I ran Spybot twice today and Zlob.Downloader trojan came up. I tried fixing it but it shows up in S&D again. I followed the instructions in *"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D* and here is what I came up with:

Logfile of HijackThis v1.99.1
Scan saved at 10:58:32 PM, on 12/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {546B1745-1674-4089-A56A-171B67631F8D} - http://66.197.233.53/ImageControl.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01dbf0dc380af770d706/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097963696261
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138486494250
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.sparedollar.com/sdImage/XUpload.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D010E729-8B30-4638-9BB2-F32338BED958}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

This is the results from the Panda online scan:


Incident Status Location

Adware:adware/spysheriff Not disinfected c:\windows\system32\desktop.html
Adware:adware/craft Not disinfected c:\windows\system32\mscnf.dll
Adware:adware/nowfind Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.overture.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.go.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.2o7.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.google.com.br/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.target.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Cookies\owner@webpower[2].txt

Welcome to the forum, if you still need help and are not receiving it elsewhere, please follow these instructions.

1) You are running MSConfig in Selective Startup mode. To access MSCONFIG, click on the Windows® Start box found in the left side of the Taskbar, select Run and type MSCONFIG in the dialog box. Click OK.
When the System Configuration windows opens, check "Normal Startup" then Apply and OK your way out. You may return to Selective Startup to save your resources when this repair is complete.

2) Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.
Please use these instructions when you run AVG Anti-Spyware, make sure you delete or at least quarantine what is located.
http://forums.security-central.us/showthread.php?t=3165

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

Thanks

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

Hi pskelly,
Thank you for helping me! I'm in the process of doing the steps in the link you provided but I have a question. I'm currently running Eset NOD32 anti virus, would I still need to d/l AVG? I've heard that running 2 different AV programs may not be a good thing. Could you please advise?

Thanks again.

Thanks for checking, and you are very right, it is never a good idea to run two resident antivirus programs at the same time. The program I am having you download is AVG Anti-Spyware 7.5, from the same folks, but NOT the antivirus program.:bigthumb:

rapport.txt outcome:

SmitFraudFix v2.128

Scan done at 9:02:39.07, Sun 12/10/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:55 AM 12/10/2006

+ Scan result:



C:\WINDOWS\system32\gtdownls_95.ocx -> Adware.Gdown : Ignored.
C:\Program Files\LogMeIn\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\Program Files\LogMeIn\update\2-30-555.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\WINDOWS\system32\LMIinit.dll.000.bak -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
:mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.407:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.408:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.409:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.410:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.412:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.413:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.414:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.431:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.433:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.341:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.395:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.397:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.398:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.399:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.850:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.851:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.852:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.853:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.855:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.856:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.857:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.942:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.943:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cfljd6y5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:12 AM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\soundman.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Medion\PowerVCR II\Agent.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerVCR II\Agent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Pronto] C:\Program Files\Pronto\Pronto.exe /silent
O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 16 17
O4 - Startup: My Desktop Post Office.lnk = ?
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {546B1745-1674-4089-A56A-171B67631F8D} - http://66.197.233.53/ImageControl.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01dbf0dc380af770d706/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097963696261
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138486494250
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.sparedollar.com/sdImage/XUpload.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D010E729-8B30-4638-9BB2-F32338BED958}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thanks for returning you information, I need to ask about the items at the beginning of the AVG Anti-Spyware 7.5 scan that you "ignored". Are you positive those items are safe? If you would like to scan them to be sure, use one or more of these free online scanners:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Your Java program is out of date and a security risk, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< uninstall all old version in Add Remove programs and download the newest.


1) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

2) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

3) AVG Anti-Spyware 7.5: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01dbf0dc...p/RdxIE601.cab
netsterO16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
IWonCoPilot WebsearchAdware
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
can't identify
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
SpyFalcon / winwea32.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post a last HJT log, let me know how the computer is running. Since you are running Windows Defender I would leave the AVG Anti-Spyware real time protection turned off so they do not conflict until I advise you about the program.

Thanks...Phil

Thanks for returning you information, I need to ask about the items at the beginning of the AVG Anti-Spyware 7.5 scan that you "ignored". Are you positive those items are safe? If you would like to scan them to be sure, use one or more of these free online scanners:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html
Hi Phil,
Oops! I didn't realize those were ignored. I let AVG set the default actions and I just "applied" the defaults. Should I go back (in safe mode) and re-run AVG A/S?

Unless you know they are safe, that would be the best way to get rid of them. It would not hurt to run the scan again in Safe Mode, often it will find more the second time. Leave the realtime protection turned off through, no need to have it conflict with Windows Defender. Make sure you have activated Windows Defender.

Thanks...Phil

Hi Phil,
Thanks so much for all your help. I followed your instructions, except a few of those files at the top of the HJT log were safe and didn't need to be removed.

Here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:10 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Medion\PowerVCR II\Agent.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerVCR II\Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Pronto] C:\Program Files\Pronto\Pronto.exe /silent
O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 16 17
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {546B1745-1674-4089-A56A-171B67631F8D} - http://66.197.233.53/ImageControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097963696261
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138486494250
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.sparedollar.com/sdImage/XUpload.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D010E729-8B30-4638-9BB2-F32338BED958}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thanks for the feedback:bigthumb: you were talking about items in the AVG Anti-Spyware - Scan Report.

Thanks so much for all your help. I followed your instructions, except a few of those files at the top of the HJT log were safe and didn't need to be removed.
I thought they were probably safe, but I usually err on the side of caution. You HJT log looks fine, let's finish up like this.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

You may wish to run another Panda scan, just to check? Most of the items were cookies, but there were a couple of nasties that should be gone now. I do not need to see anything else unless you have an issue.

Safe Surfing...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.