I'm having much the same problem as many people who have posted in regards to Seriall.com. I've run through quite a few steps and cleaned some of it up, but I'm worried that much of it remains. Any help would be greatly appreciated, especially as this is a work-related computer. Thank you in advance.
HijackThis log (note: Hijack this was run AFTER the other programs listed below):
Logfile of HijackThis v1.99.1
Scan saved at 7:45:49 PM, on 10/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\BWF76B.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\Update.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Maria\Desktop\clean\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.10.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Maria\Application Data\Mozilla\Profiles\default\a6eywvbo.slt\prefs.js)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\System32\jkkhigd.dll
O2 - BHO: (no name) - {16030FA6-FD1F-8FAF-66C6-03967B4CC5A9} - C:\WINDOWS\System32\afppbbb.dll
O2 - BHO: (no name) - {27D23988-781F-8C46-51A1-0889C1649B4D} - C:\WINDOWS\System32\wenpgjb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\yxckplch.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll
O2 - BHO: (no name) - {CAB910A3-FC05-4D3F-A756-911B3CE8FC4D} - C:\WINDOWS\System32\urqon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [satsgdh.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\satsgdh.dll,phmfx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [qfsrgvi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qfsrgvi.dll,yruqogc
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {164B7670-301E-11D4-AF4E-005056B6005A} (Svsainst Control) - http://www.swiftview.com/product/current/svinstall_s_green_pro.exe
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.10.2:4343/SMB/console/html/root/AtxEnc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.10.2:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v14.223/qboax8.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ts1/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF54BFA2-474E-4B82-A5F3-B79E6F7A80B1} (QuickBooks Online Edition Import Utilities Class v4) - https://accounting.quickbooks.com/c1/v15.232/qboimax4.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/Common/cab/ikcntrls.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O20 - Winlogon Notify: jkkhigd - C:\WINDOWS\SYSTEM32\jkkhigd.dll
O20 - Winlogon Notify: opppn - C:\WINDOWS\System32\opppn.dll (file missing)
O20 - Winlogon Notify: urqon - C:\WINDOWS\System32\urqon.dll
O20 - Winlogon Notify: winevl32 - C:\WINDOWS\SYSTEM32\winevl32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Counterspy:
Spyware Scan Details
Start Date: 10/10/2006 3:54:02 PM
End Date: 10/10/2006 4:24:32 PM
Total Time: 30 mins 30 secs
Detected spyware
Safety Bar Toolbar more information...
Status: Deleted
Infected files detected
c:\program files\safety bar\safetybar.dll
c:\program files\safety bar\uninstall.bat
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32 C:\Program Files\Safety Bar\SafetyBar.dll
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} Safety Bar
DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted
Infected files detected
c:\documents and settings\all users\start menu\security troubleshooting.url
c:\documents and settings\maria\favorites\antivirus test online.url
c:\windows\system32\ot.ico
c:\documents and settings\all users\start menu\online security guide.url
c:\windows\system32\issearch.exe
c:\windows\system32\components\flx7.dll
SpySheriff Rogue Security Program more information...
Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted
Infected files detected
C:\WINDOWS\system32\components\flx7.dll
AvenueMedia.InternetOptimizer Browser Plug-in more information...
Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0
SurfAccuracy Adware (General) more information...
Details: SurfAccuracy is an adware application that displays advertisements on the desktop and records keystrokes that are entered into certain search engines.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc Changed 0
Virtumonde Adware (General) more information...
Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\InprocServer32 C:\WINDOWS\System32\opppn.dll
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\ProgID MSEvents.MSEvents.1
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\TypeLib {BAD59A24-6891-417D-A041-C8FD495B77F1}
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}\VersionIndependentProgID MSEvents.MSEvents
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} MSEvents Object
HKEY_CLASSES_ROOT\clsid\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} AppID
Trojan.WinlogonHook.Delf.A Trojan more information...
Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 32788713
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 48
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV
Trojan.Smitfraud Trojan more information...
Details: Trojan.Smitfraud is a group of programs that are used to download rogue security products and change the user's desktop to display false warnings that the computer is infected with spyware.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler incestuously {03413bf7-e34c-445b-bfc0-a2b127255871}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad incestuously {03413bf7-e34c-445b-bfc0-a2b127255871}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A43385F0-7113-496D-96D7-B9B550E3FCCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A43385F0-7113-496D-96D7-B9B550E3FCCA}
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 C:\WINDOWS\System32\ixt0.dll
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}
Panda Activescan:
Incident Status Location
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\winevl32.dll
Adware:adware/pornmagpass Not disinfected c:\windows\system32\ishost.exe
Adware:adware/safetybar Not disinfected c:\documents and settings\all users\desktop\Online Security Guide.url
Adware:adware/sidesearch Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Maria\Desktop\VIRUS REMOVAL\VundoFix\process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Maria\Desktop\VIRUS REMOVAL\VundoFix.exe[process.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Maria\Local Settings\Temporary Internet Files\Content.IE5\OBCD2BEV\wlzip32[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\Activate.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\MyToolBar.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{38BBE4DF-05D0-1033-1121-030311110001}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\services.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{98BBE4DF-05D0-1033-1121-030311110001}\Update.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\toqnivdw.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yxckplch.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\win2B.tmp.exe
Edited by Zhariken, 11 October 2006 - 07:05 AM.
Sign In
Create Account
