My HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:36:10 AM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\MMKeybd.exe
G:\Program Files\Logitech\MouseWare\system\em_exec.exe
G:\WINDOWS\System32\taskswitch.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Netropa\OSD.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
G:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\shockwave.com\Shockmachine\SmReminder.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\FinePixViewer\QuickDCF.exe
G:\WINDOWS\Nhksrv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido anti-malware\ewidoctrl.exe
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\MsPMSPSv.exe
G:\WINDOWS\explorer.exe
G:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.questionablecontent.net/
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - G:\WINDOWS\system32\hpB4CB.tmp (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DellTouch] G:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [CoolSwitch] G:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "G:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Microsoft Tray] G:\Documents and Settings\Dean\Desktop\Games (1).exe
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "G:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ShockmachineReminder] G:\Program Files\shockwave.com\Shockmachine\SmReminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121472164043
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122609157545
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C059FFA6-38E5-48DF-9C82-88FF4D5696F5}: NameServer = 142.161.130.155 142.161.2.155
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - G:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SmitFiles Log:

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 04/13/2006
The current time is: 21:27:07.43

Running from
G:\Documents and Settings\Dean\Desktop\Smitrem\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ewido Log:


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:25:03 AM, 4/14/2006
+ Report-Checksum: 3A230BC6

+ Scan result:

:mozilla.8:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.12:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.13:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.14:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.27:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.28:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.34:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.56:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.57:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.61:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.64:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.65:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.66:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.67:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.68:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.76:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.81:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.82:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.83:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.86:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.87:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.88:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\jiroqkgf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\WINDOWS\Cookies\dean duncan@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\OP8PU709\alaunch[1].cab/gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@chumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@com[2].txt -> TrackingCookie.Com : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@diginet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@e-2dj6wfk4skczceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@e-2dj6wfkiopdzecp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@e-2dj6wjkoqkdzshq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@e-2dj6wjlocjczihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@e-2dj6wjny-1jdjwg.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@e-2dj6wjnyopdpkfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@news.com[2].txt -> TrackingCookie.Com : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
G:\Documents and Settings\Dean\Cookies\dean@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
G:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
G:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Cleaned with backup
G:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup


::Report End

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I had to zip my Spybot S&D report, which is attached.

Any help you could offer would be greatly appreciated.

Hello and sorry for the wait.
If you are still in need of assistance please go here and post a link back to this topic to flag a helper.

If you have waited three days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

Hi Enigmatick
If your not recieving help at another forum lets switch gears and get a report from this tool :
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!

I ran the SmitfraudFix tool. Attached is the report log.

SmitFraudFix v2.29

Scan done at 8:38:34.70, Tue 04/18/2006
Run from G:\Documents and Settings\Dean\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» G:\


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» G:\WINDOWS\system32

G:\WINDOWS\system32\amcompat.tlb FOUND !
G:\WINDOWS\system32\nscompat.tlb FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Dean\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» G:\Documents and Settings\Dean\Favorites


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» G:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.______________________________

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.

Click on Scanner
Click on Settings
Under How to scan all boxes should be checked
Under Unwanted Software all boxes should be checked
Under What to scan select Scan every file
Click on Ok
Click on Complete System Scan to start the scan process.
Let the program scan the machine.If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.
Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.

Click Save Report button
Save the report to your DesktopClose Ewido
______________________________
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back to a none safe mode session.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Please post:

c:\rapport.txt
Ewido log
A new HijackThis logYour may need several replies to post the requested logs, otherwise they might get cut off.

SmitfraudFix Log:

SmitFraudFix v2.29

Scan done at 9:55:09.02, Wed 04/19/2006
Run from G:\Documents and Settings\Dean\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

G:\WINDOWS\system32\amcompat.tlb Deleted
G:\WINDOWS\system32\nscompat.tlb Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ewido Log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:53:02 AM, 4/19/2006
+ Report-Checksum: AFD4DB65

+ Scan result:

No infected objects found.


::Report End

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:02:13 AM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\MMKeybd.exe
G:\WINDOWS\System32\taskswitch.exe
G:\Program Files\Logitech\MouseWare\system\em_exec.exe
G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Netropa\OSD.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\shockwave.com\Shockmachine\SmReminder.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\Program Files\FinePixViewer\QuickDCF.exe
G:\Program Files\Hijackthis\HijackThis.exe
G:\WINDOWS\Nhksrv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido anti-malware\ewidoctrl.exe
G:\Program Files\ewido anti-malware\ewidoguard.exe
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\MsPMSPSv.exe
G:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] G:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DellTouch] G:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [CoolSwitch] G:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "G:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Microsoft Tray] G:\Documents and Settings\Dean\Desktop\Games (1).exe
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "G:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ShockmachineReminder] G:\Program Files\shockwave.com\Shockmachine\SmReminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121472164043
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122609157545
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - G:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

Your post slipped by, sorry about that.

Those logs are looking fine, are there any current problems or questions ?

Everything seems to be running fine. I've also gone and installed SpywareBlaster. No problems. Thanks for the help.

Great


Think Prevention:
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly to keep it updated

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

As the problem appears to be resolved this topic will be archived.

If you need it re-opened please send me a pm and provide a link to the thread.

Cheers.