I am experiencing recurring malware such as tagasaurus and three or four others. I fix with Spybot daily, and it keeps recurring.

Below are the current Kaspersky scan and the Hijack This log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 1:20:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 549931
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82924
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:19:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Application Data\Identities\{9C5B8D5D-7F57-4904-9821-39F113A57F21}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Application Data\Identities\{9C5B8D5D-7F57-4904-9821-39F113A57F21}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Application Data\Identities\{9C5B8D5D-7F57-4904-9821-39F113A57F21}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Application Data\Identities\{9C5B8D5D-7F57-4904-9821-39F113A57F21}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\History\History.IE5\MSHist012008020520080206\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jeff Sport\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SmartVideoCodec\SmartVideoCodec.ocx Infected: Trojan.Win32.Agent.edg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP16\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_g6iN3i7cDPlRQqT Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:28 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172968119186
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8873 bytes

Thanks for any help.

--Jeff Sport

hi,

i dont see anything that looks like tagasaurus, other than spybot finding it are you having any popups or unknown tool/search bars in Internet Explorer? other symptoms?

please post a uninstall list:

start hjt
click on open misc tools section
uinstall list
copy the list in next reply

that may not be exactly correct, iam in linux and cant check exactly. all it does is make a list of whats in your add/remove programs panel. you then can copy/paste it.
do you see SmartVideoCodec listed?

shelf life

Thanks for the feedback. I am seeing pop up screens if I leave windows open long enough.

Also, Smart Video Codec is in the list.

123 Copy DVD Uninstall
Accounting Manager Demo
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
America Online (Choose which version to remove)
ArcSoft Software Suite
Bluetooth Stack for Windows by Toshiba
Brother HL-2040
Brother MFL-Pro Suite
Business Valuation Model
Business Valuation Specialist (Remove Only)
CD/DVD Drive Acoustic Silencer
CopySafe Plugin
CutePDF Writer 2.7
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD X Copy Platinum 4.0.3
DVD X Rescue
DVD-RAM Driver
DVDXCopy Platinum 4.0.3
FinePixViewer Ver.4.1
FUJIFILM USB Driver
GearDrivers
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ImageMixer VCD2 for FinePix
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
Java(TM) 6 Update 3
Kaspersky Online Scanner
K-Lite Codec Pack 3.2.5 Standard
KM-NET for Clients
KM-NET for Direct Printing
KM-NET VIEWER
KPrint
Kyocera KM-5050 Product Library
Kyocera TWAIN Driver
Learn2 Player (Uninstall Only)
LimeWire 4.14.10
McAfee SecurityCenter
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI
mIWA
mIWCA
mLogView
mMHouse
MotoBlade Unlock Software
MP4 Player
MP4 Player 4.0
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
mZConfig
NewzToolz-EZ v1.3.0
Notebook Maximizer
Panda TotalScan
PaperPort 8.0 SE
Pdf995
PdfEdit995
PPC Library
Pure Networks Port Magic
QuickBooks Pro 2005
Quicken 2005
QuickTime
RAW FILE CONVERTER LE
RealPlayer Basic
SD Secure Module
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Serif PhotoPlus 6.0
SimpleOCR 3.1
Smart Video Codec v1.6
SMSC IrCC V5.1.3600.5 SP2
Sonic DLA
Sonic RecordNow!
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
TaxACT 2004 Preparer's - 1040 Edition
TaxACT 2005 Preparer's - 1040 Edition
TaxACT 2006 Preparer's - 1040 Edition
TaxACT Alabama 2004
TaxACT Alabama 2005
TaxACT Alabama 2006
TaxACT Delaware 2005
TaxACT Kentucky 2005
TaxACT Mississippi 2005
TaxACT Mississippi 2006
TaxACT New York 2005
TaxACT North Carolina 2005
TaxACT Virginia 2005
Texas Instruments PCIxx21/x515 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Q4 Retail Demo ScreenSaver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TurboTax Business 2003
TurboTax Business 2004
TurboTax Business 2005
TurboTax Business 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
Xingtone Ringtone Maker
Xingtone's Mobile MediaShare

--Jeff

hi,

ok thanks for the info.
uninstall Smart Video Codec via the add/remove programs panel. reboot computer once. This is a rouge codec that installs malware. in some cases the uninstall feature might or might not remove it.

EDIT:
hold off on that for now. lets try smitfraudfix first:

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search- by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

Thanks.

Let me know when to remove the codec.

SmitFraudFix v2.281

Scan done at 20:27:33.62, Thu 02/07/2008
Run from C:\Documents and Settings\Jeff Sport\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff Sport


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff Sport\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEFFSP~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.87.68.162
DNS Server Search Order: 68.87.74.162

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.15.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{75412C16-9CB1-4977-ABEF-5C685EDE7123}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{99875973-9DAD-495F-B974-6443E2EEF4AC}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{75412C16-9CB1-4977-ABEF-5C685EDE7123}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{99875973-9DAD-495F-B974-6443E2EEF4AC}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\..\{75412C16-9CB1-4977-ABEF-5C685EDE7123}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{99875973-9DAD-495F-B974-6443E2EEF4AC}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

hi,

thanks for the info. smitfraudfix looks ok. go ahead and run the
Smart Video Codec via the add/remove programs panel. see if anything improves

if not then download combofix:

Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any antimalware programs that might have real time protection running.Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Here is the combofix log. It ran very quickly. However, my virus scan ran earlier today and quarantined 4 trojans.

ComboFix 08-02.05.3 - Jeff Sport 2008-02-08 21:13:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1038 [GMT -6:00]
Running from: C:\Documents and Settings\Jeff Sport\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

----- BITS: Possible infected sites -----

hxxp://77.91.228.184
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-08 15:13 . 2008-02-08 15:13 <DIR> d-------- C:\Documents and Settings\Jeff Sport\Application Data\Corel
2008-02-08 15:13 . 2008-02-08 15:13 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-08 15:09 . 2008-02-08 15:10 <DIR> d-------- C:\Program Files\WordPerfect Office X3
2008-02-08 15:09 . 2008-02-08 15:09 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-08 15:09 . 2008-02-08 15:09 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-02-08 15:09 . 2008-02-08 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-08 15:09 . 2008-02-08 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Borland
2008-01-10 19:36 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 15:52 --------- d-----w C:\Program Files\123 Copy DVD
2008-02-05 05:24 --------- d-----w C:\Documents and Settings\Jeff Sport\Application Data\uTorrent
2008-02-02 21:14 --------- d-----w C:\Documents and Settings\Jeff Sport\Application Data\LimeWire
2008-01-25 22:24 --------- d-----w C:\Program Files\Jeffrey Sport CPA
2008-01-24 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUIIMAGE
2008-01-20 15:39 --------- d-----w C:\Program Files\McAfee
2008-01-14 20:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-14 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-11 13:19 --------- d-----w C:\Program Files\MP4 Player
2008-01-11 04:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 04:29 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-11 04:29 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-11 04:29 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 03:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-07 14:21 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-07 14:18 691,481 ----a-w C:\WINDOWS\unins000.exe
2007-12-22 04:04 --------- d-----w C:\Program Files\uTorrent
2007-12-20 18:47 --------- d-----w C:\Program Files\Java
2007-12-20 18:46 --------- d-----w C:\Program Files\Common Files\Java
2007-12-19 04:28 --------- d-----w C:\Program Files\Trend Micro
2007-12-18 18:06 1,224,787 ----a-w C:\SDFix.exe
2007-12-18 05:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 23:39 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 0 2004-02-06 16:29:17 C:\Program Files\321Studios\Platinum\bak\makedir

----a-w 45,056 2003-10-31 05:29:38 C:\Program Files\Brother\Brmfl03a\bak\BrStDvPt.exe
------w 45,056 2003-10-31 06:29:38 C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe

----a-w 270,336 2005-12-12 15:40:40 C:\Program Files\ExamSoft\SofTest\Bak\01_673-Legislation_01(Mitchell)_F05-051212_32.bak

----a-w 288,768 2005-12-12 16:12:40 C:\Program Files\ExamSoft\SofTest\Bak\02_673-Legislation_01(Mitchell)_F05-051212_64.bak

----a-w 307,200 2005-12-12 16:44:42 C:\Program Files\ExamSoft\SofTest\Bak\03_673-Legislation_01(Mitchell)_F05-051212_96.bak

----a-w 321,536 2005-12-12 17:16:44 C:\Program Files\ExamSoft\SofTest\Bak\04_673-Legislation_01(Mitchell)_F05-051212_128.bak

----a-w 323,584 2005-12-12 17:20:44 C:\Program Files\ExamSoft\SofTest\Bak\05_673-Legislation_01(Mitchell)_F05-051212_FinalClose.bak

----a-w 323,584 2005-12-12 17:20:44 C:\Program Files\ExamSoft\SofTest\Bak\06_Legislation_01(Mitchell)_F05673_FinalRestart.bak

----a-w 260,096 2005-12-13 15:39:32 C:\Program Files\ExamSoft\SofTest\Bak\07_673-ProfessionalResponsibility_01(GarrettJ)_F05-051213_32.bak

----a-w 272,384 2005-12-13 16:11:34 C:\Program Files\ExamSoft\SofTest\Bak\08_673-ProfessionalResponsibility_01(GarrettJ)_F05-051213_64.bak

----a-w 284,672 2005-12-13 16:43:36 C:\Program Files\ExamSoft\SofTest\Bak\09_673-ProfessionalResponsibility_01(GarrettJ)_F05-051213_96.bak

----a-w 299,008 2005-12-13 17:15:36 C:\Program Files\ExamSoft\SofTest\Bak\10_673-ProfessionalResponsibility_01(GarrettJ)_F05-051213_128.bak

----a-w 325,632 2005-12-13 17:47:38 C:\Program Files\ExamSoft\SofTest\Bak\11_673-ProfessionalResponsibility_01(GarrettJ)_F05-051213_160.bak

----a-w 325,632 2005-12-13 17:47:38 C:\Program Files\ExamSoft\SofTest\Bak\12_673-ProfessionalResponsibility_01(GarrettJ)_F05-051213_FinalClose.bak

----a-w 325,632 2005-12-13 17:47:38 C:\Program Files\ExamSoft\SofTest\Bak\13_ProfessionalResponsibility_01(GarrettJ)_F05673_FinalRestart.bak

----a-w 272,384 2006-05-11 00:07:38 C:\Program Files\ExamSoft\SofTest\Bak\14_893-Wills&Trusts_Reynolds_02_S06-060510_32.bak

----a-w 288,768 2006-05-11 00:39:40 C:\Program Files\ExamSoft\SofTest\Bak\15_893-Wills&Trusts_Reynolds_02_S06-060510_64.bak

----a-w 299,008 2006-05-11 01:11:42 C:\Program Files\ExamSoft\SofTest\Bak\16_893-Wills&Trusts_Reynolds_02_S06-060510_96.bak

----a-w 319,488 2006-05-11 01:43:44 C:\Program Files\ExamSoft\SofTest\Bak\17_893-Wills&Trusts_Reynolds_02_S06-060510_128.bak

----a-w 331,776 2006-05-11 02:15:46 C:\Program Files\ExamSoft\SofTest\Bak\18_893-Wills&Trusts_Reynolds_02_S06-060510_160.bak

----a-w 337,920 2006-05-11 02:31:47 C:\Program Files\ExamSoft\SofTest\Bak\19_893-Wills&Trusts_Reynolds_02_S06-060510_FinalClose.bak

----a-w 337,920 2006-05-11 02:31:47 C:\Program Files\ExamSoft\SofTest\Bak\20_Wills&Trusts_Reynolds_02_S06893_FinalRestart.bak

----a-w 272,384 2006-05-11 19:30:54 C:\Program Files\ExamSoft\SofTest\Bak\21_893-Antitrust_Chinaris_01_S06-060511_32.bak

----a-w 280,576 2006-05-11 20:02:57 C:\Program Files\ExamSoft\SofTest\Bak\22_893-Antitrust_Chinaris_01_S06-060511_64.bak

----a-w 294,912 2006-05-11 20:34:58 C:\Program Files\ExamSoft\SofTest\Bak\23_893-Antitrust_Chinaris_01_S06-060511_96.bak

----a-w 307,200 2006-05-11 21:07:00 C:\Program Files\ExamSoft\SofTest\Bak\24_893-Antitrust_Chinaris_01_S06-060511_128.bak

----a-w 315,392 2006-05-11 21:31:02 C:\Program Files\ExamSoft\SofTest\Bak\25_893-Antitrust_Chinaris_01_S06-060511_FinalClose.bak

----a-w 385,024 2004-10-15 19:27:56 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe

----a-w 184,320 2005-04-12 23:18:46 C:\Program Files\ltmoh\bak\Ltmoh.exe

----a-w 28,672 2004-05-25 21:35:59 C:\Program Files\Notebook Maximizer\bak\maximizer_startup.exe

----a-w 98,304 2005-07-28 21:21:40 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 53,248 2002-02-05 03:32:10 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE

----a-w 36,864 2002-08-12 15:07:26 C:\Program Files\Scansoft\PaperPort\bak\IndexSearch.exe
----a-w 36,864 2002-08-12 16:07:26 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

----a-w 45,108 2002-08-12 14:33:34 C:\Program Files\Scansoft\PaperPort\bak\pptd40nt.exe
----a-w 45,108 2002-08-12 15:33:34 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

----a-w 688,218 2004-10-14 22:26:40 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 98,394 2004-10-14 22:28:02 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe

----a-w 65,536 2004-12-30 07:32:20 C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe

----a-w 356,352 2005-08-10 18:23:02 C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe

----a-w 122,880 2005-04-26 23:13:20 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe

----a-w 1,077,301 2004-09-07 21:03:20 C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe

----a-w 73,728 2005-04-05 23:25:34 C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe

----a-w 151,552 2005-03-18 00:37:26 C:\Toshiba\IVP\ISM\bak\pinger.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-06-08 02:59:06 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-06-08 03:03:08 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-06-08 03:02:22 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 122,941 2005-05-31 13:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 07:00 639488]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 17:17 88358 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 09:33 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 10:07 36864]
"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 00:29 45056]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 23:21 83568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-06-09 20:49:52 241664]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-02 20:03:35 815104]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-28 14:56:17 155648]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-03 11:29:12 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 13:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 11:05]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-14 00:04]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 13:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 13:12]
S3 PNDIS5;PNDIS5 NDIS Protocol Driver;D:\PNDIS5.SYS []
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-05-30 19:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 07:33:49 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-01 06:00:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 21:16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 21:17:07
ComboFix-quarantined-files.txt 2008-02-09 03:16:45
ComboFix2.txt 2007-12-17 17:51:46
.
2008-01-12 16:15:08 --- E O F ---


Thanks for the help.

hi,

thanks for the info.
the first online scan just shows:

C:\Program Files\SmartVideoCodec\SmartVideoCodec.ocx Infected: Trojan.Win32.Agent.

the combofix log looks ok, the smitfraud log also.
you ran the uninstaller for Smart Video Codec?
---------------------------
what about adaware is it finding anything?
what iam getting at is iam having a hard time finding any malware in your logs.
next time you do a spybot scan, on the result window you can click and chose save report. there may be a second option but i only need the one that shows the scan findings.
that should be close anyway, i am in linux and cant check on exactly how to do it. we could also try a second different online scanner to see what it can dig up:

ESET online scanner:



http://www.eset.com/onlinescan/



uses Internet Explorer only

check "YES" to accept terms

click start button

allow the ActiveX component to install

click the start button. the Scanner will update.

check both "Remove found threats" and "Scan unwanted applications"

click scan

when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt

please copy/paste that log in next reply.

Adaware log is below. I removed the Smart Video Codec, although Add/Remove Programs would not remove it. I deleted it from the Programs directory directly.

All AdAware found was some tracking cookies.

Ad-Aware 2007 Build
Log File Created on: 2008-02-09 20:39:50
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: JEFF-SPORT
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: Intel(R) Pentium(R) M processor 1.73GHz
Memory Available: 61%
Total Physical Memory: 1601613824 Bytes
Available Physical Memory: 970653696 Bytes
Total Page File Size: 2240401408 Bytes
Available On Page File: 1770885120 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1912860672 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 49
Build Number: 0
Build Date and Time: 2008/02/04 02:59:53

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 250515
Infections Detected: 133
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 130 130
File Hash Scan..: 0 0

(I can post these if you want, but they made my message too long.)

Items Ignored During Scan
===========================


Listing of running processes
===========================

(I did not post anything from this section.)

hi,

thanks for the info, cookies arent to much to be concerned about.
this:
C:\Program Files\MP4 Player
which is in your add/remove programs panel
see this link;
http://www.bleepingcomputer.com/startups/MP4_Player-21448.html

is spybot still finding items? if so try saving and posting the scan results from it.

shelf life