I had a crap load of fake anti-malware programs, all installed when I accidentally (stupid me) opened a questionable .exe file. The visible symptoms are gone, but I wanted to make sure everything is gone. I'm having great difficulty getting rid of "Adware.Virtumonde"

I'm posting the logs as replies, below.

SmitFraudFix v2.67

Scan done at 2:31:26.76, Tue 07/04/2006
Run from D:\sffix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

[HKEY_CLASSES_ROOT\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="D:\WINDOWS\system32\hvcycg.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="D:\WINDOWS\system32\hvcycg.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

D:\WINDOWS\system32\hvcycg.dll -> Hoax.Win32.Renos.gen.b
D:\WINDOWS\system32\hvcycg.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\WINDOWS\system32\atmclk.exe Deleted
D:\WINDOWS\system32\dcomcfg.exe Deleted
D:\WINDOWS\system32\hp???.tmp Deleted
D:\WINDOWS\system32\ld???.tmp Deleted
D:\WINDOWS\system32\ot.ico Deleted
D:\WINDOWS\system32\regperf.exe Deleted
D:\WINDOWS\system32\simpole.tlb Deleted
D:\WINDOWS\system32\stdole3.tlb Deleted
D:\WINDOWS\system32\ts.ico Deleted
D:\WINDOWS\system32\1024\ Deleted
D:\DOCUME~1\MICHAE~1.LIP\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:30:37 AM 7/4/2006

+ Scan result:



D:\Program Files\Cowabanga\Cowabanga.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
D:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
D:\WINDOWS\system32\khfgday.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
D:\WINDOWS\g145812.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
D:\WINDOWS\system32\oins.exe -> Dropper.Small : Cleaned with backup (quarantined).
:mozilla.113:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.251:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.252:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.275:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.282:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.285:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.286:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.287:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.537:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.611:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.624:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.592:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.120:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.341:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.413:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.414:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.415:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.416:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.417:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.132:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.133:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.353:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.354:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.40:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.41:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.230:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.231:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.236:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.237:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.238:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.239:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.241:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.246:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.103:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.26:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.65:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.873:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.180:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.181:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.182:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.183:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.484:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.486:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.487:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.107:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.51:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.52:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.53:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.328:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.340:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.462:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.903:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.904:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.905:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.14:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.33:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.498:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.146:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.147:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.148:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.149:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.150:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.832:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.833:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.834:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.33:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.35:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.36:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.38:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.39:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.52:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.53:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.54:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.55:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.56:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.57:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.193:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.194:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.195:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.196:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.197:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.198:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.199:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.200:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.201:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.26:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.787:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.10:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.12:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.150:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.157:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.628:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.662:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.663:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.664:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.665:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.666:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.667:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.684:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.690:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.691:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.907:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.913:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.914:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.915:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.916:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.973:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.599:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.600:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.156:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.32:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.37:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.161:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.162:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.342:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.343:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.344:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.345:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.346:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.91:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.92:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.93:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.94:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.181:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.182:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.183:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.185:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.61:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.62:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.63:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.64:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.807:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.185:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.457:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.421:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.422:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.423:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.424:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.425:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.300:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.302:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.303:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.304:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.305:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.60:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.61:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.62:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.63:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.64:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.173:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.174:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.175:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.176:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.178:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.179:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.22:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.235:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.23:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.240:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.244:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.245:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.24:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.25:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.488:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.489:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.114:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.758:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.138:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.139:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.140:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.141:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.142:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.143:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.144:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.289:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.290:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.291:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.292:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.293:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.294:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.295:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.296:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.297:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yu4cuuht.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.350:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.351:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.352:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.54:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.55:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.56:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.57:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.58:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.388:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.963:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.298:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.88:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.402:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.403:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.27:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.247:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.248:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.249:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8z0qbd43.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.95:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.96:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.97:D:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7z2ngfuq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 5:36:00 AM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ALCXMNTR.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\program files\steam\steam.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Semagic\LiveJournalU.exe
D:\Program Files\Hijackthis\HijackThis.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - D:\WINDOWS\g145812.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\system32\khfgday.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Semagic] D:\Program Files\Semagic\LiveJournalU.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = D:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Copy to Semagic - D:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - D:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: khfgday - D:\WINDOWS\SYSTEM32\khfgday.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - D:\WINDOWS\SYSTEM32\winosz32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

Good job so far

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - D:\WINDOWS\g145812.dll (file missing)
O20 - Winlogon Notify: winosz32 - D:\WINDOWS\SYSTEM32\winosz32.dll
====================================
Hit fix checked and close Hijackthis.

Please download VundoFix.exe (http://www.atribune.org/content/view/24/2/)
to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two minutes then Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

I keep trying to run VundoFix as a task, but it never reopens... and I've waited more than a minute. Several minutes, actually.

I checked in the scheduled tasks, and I'm getting a "Could not start" status. I checked it out, and tried to simulate it by running another task of the program, running under the same "NT AUTHORITY\SYSTEM," and got it to load as a system task... but then the window wouldn't open. : /

Wow. Though I'd gotten rid of the problem, but stuff popped back into my hijack this log. VundoFix didn't find anything, but I did find one of the files, plus another two others you didn't mention... ddayw.dll and wgalogon.dll. Left that in there until you tell me otherwise. Here's the new log... I didn't fix ANY of the entries yet, because I want to make sure I get them all in one clean grab:

Logfile of HijackThis v1.99.1
Scan saved at 10:23:05 AM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Semagic\LiveJournalU.exe
D:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Utilities\Ad-Aware SE Personal\Ad-Aware.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5E268507-EB7E-4564-A5D8-F6830C1E6B8A} - D:\WINDOWS\system32\ddayw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Semagic] D:\Program Files\Semagic\LiveJournalU.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = D:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Copy to Semagic - D:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - D:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/teleport/MaxisSimCity4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: ddayw - D:\WINDOWS\system32\ddayw.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - D:\WINDOWS\SYSTEM32\winosz32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe



***

VundoFix V5.0.0

Running as SYSTEM
from D:\\VundoFix.exe

Checking Java version...

Java version is 1.5.0.7

Scan started at 10:15:05 AM 7/7/2006

Listing files found while scanning....

No infected files were found.

I did some research online (as well as tinkering with my computer)... and found out that ddayw.dll was part of SOME sort of malicious scheme.

http://forums.techguy.org/security/477878-trojan-awax-please-help.html
The above link showed a user with a similar problem.


You see... every time I used Hijack this to "fix" the file, the entries kept getting replaced. I knew there must have been some sort of running process working to keep the files in there. I decided to start with the DLL.

I looked for ddayw.dll but couldn't find it. I would try to create a file in its place (naming it the same), but it kept saying that the filename was taken... even though I couldn't view it in Windows Explorer.

Well, I did some searching, and found winxxx.tmp.exe files in the \Windows\Temp folder. Instead of deleting the folder, I thought I'd protect it from further intrusions by removing all security credentials from it, so that not even I could access it without taking ownership. I restarted.

Suddenly, I could see the ddayw.dll file. I knew for sure that it was a malicious program, because it was being hidden by the files run from the \Windows\Temp folder. But I still couldn't delete it, because it was being run through some unknown program.

I tried using Killbox to delete it at reboot, but every time I tried to execute the deletion, I kept getting an error message saying that some "external process" had erased the registry information that would allow the file to be deleted on reboot. Clearly, this damned file didn't want to die, and was using some method to preserve itself at all cost. I found out what that method was after I looked at the Hijack This logs again...


Winlogon.


But, I couldn't stop this task. It was a "critical windows process." So I used Sysinternals' Process Explorer to kill off smss(s?), and then winlogon, and practically every damned service available. I used the command "shutdown -a" to prevent shutdown.

Having cleared all programs except crsssomething(I'd done it once, and it caused the system to crash-reboot)... I ran killbox again, and behold! There was no more "external process" registry info deletion error. The program didn't restart on its own, because I'd aborted the shut down process. Having read up a bit, I knew that if I caused a normal shutdown, I risked running winlogon.exe again, which would likely have caused the killbox process to fail (because it would remove the registry information regarding ddayw.dll's deletion). So I hard-restarted, the old fashioned power-down way.

When I brought the computer back up, and opened Windows Explorer, there was a reassuring blank space where ddayw.dll had previously been. I created a text file and renamed it to ddayw.dll, and sure enough, the file had FINALLY been wiped. I left that dummy file there for yuks, and ran Hijack this again. I fixed the files I'd fixed previously. And they didn't come back! They stayed dead!




See, the danger with this type of infection is that... well, it even hid from hijack this... I don't know how I detected it the first time, but it wouldn't show up consistently in the Hijack This logs. So when I'd been posting them to this forum, my computer WAS still infected, but showed that it wasn't.



If you're up for a challenge, get whatever trojan/such that I had... and try to delete ddayw.dll. It was fun figuring out how to get rid of it, once I knew that I had to (because it was a malicious dll).











Do you happen to know the name of this infection, so that I can be sure I've killed all traces of it?

Are both the dll's gone now ?

It was vundo, next step was to get vundo running as a task and adding files, but you seam to have used an old manual method to remove it.

Post back with one more Hijackthis log, be sure to mention the problems if any.

MichaelLipik still with us?

This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.