with Networking which gives internet access) and I now have Spybot working beautifully!!!

Fantastic news! Glad we managed to track down your problem (in this case one or more of the SmitFraud variants) and fixed it. You should be clean now, but now you've got it working, don't forget to run a full Spybot scan. Once that's done, your system should be in pretty good shape.

Regarding the programs I got you to run, you can either leave them installed or uninstall them.

SmitFraudFix is specifically just for the SmitFraud malware, so pretty specialised. You seem pretty PC savvy, so you might want to leave HiJackThis on your system. The last two, Malware Byte's Anti-Malware and CCaeaner are both great little programs, and totally safe. I'd advise not only leaving them there, but adding them to your list of programs to give your PC a spring clean.

Fantastic news! Glad we managed to track down your problem (in this case one or more of the SmitFraud variants) and fixed it.

 

Regarding the programs I got you to run, you can either leave them installed or uninstall them.

 

SmitFraudFix is specifically just for the SmitFraud malware, so pretty specialised. You seem pretty PC savvy, so you might want to leave HiJackThis on your system. The last two, Malware Byte's Anti-Malware and CCaeaner are both great little programs, and totally safe. I'd advise not only leaving them there, but adding them to your list of programs to give your PC a spring clean.

Thanks for your time.

I'm keeping HiJack This. I already had CCleaner installed. I have previously needed Smitfraud Fix, so I'll keep it just in case. I already uninstalled Malwarebytes because it's apparently a trial, I believe.

I would rep you here, but unfortunately you can't rep posts in the Bear Garden!

One thing before using Spybot is to do a little setup.

At the top click 'Mode'

'Advanced Mode' and answer the little pop up

Down the bottom click 'Settings'

'Ignore Products'

Scroll down to 'Cdilla' and untick it and then 'Sidestep' and untick that.

The definition of spyware is something that puts itself on your computer without asking permission and sends information back to the owner. These to do that, but have threatened Safer Networking with court and claim they aren't spyware. Safernetworking being supported by donations (just like cag) can't afford to take them on so have left it in the list but ticked it as ignore.

Next go back to the very top and click Spybot S&D and you're back into the front page and ready to do a clean.

Don't forget to do updates and to immunise.

I would rep you here, but unfortunately you can't rep posts in the Bear Garden!

In an act of shameless self-promotion I suggest you visit one of my non-Bear Garden posts, such as this one, and rep me there. In fact, everybody reading this thread should do the same, just because I'm great.

One thing before using Spybot is to do a little setup.

 

At the top click 'Mode'

'Advanced Mode' and answer the little pop up

Down the bottom click 'Settings'

'Ignore Products'

 

Scroll down to 'Cdilla' and untick it and then 'Sidestep' and untick that.

 

The definition of spyware is something that puts itself on your computer without asking permission and sends information back to the owner. These to do that, but have threatened Safer Networking with court and claim they aren't spyware. Safernetworking being supported by donations (just like cag) can't afford to take them on so have left it in the list but ticked it as ignore.

 

Next go back to the very top and click Spybot S&D and you're back into the front page and ready to do a clean.

 

Don't forget to do updates and to immunise.

Thanx Conniff, that's VERY useful to know!!! You got rep for that useful tip, as well!

In an act of shameless self-promotion I suggest you visit one of my non-Bear Garden posts, such as this one, and rep me there. In fact, everybody reading this thread should do the same, just because I'm great.

Did so before I saw you posted this, but went through your posts in your profile, till I found something out of the Bear Garden.

Tez get's a second rep click elsewhere because he also solved my Google issue at the same time. I can now click on Google links without getting craploads of advertising!

Uh, oh, I've got to give some more people rep before I can rep Tez again! What a stupid rule! Don't worry Tez, won't forget!

Please could all techies here visit my thread at: http://www.consumeractiongroup.co.uk/forum/broadband-other-internet-issues/216862-seriously-slow-speed-plusnet.html

A nice website for testing the power of your computer:-

Computer Power Test

P.S. If you've visited and are now groaning at the rubbish joke, sorry

No comment!

That's not rubbish, I think it's very funny.

Some of the software I have in my arsenal when fixing machines is:

* Ubuntu: Free, boots your machine up without using Windows. Very handy for diagnosing some hardware faults. Ubuntu also contains a program called MEMTEST86 which can be used to test your RAM for faults.

http://www.ubuntu.com/desktop/get-ubuntu/download

* Jellybean's Key Finder: Free, great for backing up your licence keys for software you've bought. I use this for getting licence keys before destructive restores so I can install software back on the original licences.

http://www.magicaljellybean.com/keyfinder/

* Malwarebytes' Anti-Malware (MBAM): Free, great for removing almost all malware from your machine. Don't forget to get this scanning in Safe Mode as normal scan is not enough.

http://www.malwarebytes.org/mbam.php

* avast! antivirus: Free - what more can I say?

http://www.avast.com/free-antivirus-download

http://www.avast.com/registration-free-antivirus.php

* HijackThis: Free, be sure to get someone who knows what they're doing with this - you CAN destroy Windows. Used after MBAM for extra safety.

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

* Sea Tools: Free, used for scanning hard drives for faults. If you get at least ONE error - scrap the hard drive and get a new one.

http://www.seagate.com/www/en-us/support/downloads/seatools

CCleaner is for cleaning up the Windows Operating System.

It will clean out a 'memory dump file' which is completely different and has nothing at all to do with optimising the memory.

A memory dump file is just that, a file created to record problems that might occur and you can look at if you are having a problem or BSOD.

The following will cause a write to a memory dump file:

• STOP Error
  
• DLL Error
  
• RAM Hardware Problems
  
• Memory Allocation Error
  
• HIVE crash
  
• COM Error
  
• Outlook Errors
  

OK I apologise for that about CCleaner - I've got that muddled up with something else by a similar name. I still stand by what I say about optimising RAM - If something claims to optimise memory avoid it.

As for the registry and RAM I'm full aware they're different entities and was not referring to optimising RAM but was referring to the registry cleaning side of it.

Ccleaner will only clear out 'unused' registry keys and the fragments left behind when a program or application is uninstalled.

I will, however, agree with you on RAM optimisation programs. Windows is very efficient at managing the memory and have got better as the newer versions have emerged.

Windows 7 has one of the best memory managers available and all these other so called memory managers are either a con or not required.

Wow! First time I've ever been on a forum where incorrect posts are edited out - I held back from doing so because many other forums I visit this is frowned upon.

If you'd like to edit my post that would be great and appreciated.

avast!

Another good one is Malwarebytes, there are both free and paid versions available, the free one is available from malwarebytes dot org, unfortunately I can't post links yet.

I use this and Avast as my primary defences along with PrevX and Lavasoft AdAware

A lot has changed since this was first posted and will be updated very soon with some good stuff and some really good malware prevention and cleaning.

Good to know, I have however done some cleanup with some of the tools mentioned. CCleaner I like

oh, thanks so much! it's really useful