help! i accidentally clicked on some stupid thing that downloaded this phony "virus busters" program to my computer. now it keeps pretending to be a windows alert telling me i have a virus and to click on the balloon and of course when you click on the balloon, all this porn pops up. i dont know how to delete it...when i go to the remove/add programs thing, im not sure which one it is. i know you can restart in safe mode but i am having a hard time doing it with windows xp. how do i find this thing and delete it? my virus/spyware/adware scanner (freedom antivirus from adelphia our isp) and crap cleaner dont detect it. can anyone help? thanks, alicia

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.

Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

That's similar to the one my nephew picked up while trying to watch porno films. The one he had was spelled differently than yours though; his was "virus bursters" and was duped into clicking a link to download (supposedly missing) codecs so the porno film would play.

At first he thought he eradicated it but it somehow came back and he ended up doing a complete reinstall of Windows XP.

Never, never click any links while on porno sites... I hope your virus is not exactly the same as whatever he had. Luckily he saved all his photos and music files....

Post your hijack log here as requested by jabuck; he knows how to read them well and pick out nasty stuff. I'm lost on trying to read 'em, lol...
Good luck.

Okay...thank you so much. Here is the logfile from hijack this. Thanks again, alicia

Logfile of HijackThis v1.99.1
Scan saved at 1:42:11 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52...
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

First you will need to temporarily turn off windows defender's "realtime protection" as suggested at the following link and any other of these programs realtime protection that you might have running or the fix will not work, http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs

Next,assuming you downloaded the Smitfruadfix tool, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt and post a new Hijack This log.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/combofix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the combofix.txt log.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode

Once you post the Combofix log we will continue with the fix.

sorry i forgot to do the smitfraud fix thing here it is

SmitFraudFix v2.128

Scan done at 20:01:11.64, Sun 12/10/2006
Run from C:\Documents and Settings\Administrator\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\vcehaeb.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !
C:\Program Files\Virus-Bursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"

[HKEY_CLASSES_ROOT\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\system32\vcehaeb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]
@="C:\WINDOWS\system32\vcehaeb.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

this is the smitfraud safe mode log

SmitFraudFix v2.128

Scan done at 20:23:50.14, 06-12-10
Run from C:\Documents and Settings\Administrator\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

this is the combofix log
Administrator - 06-12-10 20:34:07.53 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))


2006-12-10 20:08 <DIR> d-------- C:\!KillBox
2006-12-10 20:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-10 20:07 <DIR> d-------- C:\Program Files\Grisoft
2006-12-10 20:01 2,808 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-10 20:00 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-10 20:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-10 20:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-10 20:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-10 20:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-10 20:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-10 19:49 <DIR> dr-h----- C:\Documents and Settings\Administrator\Recent
2006-12-10 13:41 488,144 --a------ C:\HJTsetup-1.exe
2006-12-10 13:41 <DIR> d-------- C:\Program Files\Hijackthis
2006-12-09 09:32 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-09 09:18 1,497,584 --a------ C:\ccsetup135.exe
2006-12-09 09:18 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-09 09:18 <DIR> d-------- C:\Program Files\CCleaner
2006-12-08 23:38 19,203,280 --a------ C:\nsb-install-8-1-2.exe
2006-12-08 23:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-12-08 23:15 36,808,256 --a------ C:\iTunesSetup.exe
2006-12-03 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-11-30 22:11 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-19 14:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-19 14:18 <DIR> d-------- C:\3669c79b1ba4c40f4d5b3fb09d8aaa
2006-11-15 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2006-11-15 18:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-11-13 20:57 325 --a------ C:\WINDOWS\initialize.bat
2006-11-13 20:56 503,808 --a------ C:\WINDOWS\system\sxlrt232.dll
2006-11-10 21:19 <DIR> d-------- C:\Program Files\Bonjour
2006-11-10 21:18 <DIR> d-------- C:\Program Files\QuickTime
2006-11-10 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-10 21:17 64,512 --a------ C:\WINDOWS\system32\PTPITCP.dll
2006-11-10 21:17 307,200 --a------ C:\WINDOWS\system32\KPDPM.dll
2006-11-10 21:17 229,376 --a------ C:\WINDOWS\system32\KPDPMUI.dll
2006-11-10 21:17 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2006-11-10 21:16 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-11-10 21:16 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-11-10 21:16 <DIR> d-------- C:\Program Files\Common Files\Kodak
2006-11-10 21:15 <DIR> d-------- C:\WINDOWS\system32\color
2006-11-10 21:15 <DIR> d-------- C:\KPCMS
2006-11-10 21:13 <DIR> d-------- C:\Program Files\Kodak
2006-11-10 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-09 00:12 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-12-08 22:44 -------- d-------- C:\Program Files\Common Files\Command Software
2006-12-06 20:02 -------- d-------- C:\Program Files\Common Files\PestPatrol
2006-11-15 18:32 30128 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-11-15 11:22 -------- d-------- C:\Program Files\Viewpoint
2006-11-10 21:16 -------- d-------- C:\Program Files\Common Files
2006-11-09 09:20 -------- d-------- C:\Program Files\AIM
2006-11-09 09:20 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2006-11-09 09:19 -------- d-------- C:\Program Files\AOD
2006-11-09 09:18 8506408 --a------ C:\Program Files\Install_AIM.exe
2006-11-07 20:49 -------- d-------- C:\Program Files\HP
2006-11-07 20:48 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-11-07 20:45 -------- d-------- C:\Program Files\Common Files\HP
2006-11-07 20:25 -------- d-------- C:\Program Files\Common Files\Scanner
2006-11-07 20:24 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Netscape
2006-11-07 20:23 -------- d-------- C:\Program Files\Netscape
2006-11-07 20:22 19193560 --a------ C:\Program Files\nsb-install-8-1.exe
2006-11-07 20:10 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Zero Knowledge
2006-11-07 20:07 -------- d-------- C:\Program Files\Zero Knowledge
2006-11-07 20:06 21217952 --a------ C:\freedom_5_adelphia.exe
2006-11-06 15:49 -------- d-------- C:\Program Files\Windows Defender
2006-11-06 15:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-06 15:48 -------- d-------- C:\Program Files\CyberLink
2006-11-06 15:48 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-06 15:46 -------- d-------- C:\Program Files\Ahead
2006-11-06 15:41 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-06 15:36 -------- d-------- C:\Program Files\Adobe
2006-11-06 15:12 -------- d-------- C:\Program Files\Internet Explorer
2006-11-06 14:59 -------- d-------- C:\Program Files\Windows Media Player
2006-11-06 14:59 -------- d-------- C:\Program Files\Outlook Express
2006-11-06 14:59 -------- d-------- C:\Program Files\Common Files\System
2006-11-06 14:35 -------- d-------- C:\Program Files\Messenger
2006-11-06 14:01 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-11-06 14:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-06 14:00 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-11-06 14:00 -------- d-------- C:\Program Files\Microsoft Office
2006-11-06 14:00 -------- d-------- C:\Program Files\Common Files\Designer
2006-11-06 13:59 -------- d-------- C:\Program Files\Common Files\L&H
2006-11-06 13:54 -------- d-------- C:\Program Files\Pinnacle
2006-11-06 13:14 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-06 12:40 -------- d-------- C:\Program Files\Movie Maker
2006-11-06 12:37 -------- d-------- C:\Program Files\Windows NT
2006-11-06 12:37 -------- d-------- C:\Program Files\NetMeeting
2006-11-06 11:56 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-11-06 11:33 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-06 11:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-11-06 11:27 -------- d-------- C:\Program Files\xerox
2006-11-06 11:27 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-06 11:26 0 -rahs---- C:\MSDOS.SYS
2006-11-06 11:26 0 -rahs---- C:\IO.SYS
2006-11-06 11:26 0 --a------ C:\CONFIG.SYS
2006-11-06 11:26 0 --a------ C:\AUTOEXEC.BAT
2006-11-06 11:25 -------- d-------- C:\Program Files\Online Services
2006-11-06 11:24 -------- d-------- C:\Program Files\Common Files\Services
2006-11-06 11:23 -------- d-------- C:\Program Files\ComPlus Applications
2006-11-06 11:23 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-11-06 11:22 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-06 11:22 -------- d-------- C:\Program Files\MSN
2006-11-06 03:08 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-06 03:08 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-06 03:07 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 02:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-11 08:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 08:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 08:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 08:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 08:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 08:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 14:24 46345 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"CARPService"="carpserv.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\Freedom.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"DXDllRegExe"="dxdllreg.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1162961582.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-10 20:35:28.39
C:\ComboFix.txt ... 06-12-10 20:35

Everything looks good in the combofix log but it appears that smitfruadfix removed nothing. Cannot be sure without the requested Hijack This log and a new Smitfruadfix report using "option 1".