Hi, I'm hoping you can help with removing some of this spyware stuff from my computer. I found the thread that listed all of the steps you recommended and followed all of the instructions. I'm posting the reports below. I don't know if I got rid of any of them but I still can't get to some common sites such as google.

thanks in advance for your help.
----------------------------

SmitFraudFix v2.61

Scan done at 8:21:01.71, 06/16/2006 Fri
Run from C:\Documents and Settings\Dong W Kim\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Killing process


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting infected files

C:\WINDOWS\.protected Deleted
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Generic Renos Fix

GenericRenosFix by S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting Temp Files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Registry Cleaning

Registry Cleaning done.

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:09:52 AM, 6/16/2006
+ Report-Checksum: B18F9CAF

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{A833AB67-7368-457E-B8BF-249CCD8DDD14} -> Adware.Generic : Cleaned with backup
[228] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Cleaned with backup
[276] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Error during cleaning
[288] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Error during cleaning
[448] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Error during cleaning
[516] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Error during cleaning
[580] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Error during cleaning
[816] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Error during cleaning
[832] C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Error during cleaning
:mozilla.11:C:\Documents and Settings\Dong W Kim\Application Data\Mozilla\Firefox\Profiles\default.jkj\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Dong W Kim\Application Data\Mozilla\Firefox\Profiles\default.jkj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Dong W Kim\Application Data\Mozilla\Firefox\Profiles\default.jkj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Dong W Kim\Application Data\Mozilla\Firefox\Profiles\default.jkj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Dong W Kim\Application Data\Mozilla\Firefox\Profiles\default.jkj\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Dong W Kim\Application Data\Mozilla\Firefox\Profiles\default.jkj\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dong W Kim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-5d95cdd-3776a038.zip/Matrix.class -> Downloader.OpenStream.c : Cleaned with backup
C:\HNC\App\hdialer\HDIALER.EXE -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Program Files\Worldman\FNGKHLIB.DLL -> Not-A-Virus.Monitor.Win32.KeyPressHooker : Cleaned with backup
C:\WINDOWS\SYSTEM32\gdb32.exe -> Backdoor.Lamebot.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\spoolsv.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\Temp\win10F0.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win8C8.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win8CE.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winA1.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winA5.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 오전 9:30:07, on 2006-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winferno\SIEPIE\SIEPulse.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\HJT\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

O1 - Hosts: 69.61.45.227 beta.search.msn.nl au.search.yahoo.com www.google.com.pa beta.search.msn.es search.msn.at beta.search.msn.at www.google.as
O1 - Hosts: 69.61.45.227 google.es google.it www.google.hn google.com.np search.msn.dk search.msn.it www.google.rw
O1 - Hosts: 69.61.45.227 search.yahoo.com www.google.co.il www.google.com.gr www.google.am www.google.gl google.tm google.co.je
O1 - Hosts: 69.61.45.227 www.google.co.cr www.google.it www.google.pn beta.search.msn.co.in www.google.bi www.google.co.ke ar.search.yahoo.com
O1 - Hosts: 69.61.45.227 www.google.com.ag ct.search.yahoo.com www.google.ie search.msn.co.za www.google.com.pk google.co.jp www.google.com.pr
O1 - Hosts: 69.61.45.227 search.msn.no www.google.com.gi google.mw www.google.at google.co.il search.msn.se toolbar.search.msn.com
O1 - Hosts: 69.61.45.227 google.com.vn google.co.nz www.google.ci google.gl cf.search.yahoo.com beta.search.msn.ch search.sympatico.msn.ca
O1 - Hosts: 69.61.45.227 www.google.dk google.az www.google.off.ai www.google.co.hu www.google.gm www.google.sm www.google.co.th
O1 - Hosts: 69.61.45.227 www.google.co.jp google.com.fj google.ca beta.search.xtramsn.co.nz google.com.ar www.google.lu google.ci
O1 - Hosts: 69.61.45.227 google.com.mt beta.search.msn.no www.google.dj google.lt espanol.search.yahoo.com www.google.com.na www.google.co.kr
O1 - Hosts: 69.61.45.227 www.google.com.ly www.google.com.mx www.google.com.fj www.google.co.ug google.com.tr google.sm br.search.yahoo.com
O1 - Hosts: 69.61.45.227 google.com.do google.co.ve google.hn google.com.py google.co.kr www.google.se google.mn
O1 - Hosts: 69.61.45.227 google.co.in uk.search.msn.com google.vg google.rw www.google.com.mt google.com.sv google.dk
O1 - Hosts: 69.61.45.227 www.google.cd www.google.ae google.com.ly www.google.fm google.com.hk www.google.com.np www.google.lt
O1 - Hosts: 69.61.45.227 www.google.com.pe google.co.ug google.com.uy google.ch www.google.cl beta.search.msn.se google.com.mx
O1 - Hosts: 69.61.45.227 google.pt google.com.au google.com google.li google.com.pr www.google.com.ec google.mu
O1 - Hosts: 69.61.45.227 google.td google.ms www.google.co.je www.google.es google.com.sg www.google.mw www.google.tm
O1 - Hosts: 69.61.45.227 google.com.pk www.google.cg google.uz beta.search.msn.de google.sk search.msn.com google.be
O1 - Hosts: 69.61.45.227 www.google.nl www.google.com.sa www.google.com.my www.google.fi google.co.hu beta.search.msn.co.za mx.search.yahoo.com
O1 - Hosts: 69.61.45.227 google.as www.google.com.vn google.com.sa www.google.com.ar google.cd www.google.pt google.ru
O1 - Hosts: 69.61.45.227 google.pn beta.search.ninemsn.com.au google.cl www.google.com.hk google.com.gi google.com.ni search.msn.fr
O1 - Hosts: 69.61.45.227 google.com.my google.lu www.google.com google.co.cr www.google.ms google.com.ph www.google.sk
O1 - Hosts: 69.61.45.227 www.google.com.py www.google.com.nf google.no beta.search.sympatico.msn.ca beta.search.msn.com.sg www.google.com.au www.google.ca
O1 - Hosts: 69.61.45.227 google.de google.dj beta.search.msn.co.uk google.fi search.msn.be google.ie google.se
O1 - Hosts: 69.61.45.227 beta.search.msn.com www.google.co.ls www.google.uz search.msn.com.sg google.com.co google.off.ai search.msn.de
O1 - Hosts: 69.61.45.227 beta.search.msn.dk www.google.com.sv google.com.na www.google.com.ua www.google.mu google.co.uk google.co.ls
O1 - Hosts: 69.61.45.227 fr.search.yahoo.com google.com.ec google.fr google.nl www.google.mn google.bi google.com.tw
O1 - Hosts: 69.61.45.227 google.gm www.google.fr www.google.com.tw www.google.com.tr google.kz www.google.com.gt www.google.be
O1 - Hosts: 69.61.45.227 beta.search.msn.fi www.google.li beta.search.msn.fr www.google.az google.am google.cg www.google.co.ve
O1 - Hosts: 69.61.45.227 google.co.th google.com.cu www.google.no google.com.br google.com.gt search.xtramsn.co.nz www.google.co.nz
O1 - Hosts: 69.61.45.227 www.google.com.ph www.google.ro www.google.com.ni ca.search.yahoo.com search.msn.nl www.google.co.uk google.ro
O1 - Hosts: 69.61.45.227 google.pl www.google.lv www.google.td google.tt google.com.vc beta.search.msn.be search.ninemsn.com.au
O1 - Hosts: 69.61.45.227 www.google.tt search.msn.es google.lv google.com.nf www.google.de www.google.vg google.com.gr
O1 - Hosts: 69.61.45.227 google.com.ua search.msn.co.uk search.msn.fi www.google.kz google.com.pe google.sh google.at
O1 - Hosts: 69.61.45.227 www.google.com.co www.google.pl www.google.ru www.google.com.br search.msn.ch google.com.pa www.google.sh
O1 - Hosts: 69.61.45.227 www.google.com.cu google.com.ag www.google.gg www.google.com.uy google.gg www.google.ch google.fm
O1 - Hosts: 69.61.45.227 google.ae google.co.ke beta.search.msn.it www.google.com.do www.google.com.sg www.google.com.vc uk.search.yahoo.com
O1 - Hosts: 69.61.45.227 de.search.yahoo.com it.search.yahoo.com www.google.co.in search.msn.co.in auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PrivateIEBHO.CPrivateIEBHO - {BD0D4420-5E4C-4FCC-AFC0-EEA69B608E75} - C:\Program Files\Winferno\SIEPIE\PrivateIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Zen 2-Way Trans - {EA66F2B0-9C7B-414c-827E-148CD99B7F69} - C:\Program Files\LNISOFT\2-Way Trans\AtlBilinTrans.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\SIEPIE\SIEPulse.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [9a6bf28f.exe] C:\Documents and Settings\Dong W Kim\Local Settings\Application Data\9a6bf28f.exe
O4 - HKCU\..\Run: [42e8d246.exe] C:\Documents and Settings\Dong W Kim\Local Settings\Application Data\42e8d246.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: .protected
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: 비슷한 페이지 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 이전 링크 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 페이지의 저장된 스냅샷 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Private IE - {644B7837-F1E9-4dba-853C-7E304F51968B} - "C:\Program Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra button: (no name) - {B9030549-F0EA-40a7-8E3C-62A9FB0812D0} - "C:\Program Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra 'Tools' menuitem: Private IE - {B9030549-F0EA-40a7-8E3C-62A9FB0812D0} - "C:\Program Files\Winferno\SIEPIE\PrivateIE.exe" (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Zen 2-WayTran - {D58A6CFE-66C1-4b4d-A1ED-979B185913D2} - C:\Program Files\LNISOFT\2-Way Trans\AtlBilinTrans.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.medschool.temple.edu/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_9.CAB
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} (TURBO PLAYER Setup Control) - http://cdn.naver.com/naver/tms/dy/turbois9.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl286.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Touch.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spoolsv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzgn32 - C:\WINDOWS\SYSTEM32\winzgn32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Welcome to the forum

Please disable SpybotSD TeaTimer for now
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon and Uncheck the box next to Teatimer.
"resident tea timer"protection of all-over system settings) active"
Close SpyBot.
We will remind you to turn it on later
Start Hijackthis and place a check next to these items If there.
O4 - HKCU\..\Run: [9a6bf28f.exe] C:\Documents and Settings\Dong W Kim\Local Settings\Application Data\9a6bf28f.exe
O4 - HKCU\..\Run: [42e8d246.exe] C:\Documents and Settings\Dong W Kim\Local Settings\Application Data\42e8d246.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O20 - Winlogon Notify: winzgn32 - C:\WINDOWS\SYSTEM32\winzgn32.dll
Unless your using a costom hosts file fix all the O1 - Hosts: items
====================================
Hit fix checked scan and and fix this one item
O20 - AppInit_DLLs: C:\WINDOWS\system32\spoolsv.dll
Diregard the error and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re-download smithfraudfix, unzip, run it and choose option 1, post that log please.

This topic is closed due to lack of a response to helper. :scratch:

If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.

Re-opened upon request.

Sorry about the lack of response last time. I will be at this computer until tomorrow (Sunday) evening so I would appreciate any help as soon as possible.

I have done everything you recommended with HijackThis and now am posting the SmitFraudFix log you requested. Thank you again for your help!


SmitFraudFix v2.79

Scan done at 1:00:00.57, 2006-08-05
Run from C:\Virus Fix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\Web


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system32

C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\pmnqguh.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system32\LogFiles


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Documents and Settings\Dong W Kim\Application Data


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Start Menu

C:\DOCUME~1\DONGWK~1\STARTM~1\Programs\Startup\.protected FOUND !

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\DOCUME~1\DONGWK~1\FAVORI~1

C:\DOCUME~1\DONGWK~1\FAVORI~1\Antivirus Test Online.url FOUND !

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Program Files

C:\Program Files\Safety Bar\ FOUND !

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Corrupted keys


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g421609.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g421609.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Scanning wininet.dll infection


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End

Restart the pc into safe mode run smithfraudfix option 2
when it is done run ewido then SpyBot then your antivirus program.

I believe the author of smithfraudfix is about to update, i suggest you wait untill the last moment and redownload.(again)

ok, i've done all of those things. smitfraudfix caught a number of things, ewido found a bunch of malware, spybot did not find anything, and avast AV found 9 objects, all of which were deleted.

i don't see any lingering effects of the virus now but would you like to see any other scans/logs?

also, one other thing that may or may not be related is that i cannot seem to get windows automatic updates turned on. the windows security center can't turn it on and when i try to do it manually, the options are all grayed out. any ideas?

thanks again.

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


REGEDIT4
;
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=-
;

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC and enable autoupdates

I copied and pasted the code into Notepad and saved it as fixme.reg on the desktop. I left the encoding as the default ANSI (as opposed to unicode, among other options). I double-clicked fixme and it asked whether I wanted to add the registry code and I clicked yes. I then got a successfully added message, after which I rebooted.

After the reboot, I still got the balloon in the quick launch tray saying Automatic Updates is turned off. When I click on the balloon, it takes me to the Windows Security Center screen, where I clicked on "Turn on Automatic Updates". It then says that Security Center could not change the setting and tells me to do it myself under Control Panels. When I open the Automatic Updates from Control Panel, all of the options are still grayed out. :confused:

Is this related to any of my previous problems? And have all those problems been resolved?

Post the smithfraudfix log > c:\rapport.txt

Your time is limited on this pc ? if so why not just visit windows update

I already visited windows update and downloaded all of the essential updates. I just would like to set it so that it would do it automatically.

Here's the smitfraudfix log you requested. Thanks again for your help.

SmitFraudFix v2.80

Scan done at 20:24:14.06, 08/05/2006 Sat
Run from C:\Virus Fix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g421609.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g421609.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Killing process


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\g421609.dll -> Missing File


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting infected files

C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\pmnqguh.dll Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\Program Files\Safety Bar\ Deleted

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting Temp Files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Registry Cleaning

Registry Cleaning done.

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g421609.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g421609.dll"



뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End

g421609.dll was part of a differant infection, and is apparently Inactive

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


REGEDIT4
;
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"=-
[-HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Windows autoupdate:
Windows Update Greyed Out - Restore (Line 179)
http://www.kellys-korner-xp.com/xp_tweaks.htm
Automatic Updates options are grayed out?:
http://windowsxp.mvps.org/aupolicy.htm

jhk5241

Whats up ?

This topic is closed due to lack of a response.
If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.