I'm having much the same problem as many people who have posted in regards to Seriall.com. I've run through quite a few steps and cleaned some of it up, but I'm worried that much of it remains. Any help would be greatly appreciated, especially as this is a work-related computer. Thank you in advance.
HijackThis log (note: Hijack this was run AFTER the other programs listed below):
Logfile of HijackThis v1.99.1 Scan saved at 7:45:49 PM, on 10/10/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\TEMP\BWF76B.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ishost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\System32\ismini.exe C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe C:\program files\support.com\client\bin\tgcmd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\Update.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\j2 Messenger 4.2\J2GTray.exe C:\Program Files\PowerPanel\Program\PcfMgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Maria\Desktop\clean\analyse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.10.2:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Maria\Application Data\Mozilla\Profiles\default\a6eywvbo.slt\prefs.js) O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\System32\jkkhigd.dll O2 - BHO: (no name) - {16030FA6-FD1F-8FAF-66C6-03967B4CC5A9} - C:\WINDOWS\System32\afppbbb.dll O2 - BHO: (no name) - {27D23988-781F-8C46-51A1-0889C1649B4D} - C:\WINDOWS\System32\wenpgjb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\yxckplch.dll O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll O2 - BHO: (no name) - {CAB910A3-FC05-4D3F-A756-911B3CE8FC4D} - C:\WINDOWS\System32\urqon.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [satsgdh.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\satsgdh.dll,phmfx O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [qfsrgvi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qfsrgvi.dll,yruqogc O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PowerPanel.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/setup.cab O16 - DPF: {164B7670-301E-11D4-AF4E-005056B6005A} (Svsainst Control) - http://www.swiftview.com/product/current/svinstall_s_green_pro.exe O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.10.2:4343/SMB/console/html/root/AtxEnc.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v14.223/qboax8.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ts1/msrdp.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AF54BFA2-474E-4B82-A5F3-B79E6F7A80B1} (QuickBooks Online Edition Import Utilities Class v4) - https://accounting.quickbooks.com/c1/v15.232/qboimax4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/Common/cab/ikcntrls.cab O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing) O20 - Winlogon Notify: jkkhigd - C:\WINDOWS\SYSTEM32\jkkhigd.dll O20 - Winlogon Notify: opppn - C:\WINDOWS\System32\opppn.dll (file missing) O20 - Winlogon Notify: urqon - C:\WINDOWS\System32\urqon.dll O20 - Winlogon Notify: winevl32 - C:\WINDOWS\SYSTEM32\winevl32.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Counterspy:
Spyware Scan Details Start Date: 10/10/2006 3:54:02 PM End Date: 10/10/2006 4:24:32 PM Total Time: 30 mins 30 secs Detected spyware Safety Bar Toolbar more information... Status: Deleted Infected files detected c:\program files\safety bar\safetybar.dll c:\program files\safety bar\uninstall.bat Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32 C:\Program Files\Safety Bar\SafetyBar.dll HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} Safety Bar DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Deleted Infected files detected c:\documents and settings\all users\start menu\security troubleshooting.url c:\documents and settings\maria\favorites\antivirus test online.url c:\windows\system32\ot.ico c:\documents and settings\all users\start menu\online security guide.url c:\windows\system32\issearch.exe c:\windows\system32\components\flx7.dll SpySheriff Rogue Security Program more information... Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected files detected C:\WINDOWS\system32\components\flx7.dll AvenueMedia.InternetOptimizer Browser Plug-in more information... Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 SurfAccuracy Adware (General) more information... Details: SurfAccuracy is an adware application that displays advertisements on the desktop and records keystrokes that are entered into certain search engines. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc Changed 0 Virtumonde Adware (General) more information... Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\InprocServer32 C:\WINDOWS\System32\opppn.dll HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\InprocServer32 ThreadingModel apartment HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\ProgID MSEvents.MSEvents.1 HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\TypeLib {BAD59A24-6891-417D-A041-C8FD495B77F1} HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\VersionIndependentProgID MSEvents.MSEvents HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} MSEvents Object HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} AppID Trojan.WinlogonHook.Delf.A Trojan more information... Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 32788713 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 3020 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 48 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV Trojan.Smitfraud Trojan more information... Details: Trojan.Smitfraud is a group of programs that are used to download rogue security products and change the user's desktop to display false warnings that the computer is infected with spyware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler incestuously {03413bf7-e34c-445b-bfc0-a2b127255871} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad incestuously {03413bf7-e34c-445b-bfc0-a2b127255871} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A43385F0-7113-496D-96D7-B9B550E3FCCA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A43385F0-7113-496D-96D7-B9B550E3FCCA} HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA} HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 C:\WINDOWS\System32\ixt0.dll HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}
Panda Activescan:
Incident Status Location Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\winevl32.dll Adware:adware/pornmagpass Not disinfected c:\windows\system32\ishost.exe Adware:adware/safetybar Not disinfected c:\documents and settings\all users\desktop\Online Security Guide.url Adware:adware/sidesearch Not disinfected Windows Registry Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Maria\Desktop\VIRUS REMOVAL\VundoFix\process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Maria\Desktop\VIRUS REMOVAL\VundoFix.exe[process.exe] Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Maria\Local Settings\Temporary Internet Files\Content.IE5\OBCD2BEV\wlzip32[1].exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\Activate.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\Uninst.exe Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\services.dll Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\Update.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\toqnivdw.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yxckplch.dll Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\win2B.tmp.exe
Edited by Zhariken, 11 October 2006 - 07:05 AM.