In the bottom right tray is this annoying little red circle with a yellow exclamation point in it. I , like many other frustrated people on this board can’t get rid of the problem with the usual spy ware removal programs. When I click on it it opens this window.

Hi

Welcome to GTG!

Please post the following logs:

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.


* Click here to download SmitfraudFix.zip and save it to your desktop.

• Unzip (extract) the contents of SmitfraudFix.zip to a new SmitfraudFix folder on your desktop.
• Open the SmitfraudFix folder and double-click the smitfraudfix.cmd file.
• Select option #1 - Search by typing 1 and press "Enter"
• A text file will appear, which lists the infected files that it finds, if any.
• Copy and paste the contents of that report into your next reply to this thread.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Come back here and copy and paste these three logs. Don't attach the logs please:

Hijack This log
Uninstall list
Smitfraudfix log

Logfile of HijackThis v1.99.1
Scan saved at 7:39:03 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\VVNFUg\command.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmog.dll,startup
O4 - HKLM\..\Run: [lbmpmmc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lbmpmmc.dll,ksfzzdg
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161631068046
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VVNFUg\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



The uninstall list will not save. Each time I click on the save list button it closes and never asks for a file save location.

SmitFraudFix v2.119

Scan done at 20:13:29.35, Mon 11/06/2006
Run from C:\Documents and Settings\Rob\Desktop\New Folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\drvmog.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Rob\FAVORI~1

C:\DOCUME~1\Rob\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VirusBursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

* Download the free version of AVG Anti-Spyware 7.5 here.

• Click on the "Download Now" button and save the setup file to your desktop.
• Doubleclick on the avgas-setup file to begin the installation.
• When the installation is complete, open AVG Anti-Spyware and update the definition files.
• On the main screen click on the "Update now" link and the update should begin immediately.
  • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
• If you cannot download the updates, update manuallly according to the directions here.
• If you do the manual update, look under "Full database" and click the "Download now" button.
• DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Run AVG Anti-Spyware:

• Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• It will then begin the scanning process, be patient it may take a while for the scan to complete.
• When the scan is complete, you must select an action.
• Select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen
• Save the report as a text file and save it to your desktop.
• Close AVG Anti-Spyware.

* Run the SmitfraudFix:

• Open the SmitfraudFix folder again and double-click the smitfraudfix.cmd file.
• Select option #2 - Clean by typing 2 and press "Enter" to delete the infected files.
• You will receive this prompt:
  
  • "Registry cleaning - Do you want to clean the registry ?"
• Answer "Yes" by typing Y and press "Enter" and it will begin cleaning the infection.
• Next the tool will check to see if wininet.dll is infected.
• You may be prompted to replace the infected wininet.dll file if it is found.
• Answer "Yes" by typing Y and press "Enter".
• The tool may need to restart your computer to finish the cleaning process.
• If it doesn't restart your computer automatically when it is finished, restart it back to Windows normally yourself.
• A text file will appear onscreen, with results from the cleaning process.
• Copy and paste the contents of that report into your next reply to this thread along with a new Hijack This log.
• If the report doesn't open after you restart back to Windows normally, the report can be found at the root of the system drive, usually C:\rapport.txt.

And the servey says!



------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:06:46 PM 11/6/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
C:\WINDOWS\VVNFUg\asappsrv.dll -> Adware.CommAd : Cleaned.
C:\WINDOWS\VVNFUg\command.exe -> Adware.CommAd : Cleaned.
C:\Program Files\Common Files\{A4461FB9-0960-1033-0713-060823060001}\services.dll -> Adware.Softomate : Cleaned.
:mozilla.215:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.370:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.229:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.484:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.485:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.486:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.278:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.279:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.158:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.159:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.160:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.161:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.470:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.471:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.472:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.204:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.305:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.25:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.133:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.186:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.316:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.317:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.318:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.319:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.320:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.321:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.322:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.276:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.174:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.175:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.176:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.177:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.44:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.16:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\bnrpjdte.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.178:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.464:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.465:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.52:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.108:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.117:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.120:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.203:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.230:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.235:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.511:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.151:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.154:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.155:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.156:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.255:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.256:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.68:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.454:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.497:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.498:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.170:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.171:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.172:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.375:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.28:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.29:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.30:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.376:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.377:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.267:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.268:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.56:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.57:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.58:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.59:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.60:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.61:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.62:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.63:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.401:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.123:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.124:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.125:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.126:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.127:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.128:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.129:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.130:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.405:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.406:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.407:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.408:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.409:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.416:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.51:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.420:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.421:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.422:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.426:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.427:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.428:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.429:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.430:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.431:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.432:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.95:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.96:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.97:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.98:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.198:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.461:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.195:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.196:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.197:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Rob\Cookies\rob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\winbfi32.dll -> Trojan.Agent.vg : Cleaned.


::Report end





SmitFraudFix v2.119

Scan done at 21:07:56.45, Mon 11/06/2006
Run from C:\Documents and Settings\Rob\Desktop\New Folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\drvmog.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Rob\FAVORI~1

C:\DOCUME~1\Rob\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VirusBursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 9:31:05 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmog.dll,startup
O4 - HKLM\..\Run: [lbmpmmc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lbmpmmc.dll,ksfzzdg
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161631068046
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VVNFUg\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



When I ran the smitfraudfix, I was never asked to clean the registry. All it did was generate the report.

Did you not run the Smitfraudfix like these directions say?:
The log that you posted was the log from running option 1 just like you posted the first time, not option 2 like my directions say. Running option 1 doesn't fix anything. Option 1 only creates a log to show what infected files are there. Option 2 does the cleaning.

Before we do anything else you need to boot to safe mode and follow those directions quoted above and run option 2 just as it says. Come back here after that and post the new c:\rapport.txt file and a new Hijack This log.

Thanks for your patients with me.

I have started in safe mode by using F8 and thru the msconfig menu. I made sure to select option 2 in the smitfraudfix menu and each time all it will do is create the log. I am never prompted to enter “Y” to clean.

Is there anything to turn off or on in the msconfig menu?
I am logged in as administrator.

Thanks,

Rob.

I'm not sure what is going on so I want you to try redownloading the smifraudfix again. First delete the old folder and files.

The only thing I can think of right off hand other than the download being bad is that maybe you didn't unzip the smitfraudfix.zip file. Make sure it is unzipped before you run the fix.

I deleted all the smitfraudfix files and downloaded them again, extracted all files saved them to my desktop, rebooted in safe mode ran the fix, (option 2) I still do not get the option to clean the registry.

I have discoverd thrue ad-aware SE a win32 trojen downloader.

Here is the scan file, Below that is a new hjt record:

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, November 08, 2006 9:58:38 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R130 06.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.TrojanDownloader.Agent(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-8-2006 9:58:38 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 760
ThreadCreationTime : 11-9-2006 3:46:22 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 11-9-2006 3:46:23 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1072
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1132
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1276
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1432
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1472
ThreadCreationTime : 11-9-2006 3:46:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1948
ThreadCreationTime : 11-9-2006 3:46:26 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 11-9-2006 3:46:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [smax4pnp.exe]
FilePath : C:\Program Files\Analog Devices\Core\
ProcessID : 960
ThreadCreationTime : 11-9-2006 3:46:29 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 20
ProductVersion : 6, 0, 0, 20
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP
InternalName : SMax4PNP
LegalCopyright : Copyright © 2005 Analog Devices, Inc.
OriginalFilename : SMax4PNP.exe

#:14 [smax4.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 892
ThreadCreationTime : 11-9-2006 3:46:29 AM
BasePriority : Normal
FileVersion : 5, 2, 0, 12
ProductVersion : 5, 2, 0, 12
ProductName : Audio Control Panel
CompanyName : Analog Devices, Inc.
FileDescription : Audio Control Panel
InternalName : SMax4
LegalCopyright : Copyright © 2002-2005, Analog Devices
OriginalFilename : SMax4.EXE

#:15 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1184
ThreadCreationTime : 11-9-2006 3:46:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:16 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 1224
ThreadCreationTime : 11-9-2006 3:46:29 AM
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:17 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 1232
ThreadCreationTime : 11-9-2006 3:46:29 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:18 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1256
ThreadCreationTime : 11-9-2006 3:46:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:19 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1300
ThreadCreationTime : 11-9-2006 3:46:30 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:20 [steam.exe]
FilePath : C:\Program Files\Steam\
ProcessID : 1336
ThreadCreationTime : 11-9-2006 3:46:30 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe

#:21 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 456
ThreadCreationTime : 11-9-2006 3:46:33 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:22 [yahoowidgetengine.exe]
FilePath : C:\Program Files\Yahoo!\Yahoo! Widget Engine\
ProcessID : 720
ThreadCreationTime : 11-9-2006 3:46:34 AM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : Yahoo! Widget Engine
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Widget Engine
InternalName : Yahoo! Widget Engine
LegalCopyright : Copyright © 2004-2006 Yahoo! Inc.
OriginalFilename : YahooWidgetEngine.exe

#:23 [atkkbservice.exe]
FilePath : C:\WINDOWS\
ProcessID : 488
ThreadCreationTime : 11-9-2006 3:46:36 AM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : ASUS Keyboard Service
CompanyName : ASUSTeK COMPUTER INC.
FileDescription : ASUS Keyboard Service
InternalName : ATKKBService
LegalCopyright : Copyright © 2004 @ASUSTeK COMPUTER INC.
OriginalFilename : ATKKBService.exe

#:24 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 640
ThreadCreationTime : 11-9-2006 3:46:36 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 11-9-2006 3:46:39 AM
BasePriority : Normal
FileVersion : 6.14.10.9147
ProductVersion : 6.14.10.9147
ProductName : NVIDIA Driver Helper Service, Version 91.47
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 91.47
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1736
ThreadCreationTime : 11-9-2006 3:46:40 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:27 [yahoowidgetengine.exe]
FilePath : C:\Program Files\Yahoo!\Yahoo! Widget Engine\
ProcessID : 1220
ThreadCreationTime : 11-9-2006 3:46:40 AM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : Yahoo! Widget Engine
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Widget Engine
InternalName : Yahoo! Widget Engine
LegalCopyright : Copyright © 2004-2006 Yahoo! Inc.
OriginalFilename : YahooWidgetEngine.exe

#:28 [yahoowidgetengine.exe]
FilePath : C:\Program Files\Yahoo!\Yahoo! Widget Engine\
ProcessID : 1800
ThreadCreationTime : 11-9-2006 3:46:40 AM
BasePriority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : Yahoo! Widget Engine
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Widget Engine
InternalName : Yahoo! Widget Engine
LegalCopyright : Copyright © 2004-2006 Yahoo! Inc.
OriginalFilename : YahooWidgetEngine.exe

#:29 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 11-9-2006 3:46:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2932
ThreadCreationTime : 11-9-2006 3:46:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 3400
ThreadCreationTime : 11-9-2006 3:46:52 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status

#:32 [hprblog.exe]
FilePath : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\
ProcessID : 1308
ThreadCreationTime : 11-9-2006 3:47:09 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : HPRBLOG
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPRBLOG.EXE
Comments : Hewlett-Packard Product Assistant

#:33 [tmproxy.exe]
FilePath : C:\Program Files\Trend Micro\Antivirus\
ProcessID : 752
ThreadCreationTime : 11-9-2006 3:49:51 AM
BasePriority : Normal
FileVersion : 11.25.0.2004
ProductVersion : 11.25.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : TmProxy.exe

#:34 [tmntsrv.exe]
FilePath : C:\Program Files\Trend Micro\Antivirus\
ProcessID : 3892
ThreadCreationTime : 11-9-2006 3:49:51 AM
BasePriority : Normal
FileVersion : 11.25.0.2004
ProductVersion : 11.25.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:35 [pcclient.exe]
FilePath : C:\Program Files\Trend Micro\Antivirus\
ProcessID : 4044
ThreadCreationTime : 11-9-2006 3:49:52 AM
BasePriority : Normal
FileVersion : 11.25.0.2004
ProductVersion : 11.25.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCClient

#:36 [pccguide.exe]
FilePath : C:\Program Files\Trend Micro\Antivirus\
ProcessID : 4056
ThreadCreationTime : 11-9-2006 3:49:52 AM
BasePriority : Normal
FileVersion : 11.25.0.2004
ProductVersion : 11.25.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:37 [tmoagent.exe]
FilePath : C:\Program Files\Trend Micro\Antivirus\
ProcessID : 396
ThreadCreationTime : 11-9-2006 3:49:53 AM
BasePriority : Normal
FileVersion : 11.25.0.2004
ProductVersion : 11.25.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : TMOAgent.EXE

#:38 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2728
ThreadCreationTime : 11-9-2006 3:56:08 AM
BasePriority : Normal


#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1612
ThreadCreationTime : 11-9-2006 3:58:29 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.TrojanDownloader.Agent Object Recognized!
Type : File
Data : win5F.tmp.exe
TAC Rating : 10
Category : Virus
Comment :
Object : C:\WINDOWS\Temp\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.TrojanDownloader.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\adwaredisablekey3

Win32.TrojanDownloader.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adwaredisablekey3

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 3

10:00:49 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:10.812
Objects scanned:117109
Objects identified:3
Objects ignored:0
New critical objects:3



Logfile of HijackThis v1.99.1
Scan saved at 10:08:09 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.EXE
C:\Program Files\Trend Micro\Antivirus\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmog.dll,startup
O4 - HKLM\..\Run: [lbmpmmc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lbmpmmc.dll,ksfzzdg
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161631068046
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VVNFUg\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Still no luck on cleaning the registry with smitfraudfix in safe mode.

* Click here to download smitRem.exe.

• Save the file to your desktop.
• It is a self extracting file.
• Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
• Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
• If the link to SmitRem above is not working try this one.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run AVG Anti-Spyware:

• Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• It will then begin the scanning process, be patient it may take a while for the scan to complete.
• When the scan is complete, you must select an action.
• Select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen
• Save the report as a text file and save it to your desktop.
• Close AVG Anti-Spyware.

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

SmitRem creates a log file with the results of it's fix in C:\smitfiles.txt. Go to your C drive and locate the smitfiles.txt file. Copy and paste the contents of the smitfiles.txt file in your next reply here along with a new HiJackThis log and the results from ActiveScan

smitrm.exe AVG ran fine. I still have the icon with the occasional popup in the tray.
Also, sometimes I get a message saying that DEP has activated for internet explorer. I have never used explorer with computer.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:41:40 AM 11/9/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
:mozilla.63:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.106:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.103:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.59:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.43:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.71:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.72:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.84:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.90:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.91:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.85:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.56:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.51:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.57:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\hcyly9tr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 9:58:14 AM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmog.dll,startup
O4 - HKLM\..\Run: [lbmpmmc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lbmpmmc.dll,ksfzzdg
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161631068046
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

We need to get the Smitfraudfix to run. When you boot to safe mode to run it are you doing exactly this?:

Open the SmitfraudFix folder again and double-click the smitfraudfix.cmd file.
Select option #2 - Clean by typing 2 and press "Enter" to delete the infected files.

Are you selecting option 2 by pressing the 2 key on your keyboard and then hitttng the Enter key?

I can only assume at this point that you aren't doing it exactly right.

This post has been edited by flrman1: Nov 9 2006, 08:05 PM

I am pretty sure I am doing it all correctly.
I extracted all files from the smitfraudfix tool and saved them on my desktop.
Rebooted in safe mode using the BOOT.INI tab in msconfig and selected /SAFEBOOT minimal.
Opened the smitfraudfix tool and clicked on the smitfraudfix Windows NT command script icon.
Clicked past the first page (press a key to continue)
Selected option 2. Clean [safe mode recommended] enter
The program runs for about 5 seconds then generates the rapport to the notepad.

I suppose I could be selecting something wrong in the msconfig menu. On the safeboot option on the BOOT.INI tab I am given 4 different options to boot from such as network, dsrepair and such. I think the default “minimal” is correct.

I have a NTFS {SATA} hard drive but that should have no Bering on extracting a zip file.

Rob.

P.S.

I have had this computer for just over a week now and am new to XP pro.