After following the detailed instructions from this thread (http://forums.spybot.info/showthread.php?t=4015) I've still got that annoying wheelchair/stop sign in the clock area.

Here are the logs:

SmitFraudFix v2.41

Scan done at 11:25:45,31, uto 09.05.2006
Run from C:\Documents and Settings\Ljuba\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:12:05, 9.5.2006
+ Report-Checksum: 4312394

+ Scan result:

[704] C:\WINDOWS\System32\reglogs.dll -> Not-A-Virus.Hoax.Win32.Renos.cz : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\daca\Cookies\daca@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Ljuba\Cookies\ljuba@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Ljuba\Cookies\ljuba@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Ljuba\My Documents\Instalacije\Alt-N Mdaemon 6.85\libssl32.dll -> Not-A-Virus.NetTool.Win32.STunnel.404 : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\tanja\Cookies\tanja@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\abuse_list.zip/document.txt .exe -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\account.zip/document.txt .exe -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\bill.zip/data.rtf .scr -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\description9.pif -> Worm.NetSky.t : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\details05.zip/data.rtf .scr -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\document.zip/document.html .pif -> Worm.Mydoom.m : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\document_4351.pif -> Worm.NetSky.d : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\id04009.zip/details.txt .pif -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\information.zip/details.txt .pif -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\message.zip/data.rtf .scr -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\msg.zip/document.txt .exe -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\my_numbers.zip/data.rtf .scr -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\part6.zip/data.rtf .scr -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\picture_document3.pif -> Worm.NetSky.t : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\readme.zip/readme.bat -> Worm.Mydoom.m : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\regards_naked2.zip/regards_naked2.htm.com -> Worm.NetSky.c : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\screensaver.zip/details.txt .pif -> Worm.NetSky.q : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\word document_daca.pif -> Worm.NetSky.x : Cleaned with backup
C:\MDaemon\CFilter\QUARANT\your_picture.pif -> Worm.NetSky.d : Cleaned with backup
C:\System Volume Information\_restore{21E721B2-842C-478B-9DE9-339E5C7C714E}\RP502\A0161879.exe -> Downloader.Zlob.no : Cleaned with backup
C:\System Volume Information\_restore{21E721B2-842C-478B-9DE9-339E5C7C714E}\RP502\A0162963.exe -> Downloader.Zlob.no : Cleaned with backup
C:\System Volume Information\_restore{21E721B2-842C-478B-9DE9-339E5C7C714E}\RP502\A0162964.exe -> Downloader.Zlob.ni : Cleaned with backup
C:\WINDOWS\system32\reglogs.dll -> Not-A-Virus.Hoax.Win32.Renos.cz : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 11:51:16, on 9.5.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\MDaemon\APP\MDAEMON.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PSIT\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\MDaemon\APP\CFEngine.exe
C:\MDaemon\WorldClient\WorldClient.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\lotus\organize\easyclip6.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MDaemon - Alt-N Technologies, Ltd. - C:\MDaemon\APP\MDAEMON.EXE

I realy need to clean this as this is a computer that is used for mail exchange in the office.

Thanks in advance!

Welcome

RE-Download (its updated frequently) SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!

Here's the log.

SmitFraudFix v2.44

Scan done at 8:34:09,35, pon 15.05.2006
Run from C:\Documents and Settings\Ljuba\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\autodisc32.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ljuba\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ljuba\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}"="AutoDisc Ware"

[HKEY_CLASSES_ROOT\CLSID\{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}\InProcServer32]
@="C:\WINDOWS\System32\autodisc32.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}\InProcServer32]
@="C:\WINDOWS\System32\autodisc32.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Thanks

Continue with running smithfraudfix option 2 then Ewido while the pc is in safe mode
http://forums.spybot.info/showthread.php?t=4015

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.