Any help greatly appreciated

You need to get the other to logs requested (from ShowNew and GetRunkeys) see the beginning of step 5.

Then you need to get HijackThis installed properly per step 7 of the READ ME. You have it installed exactly where we specify not to install it. And attach a new HJT log.

 

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\Program Files\IntCodec\isamonitor.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\IntCodec\pmmon.exe
C:\Program Files\IntCodec\isamini.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\IntCodec\isaddon.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
Now back on Killbox's main window, Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

c:\windows\system32\viruxz.dll
c:\windows\system32\logs1.ini
C:\WINDOWS\msjp32.dll
C:\WINDOWS\slmst.dll
C:\WINDOWS\ynksx.dll
C:\Documents and Settings\GoJonnyGoGoGoGo\Local Settings\Temporary Internet Files\Content.IE5\4MYV54SY\safetyhomepage[2].htm
C:\Documents and Settings\GoJonnyGoGoGoGo\Local Settings\Temp\

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

After reboot locat the below folder and delete it if found:
C:\Program Files\IntCodec

Also delete all files in the below folder except ones from the current date (Windows will not let you delete the files from the current day).
C:\Documents and Settings\GoJonnyGoGoGoGo\Local Settings\Temp\

Now attach a new HJT log and tell me how the steps went.

Also attach a new log from ShowNew and a new log from GetRunKey!

Make sure you tell me how things are working now!

 

LOL! Wrong Back button huh?

 

You did not complete all my instructions! I asked for three new logs at the end. But hold off on that for now!


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply.

Note: process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. The below is a link to what process.exe is.

http://www.beyondlogic.org/consulting/proc...processutil.htm


IMPORTANT: Do NOT run any other options until you are asked to do so!

 

NO! Do the below!
PLEASE READ ALL OF THESE INSTRUCTIONS FIRST BEFORE DOING ANYTHING. Ask any questions that you may have before starting.

Please print out or copy these instructions to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. Again, if there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer into Safe Mode per the safe directions in the READ & RUN ME.

Open the SmitfraudFix Folder of your Desktop, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. BUT Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach this log along in your next reply.

Now attach new logs from Hijackthis, GetRunKey and before getting a new log from ShowNew, please download the new version just released. Then get a new log.

Also tell me how things are working.

 

Okay you're clean but we have a couple things to do!

First install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

Then uninstall the below old versions of software:
eTrust Antivirus Registration
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment, SE v1.4.2_05
Mozilla Firefox (1.5.0.1)

Now, if you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Download the attach special version of Shownew2.zip to the same place you downloaded the previous version. Then extract the ShowNew2.bat from the ZIP into the same folder where you extracted the previous version. Now run ShowNew2.bat. It will still popup a notepad window with newfiles.txt in it, but this one will include a full registry dump of of the uninstall list. From it I can create a patch to remove the eTrust Antivirus Registration !

Attach this version of newfiles.txt to you next message.

 

Let's try the below to remove eTrust & BingoLinerUK

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Then reboot and delete the BingoLinerUK folder if found. I'm not sure of the exact name but you should be able to find it if it exists. It may be the below:
C:\Program Files\BingoLinerUK

 

You're welcome. Surf safely!