PDA

View Full Version : Please help -PC illiterate "Smart AntiVirus 2009"


jwargo
2008-09-06, 09:13
--- Report generated: 2008-09-06 01:11 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Smitfraud-C.: [SBI $12AFAB04] Program directory (Directory, nothing done)
C:\WINDOWS\privacy_danger\

Smitfraud-C.gp: [SBI $69E2C5E3] Link (File, nothing done)
C:\Documents and Settings\HP_Administrator\Favorites\Error Cleaner.url

Smitfraud-C.gp: [SBI $180C14CB] Link (File, nothing done)
C:\Documents and Settings\HP_Administrator\Favorites\Privacy Protector.url

Smitfraud-C.gp: [SBI $A580ABCE] Link (File, nothing done)
C:\Documents and Settings\HP_Administrator\Favorites\Spyware&Malware Protection.url

Smitfraud-C.gp: [SBI $C40DD04E] Link (File, nothing done)
C:\Documents and Settings\HP_Administrator\Desktop\Spyware&Malware Protection.url

Smitfraud-C.gp: [SBI $41764C70] Link (File, nothing done)
C:\Documents and Settings\HP_Administrator\Desktop\Error Cleaner.url

AdWarePro: [SBI $0DAE711D] Program group (Directory, nothing done)
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AdWare Pro\

AdWarePro: [SBI $49B7BF2D] Program directory (Directory, nothing done)
C:\Program Files\AdWare Pro\

FunWebProducts: [SBI $561F0D2E] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Internet Explorer\MenuExt\&Search\=...http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml...

FunWebProducts: [SBI $E2D974B3] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Fun Web Products

MyWay.MyWebSearch: [SBI $17F9DD99] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin

MyWay.MyWebSearch: [SBI $A4CB4D37] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor

MyWay.MyWebSearch: [SBI $FE001122] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: [SBI $39BC590A] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

MyWay.MyWebSearch: [SBI $D40B462F] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: [SBI $4A61CD5B] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

MyWay.MyWebSearch: [SBI $6404C538] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $9FB1BDFC] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}

MyWay.MyWebSearch: [SBI $359D9C97] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}

MyWay.MyWebSearch: [SBI $8B97F486] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $B1C70274] Browser helper object (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $4991E2E9] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $BC537229] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $91B56C2A] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

MyWay.MyWebSearch: [SBI $C59FB266] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: [SBI $39556604] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

MyWay.MyWebSearch: [SBI $6D6DC0D4] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller

MyWay.MyWebSearch: [SBI $6D6DC0D4] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1

MyWay.MyWebSearch: [SBI $63E2271D] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

WildTangent: [SBI $3A3BDC07] Program directory (Directory, nothing done)
C:\WINDOWS\wt\

WildTangent: [SBI $98F61EF7] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}

WildTangent: [SBI $6D7AAFCA] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}

WildTangent: [SBI $9922D208] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA

WildTangent: [SBI $C1EB7028] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession

WildTangent: [SBI $C1EB7028] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Logger.LogSession.1

WildTangent: [SBI $C1EB7028] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}

WildTangent: [SBI $DFEDBBEE] Library (File, nothing done)
C:\WINDOWS\wt\webdriver.dll

WildTangent: [SBI $76830867] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\

WildTangent: [SBI $E30EC8B1] Program directory (Directory, nothing done)
C:\WINDOWS\wt\updater\

WildTangent: [SBI $7E3A8D37] Program directory (Directory, nothing done)
C:\WINDOWS\wt\webdriver\

MyWay.MyWebSearch: [SBI $EB159210] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin

WildTangent: [SBI $F4CA786D] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll

WildTangent: [SBI $48E52B7A] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll

WildTangent: [SBI $70A36532] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll

WildTangent: [SBI $57AC2B04] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll

WildTangent: [SBI $FA3E7013] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\sound.dll

WildTangent: [SBI $33D0A8B3] Data (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded

WildTangent: [SBI $3A288182] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll

WildTangent: [SBI $0D95F737] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll

WildTangent: [SBI $EF5864B8] Executable (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe

WildTangent: [SBI $5E4FE90B] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll

WildTangent: [SBI $E754B084] Library (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll

WildTangent: [SBI $34241099] Data (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar

WildTangent: [SBI $12199ED3] Data (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax

WildTangent: [SBI $5C2780DF] Configuration file (File, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini

WildTangent: [SBI $26C09B1F] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll

WildTangent: [SBI $63F4F3FF] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar

WildTangent: [SBI $804DDEF3] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll

WildTangent: [SBI $26BFA74D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll

WildTangent: [SBI $68513AA0] Web page (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html

WildTangent: [SBI $2487DD7F] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo

WildTangent: [SBI $F592C3CE] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas

WildTangent: [SBI $04E23F08] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll

WildTangent: [SBI $B4EDF1CF] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll

WildTangent: [SBI $8CABBF87] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll

WildTangent: [SBI $ED43828D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll

WildTangent: [SBI $0FA0FA58] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll

WildTangent: [SBI $C5FEC452] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt

WildTangent: [SBI $FABA25A5] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll

WildTangent: [SBI $7AF0934D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll

WildTangent: [SBI $ACC25733] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll

WildTangent: [SBI $182877A2] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded

WildTangent: [SBI $8CB11822] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll

WildTangent: [SBI $8A56CE01] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo

WildTangent: [SBI $2561FC4F] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas

WildTangent: [SBI $17F84302] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas

WildTangent: [SBI $DBF5CD46] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll

WildTangent: [SBI $0950EEBC] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar

WildTangent: [SBI $02247FE3] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini

WildTangent: [SBI $4D7964E3] Executable (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe

WildTangent: [SBI $748358C8] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll

WildTangent: [SBI $5CA3FF5D] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll

WildTangent: [SBI $7191D734] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar

WildTangent: [SBI $E8D62D17] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll

WildTangent: [SBI $57AC597E] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax

WildTangent: [SBI $DC390771] Configuration file (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini

WildTangent: [SBI $2BEC8AF7] Web page (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html

WildTangent: [SBI $C6EC39EE] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts

WildTangent: [SBI $61C460B4] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll

WildTangent: [SBI $9DA91D1A] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll

WildTangent: [SBI $692D7608] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts

WildTangent: [SBI $19E548FB] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo

WildTangent: [SBI $F1CDDC45] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas

WildTangent: [SBI $D096B74C] Library (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll

WildTangent: [SBI $46E91277] Web page (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html

WildTangent: [SBI $9CBE777F] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo

WildTangent: [SBI $1BA2197E] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas

WildTangent: [SBI $AF3105ED] Data (File, nothing done)
C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts

WildTangent: [SBI $33EF52D1] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\

WildTangent: [SBI $712CFF7C] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\wtupdater\

WildTangent: [SBI $B8D31319] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\wtwebdriver\

WildTangent: [SBI $46FA3174] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\

WildTangent: [SBI $5BB5BCDB] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\

WildTangent: [SBI $420FC500] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\

WildTangent: [SBI $9B9A301B] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\

WildTangent: [SBI $AEA200D6] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\

WildTangent: [SBI $17519F1E] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\

WildTangent: [SBI $0166288F] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\

WildTangent: [SBI $EE84C73B] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\

WildTangent: [SBI $2D970569] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\

WildTangent: [SBI $989A2343] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\

WildTangent: [SBI $53D6EE96] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\4.1.1\

WildTangent: [SBI $5B12A850] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\webd\

WildTangent: [SBI $686A4944] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\

WildTangent: [SBI $106C8F12] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\

WildTangent: [SBI $9D7B5572] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\

WildTangent: [SBI $BB43DE42] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\

WildTangent: [SBI $8D754529] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\DRM\

WildTangent: [SBI $140672DA] Program directory (Directory, nothing done)
C:\WINDOWS\wt\webdriver\4.1.1\

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.System: [SBI $51373AEE] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage

Microsoft.Windows.System: [SBI $D619D565] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage

Microsoft.Windows.System: [SBI $8E2F7540] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCpl

Microsoft.Windows.System: [SBI $7F8E43F4] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

FunWeb: [SBI $EABD1904] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

MyWebSearch: [SBI $2657A585] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers

NNC.MGRS: [SBI $D7CE2F4E] IE start page (Registry change, nothing done)
HKEY_USERSS-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\Internet Explorer\Main\Start Page=about:blank

Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4268823431-1633541580-2427390507-1007\Software\Microsoft\rdfa

Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

Zlob.Downloader.rid: [SBI $A36DC7FF] Library (File, nothing done)
C:\WINDOWS\gksraemq.dll

Zlob.Downloader.vcd: [SBI $3A7819FB] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo

Smitfraud-C.MSVPS: [SBI $117873AC] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A636CC73-F66B-4D1A-947D-39EE0CE1CEC3}

Smitfraud-C.MSVPS: [SBI $117873AC] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A636CC73-F66B-4D1A-947D-39EE0CE1CEC3}

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\xxywUNGX.dll

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\mlJYRkKa.dll

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\awtsRjig.dll

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\tuvVmMDv.dll

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\opnkiJay.dll

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\qoMeDwWP.dll

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\qoMeeDvU.dll

Virtumonde.dll: [SBI $F44F2757] Library (File, nothing done)
C:\WINDOWS\system32\fcccbxvt.dll

Zlob.Downloader.bs: [SBI $0D9D15D5] Library (File, nothing done)
C:\WINDOWS\dgksvbpn.dll

Zlob.Downloader.vcd: [SBI $E018B59A] Library (File, nothing done)
C:\WINDOWS\xrdwbfgn.dll

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-09-06 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-09-02 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-02 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-02 Includes\Keyloggers.sbi (*)
2008-09-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-02 Includes\Malware.sbi (*)
2008-09-02 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-02 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-02 Includes\Spyware.sbi (*)
2008-09-02 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-03 Includes\Trojans.sbi (*)
2008-09-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


Showed some things fixed , but then everything recurred,

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:19: VIRUS ALERT!, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartantivirus2009buy.com/buy.php?aff=1005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: gksraemq - {FF61FEF9-D771-4BB1-81E7-C55B3AED213E} - C:\WINDOWS\gksraemq.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [78b6f8a2] rundll32.exe "C:\WINDOWS\system32\amrtqipe.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Smart Antivirus-2009.exe] C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
O4 - HKCU\..\Run: [AdWareProT] C:\Program Files\AdWare Pro\AdWarePro.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view22.com/app/view22RTE.cab
O20 - AppInit_DLLs: fvfynq.dll
O21 - SSODL: dgksvbpn - {21686F55-4847-4A4A-B679-7B3FB92EAC1E} - C:\WINDOWS\dgksvbpn.dll (file missing)
O21 - SSODL: xrdwbfgn - {C36AA338-5677-43C1-9923-56E050FCFD06} - C:\WINDOWS\xrdwbfgn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 12124 bytes
Blade81
2008-09-09, 21:29
Hi

Disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
jwargo
2008-09-10, 04:10
omboFix 08-09-05.12 - HP_Administrator 2008-09-09 20:57:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1431 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Desktop\Privacy Protector.url
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\edkx.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\system32\buduibim.dll
C:\WINDOWS\system32\bwawubbr.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\epiqtrma.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fvfynq.dll
C:\WINDOWS\system32\giqgsq.dll
C:\WINDOWS\system32\gtgapg.dll
C:\WINDOWS\system32\lkqimxuo.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mqkvtden.dll
C:\WINDOWS\system32\MSVolume.dll
C:\WINDOWS\system32\nedtvkqm.ini
C:\WINDOWS\system32\nmlfna.dll
C:\WINDOWS\system32\oxousabv.dll
C:\WINDOWS\system32\qoMeeDvU.dll
C:\WINDOWS\system32\sAdfPqru.ini
C:\WINDOWS\system32\sAdfPqru.ini2
C:\WINDOWS\system32\vkixui.dll
C:\WINDOWS\system32\walaesxu.dll
C:\WINDOWS\system32\wjoohaqd.dll
C:\WINDOWS\system32\yhmnvieo.ini
C:\WINDOWS\system32\yrfejxmf.dll
C:\WINDOWS\vanwxemgkrp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
.

2008-09-06 02:19 . 2008-09-06 02:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-06 00:11 . 2008-09-06 00:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-06 00:11 . 2008-09-06 01:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 23:59 . 2008-09-05 23:59 <DIR> d-------- C:\WINDOWS\AdWare Pro
2008-09-05 23:58 . 2008-09-06 01:14 <DIR> d-------- C:\Program Files\AdWare Pro
2008-09-05 23:21 . 2008-09-05 23:21 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-09-05 23:19 . 2008-09-05 23:19 <DIR> d-------- C:\WINDOWS\system32\Logfiles
2008-09-05 23:05 . 2008-09-05 23:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 23:05 . 2008-09-05 23:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-09-05 23:04 . 2008-09-05 23:05 <DIR> d-------- C:\WINDOWS\privacy_danger(2)
2008-09-05 22:54 . 2008-09-05 22:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-09-05 22:11 . 2008-09-05 22:11 326,656 --a------ C:\WINDOWS\system32\urqPfdAs.dll
2008-09-05 22:06 . 2008-09-05 22:06 <DIR> d-------- C:\Program Files\Smart Antivirus 2009
2008-09-05 22:05 . 2008-09-05 18:23 131,072 --a------ C:\WINDOWS\sxmaokgf.exe
2008-08-19 16:43 . 2008-08-19 16:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-08-19 15:44 . 2008-08-19 16:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-16 13:27 . 2008-08-16 13:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-16 13:26 . 2008-08-16 13:27 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-16 13:23 . 2008-08-16 13:23 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-16 13:21 . 2008-08-16 13:21 <DIR> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 04:05 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-09-06 04:03 286,720 ------w C:\WINDOWS\Setup1.exe
2008-09-06 04:02 --------- d-----w C:\Program Files\TheCleaner
2008-09-06 03:20 --------- d-----w C:\Program Files\iWin.com
2008-09-06 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-06 02:23 --------- d-----w C:\Program Files\Lavasoft
2008-09-06 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-04 11:32 --------- d-----w C:\Program Files\McAfee
2008-08-26 13:25 --------- d-----w C:\Program Files\Quicken
2008-08-07 21:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 21:51 --------- d-----w C:\Program Files\Activision Value
2008-08-07 20:58 --------- d-----w C:\Program Files\Scholastic
2008-08-07 16:23 --------- d-----w C:\Program Files\The Learning Company
2008-02-03 19:34 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4A009B-EEB4-4C7E-9A3E-E2674481B069}]
2008-09-05 22:11 326656 --a------ C:\WINDOWS\system32\urqPfdAs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"iIWiper"="C:\Program Files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-08 180269]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-14 24576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-05-09 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-08 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gtgapg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{8A972062-A5E7-4B65-A405-0FBB9C80E082} - (no file)
BHO-{E07D22E1-CE3A-487F-B754-8044DBEDB049} - C:\WINDOWS\system32\qoMeeDvU.dll
BHO-{e373b6d8-3956-406e-95c2-5e44c0af8d78} - (no file)
Toolbar-{FF61FEF9-D771-4BB1-81E7-C55B3AED213E} - C:\WINDOWS\gksraemq.dll
HKCU-Run-AdWareProT - C:\Program Files\AdWare Pro\AdWarePro.exe
HKLM-Run-ncoOSCheck - C:\Program Files\Norton Confidential\osCheck.exe
HKLM-Run-78b6f8a2 - C:\WINDOWS\system32\mqkvtden.dll
HKLM-Run-PCDrProfiler - (no file)
ShellExecuteHooks-{E07D22E1-CE3A-487F-B754-8044DBEDB049} - C:\WINDOWS\system32\qoMeeDvU.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iw7g7ame.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://footballguys.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 21:02:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hposts08.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-09-09 21:05:24 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-09-10 01:05:21

Pre-Run: 257,881,092,096 bytes free
Post-Run: 257,774,043,136 bytes free

222 --- E O F --- 2008-08-13 02:36:04
Blade81
2008-09-10, 07:52
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\LimeWire


Empty Recycle Bin.

After that:

Re-run ComboFix and post back its report.
tashi
2008-09-17, 20:41
jwargo,

As it has been five days or more since your last post, and your helper posted a response to which you did not reply, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.