Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT. Click fix checked:
F3 - REG:win.ini: run=C:\Documents and Settings\Administrator\WINDOWS\inet20125\services.exe
O4 - HKCU\..\Run: [xp_system] C:\Documents and Settings\Administrator\WINDOWS\inet20125\services.exe
You may want to print this or save it to notepad as we will go to safe mode.
Re-start your PC in Safe mode, by holding down the F8 button during the initial start up procedure. Use the up and down arrow keys to select Start PC in safe mode and hit the enter key. This will start your PC with only essential Windows programmes running.
Please set your system to show all files. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.
Delete the following files or folders (delete item in bold). Please do not be concerned if any of the items are not found as they may have been automatically removed by actions I had you take earlier in the cleaning process.
C:\Documents and Settings\Administrator\WINDOWS\inet20125\services.exe
Extract the content (a folder named SmitfraudFix) to your Desktop.
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Note: process.exe is detected by some antivirus programsas a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Post a fresh hijackthis log with rapport txt, and tell how your computer are behaving
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.