Help Please

[Claypot]

Been having a lot of trouble with spyware lately and most programs can't seem to remove all the infections. Thanks in advance for helping out.

When I performed the online anti-virus scan it didn't have a save log option so I just copied what it found. Here it is :


File Infection Status Path
mvwapygy.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
rtkdtrmo.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
fmblvjex.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
ktccsiab.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
dfmatnht.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
pkidaeob.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
ntfcfcui.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
ujtxexbx.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
fijdbjrj.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
xvunlllt.dll Win32/Vundo.BU cannot cure C:\WINDOWS\system32\
absrrere.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
oloryjwa.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
eluycgfr.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
dkrljynh.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
vywbxveo.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
divmkkeo.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
hqpvdyrh.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
jhwduvrx.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
rifsjngv.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
moimenyw.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
kmimijcm.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
kfsmggme.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
vtagihaw.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
tyerujjn.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
pwvcmdmm.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
pmkhi.dll.bad Win32/Vundo deleted C:\VundoFix Backups\
vtutq.dll.bad Win32/Vundo deleted C:\VundoFix Backups\
awtst.dll.bad Win32/Vundo deleted C:\VundoFix Backups\
jkklj.dll.bad Win32/Vundo deleted C:\VundoFix Backups\

And now the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:13:22 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ASEMBL~1\csrss.exe
C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\{156813FD-0724-1033-0509-060411060001}\Update.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{35681~1\Bar888.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{156813FD-0724-1033-0509-060411060001}] "C:\Program Files\Common Files\{156813FD-0724-1033-0509-060411060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [{156813FD-0725-1033-0509-060411060001}] "C:\Program Files\Common Files\{156813FD-0725-1033-0509-060411060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[steamwiz]

HI

Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

steam

[Claypot]

"Clayton Kueh" - 07-01-16 17:35:17 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Documents and Settings\All Users\Documents\setup.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wintsu.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\Program Files\Common Files\{35681~1
C:\Program Files\Common Files\{35681~2
C:\Program Files\Outerinfo
C:\Program Files\VSAdd-in
C:\WINDOWS\system32\components
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\{15681~2
C:\Program Files\Common Files\{15681~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\MANTEC~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly
C:\qoobox\purity\WINDOWS\ASEMBL~1\csrss.exe
C:\qoobox\purity\Program Files\YMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1\r?gsvr32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))


2007-01-16 17:38 275,643 --a------ C:\WINDOWS\system32\awtqo.dll
2007-01-16 17:37 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-16 16:11 22,029 ---hs---- C:\WINDOWS\system32\wvurolk.dll
2007-01-16 15:25 <DIR> d-------- C:\Program Files\webHancer
2007-01-16 03:38 155,648 ---h----- C:\Program Files\Common Files\svchost.exe
2007-01-15 18:10 738,260 ---hs---- C:\WINDOWS\system32\qrqss.bak1
2007-01-15 18:10 277,044 ---hs---- C:\WINDOWS\system32\ssqrq.dll
2007-01-15 18:10 22,029 ---hs---- C:\WINDOWS\system32\fccywuu.dll
2007-01-15 18:10 2,560 --a------ C:\WINDOWS\system32\unsvchosts.exe
2007-01-15 18:03 738,260 ---hs---- C:\WINDOWS\system32\yccdd.bak1
2007-01-15 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-15 16:43 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-15 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-15 16:43 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-15 16:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-15 16:31 <DIR> d-------- C:\DOCUME~1\CLAYTO~1\Application Data\Lavasoft
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-15 14:52 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-15 14:49 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-15 14:48 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-14 18:30 <DIR> d-------- C:\ATI
2007-01-14 05:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-14 05:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 23:04 <DIR> d--hs---- C:\FOUND.010
2007-01-13 21:01 <DIR> d--hs---- C:\FOUND.009
2007-01-13 19:21 <DIR> d--hs---- C:\FOUND.008
2007-01-13 14:11 <DIR> d--hs---- C:\FOUND.007
2007-01-12 21:35 22,541 ---hs---- C:\WINDOWS\system32\opnmjii.dll
2007-01-12 03:36 22,541 ---hs---- C:\WINDOWS\system32\vtuspno.dll
2007-01-12 02:56 <DIR> d--hs---- C:\FOUND.006
2007-01-11 17:46 60,416 --a------ C:\WINDOWS\system32\qhykcwz.dll
2007-01-11 00:22 <DIR> d--hs---- C:\FOUND.005
2007-01-10 17:05 <DIR> d--hs---- C:\FOUND.004
2007-01-09 19:23 <DIR> d--hs---- C:\FOUND.003
2007-01-09 17:53 <DIR> d--hs---- C:\FOUND.002
2007-01-08 21:02 <DIR> d--hs---- C:\FOUND.001
2007-01-08 10:33 <DIR> d--hs---- C:\FOUND.000
2007-01-07 19:58 <DIR> d-------- C:\Program Files\Sony
2007-01-03 17:20 118,804 --------- C:\WINDOWS\system32\xvunlllt.dll
2006-12-29 03:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Sun
2006-12-27 17:18 44,060 --a------ C:\WINDOWS\system32\dljvpbmv.dll
2006-12-26 05:47 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-26 05:34 <DIR> d-------- C:\Program Files\LucasArts
2006-12-25 19:18 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-24 17:14 <DIR> d-------- C:\Program Files\PeDevice
2006-12-24 17:12 22,541 ---hs---- C:\WINDOWS\system32\cbxuuvt.dll
2006-12-22 12:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-15 16:44 7126 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-24 00:34 40973 ---hs---- C:\WINDOWS\system32\awtqqnm.dll
2006-11-23 21:51 40973 ---hs---- C:\WINDOWS\system32\qomkhij.dll
2006-11-23 21:07 40973 ---hs---- C:\WINDOWS\system32\awtutsq.dll
2006-11-23 15:18 -------- d-------- C:\Program Files\warcraft iii
2006-11-22 19:39 -------- d-------- C:\Program Files\registrar registry manager
2006-11-22 17:03 40973 ---hs---- C:\WINDOWS\system32\wvurpqp.dll
2006-11-22 14:26 40973 ---hs---- C:\WINDOWS\system32\fccdbxx.dll
2006-11-21 19:04 40973 ---hs---- C:\WINDOWS\system32\ddcyaxu.dll
2006-11-21 19:04 18944 --------- C:\WINDOWS\system32\winrge32.dll
2006-11-18 14:34 -------- d-------- C:\Program Files\symantec antivirus
2006-11-17 03:02 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 16:23 21888 --a------ C:\WINDOWS\system32\rrspy.sys
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Bwer"="\"C:\\WINDOWS\\ASEMBL~1\\csrss.exe\" -vt yazb"
"Bfz"="C:\\Documents and Settings\\Clayton Kueh\\My Documents\\S?mantec\\r?gsvr32.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\xvunlllt.dll\",setvm"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1C9678E2-77AC-4CAD-89EA-9E3F980C73C4}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurolk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061123-214330-817
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
backup-20061123-214330-212
O2 - BHO: (no name) - {CC7D820E-2F0E-44F0-B329-5B5F9CB20E34} - C:\WINDOWS\system32\vtutq.dll (file missing)
backup-20061123-214330-589
O2 - BHO: (no name) - {621CF30B-9C1A-4B4D-91CB-D1EF13177687} - C:\WINDOWS\system32\pmkhi.dll (file missing)
Completion time: 07-01-16 17:40:05

[Claypot]

Logfile of HijackThis v1.99.1
Scan saved at 5:43:18 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\QuickTime\qttask.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[steamwiz]

Hi

A lot of work still to do... you have a vundo Trojan, but this is hidden from hijackthis.. in order to show the hidden entries please find your hijackthis.exe file and rename it to Claypot.exe

run this file & post a new hijackthis log...

When you have posted the log please do this :-

Please download VundoFix.exe to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".

7. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix untill it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...

Remember to post the C:\vundofix.txt and a new HiJackThis log.

so that's a hijackthis log before & after running vundofix...

to finish with post a new combofix log as well...

steam

[Claypot]

This is the hijackthis log before vundofix :

Logfile of HijackThis v1.99.1
Scan saved at 2:44:39 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\Claypot.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\wvurolk.dll
O2 - BHO: (no name) - {2FFCF426-31CF-126F-B9E0-33A67C5EC090} - C:\WINDOWS\system32\qhykcwz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59349718-0781-419A-A249-87E1740EC9C8} - C:\WINDOWS\system32\ssqrq.dll
O2 - BHO: (no name) - {6F49B50E-9077-4F58-8375-9A844DA0F654} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\dljvpbmv.dll
O2 - BHO: (no name) - {84B54719-3FEC-478B-8019-701465EB3D56} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {B0C230E1-0D38-4704-8B47-9F9CAE1AF8B4} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {FCE1DD9E-7D9A-4215-ABFB-E6B32F3D8F1F} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O20 - Winlogon Notify: wvurolk - C:\WINDOWS\SYSTEM32\wvurolk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[Claypot]

Vundofix log:

VundoFix V6.2.11

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 2:50:37 PM 1/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

New hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:04 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\divxsm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\Claypot.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\wvurolk.dll
O2 - BHO: (no name) - {2FFCF426-31CF-126F-B9E0-33A67C5EC090} - C:\WINDOWS\system32\qhykcwz.dll
O2 - BHO: (no name) - {41D2767B-A47D-4900-A18F-902C6C683C67} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59349718-0781-419A-A249-87E1740EC9C8} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {6F49B50E-9077-4F58-8375-9A844DA0F654} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\dljvpbmv.dll
O2 - BHO: (no name) - {84B54719-3FEC-478B-8019-701465EB3D56} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {B0C230E1-0D38-4704-8B47-9F9CAE1AF8B4} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {FCE1DD9E-7D9A-4215-ABFB-E6B32F3D8F1F} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O20 - Winlogon Notify: wvurolk - C:\WINDOWS\SYSTEM32\wvurolk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[Claypot]

And finally the combofix log:

"Clayton Kueh" - 07-01-17 15:03:37 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Clayton Kueh\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Documents\setup.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\MANTEC~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly
C:\qoobox\purity\WINDOWS\ASEMBL~1\csrss.exe
C:\qoobox\purity\Program Files\YMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1\r?gsvr32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


2007-01-17 14:58 76,412 --a------ C:\WINDOWS\system32\mautrdso.dll
2007-01-17 14:58 740,018 ---hs---- C:\WINDOWS\system32\ijjlm.bak1
2007-01-17 14:58 277,044 ---hs---- C:\WINDOWS\system32\mljji.dll
2007-01-17 14:57 277,044 ---hs---- C:\WINDOWS\system32\jkhfc.dll
2007-01-17 14:57 277,044 --------- C:\WINDOWS\system32\mljjk.dll
2007-01-17 14:50 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-01-16 17:38 275,643 --a------ C:\WINDOWS\system32\awtqo.dll
2007-01-16 17:37 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-16 16:11 22,029 ---hs---- C:\WINDOWS\system32\wvurolk.dll
2007-01-16 15:25 <DIR> d-------- C:\Program Files\webHancer
2007-01-16 03:38 155,648 ---h----- C:\Program Files\Common Files\svchost.exe
2007-01-15 18:10 22,029 ---hs---- C:\WINDOWS\system32\fccywuu.dll
2007-01-15 18:10 2,560 --a------ C:\WINDOWS\system32\unsvchosts.exe
2007-01-15 18:03 738,260 ---hs---- C:\WINDOWS\system32\yccdd.bak1
2007-01-15 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-15 16:43 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-15 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-15 16:43 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-15 16:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-15 16:31 <DIR> d-------- C:\DOCUME~1\CLAYTO~1\Application Data\Lavasoft
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-15 14:52 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-15 14:49 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-15 14:48 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-14 18:30 <DIR> d-------- C:\ATI
2007-01-14 05:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-14 05:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 23:04 <DIR> d--hs---- C:\FOUND.010
2007-01-13 21:01 <DIR> d--hs---- C:\FOUND.009
2007-01-13 19:21 <DIR> d--hs---- C:\FOUND.008
2007-01-13 14:11 <DIR> d--hs---- C:\FOUND.007
2007-01-12 21:35 22,541 ---hs---- C:\WINDOWS\system32\opnmjii.dll
2007-01-12 03:36 22,541 ---hs---- C:\WINDOWS\system32\vtuspno.dll
2007-01-12 02:56 <DIR> d--hs---- C:\FOUND.006
2007-01-11 17:46 60,416 --a------ C:\WINDOWS\system32\qhykcwz.dll
2007-01-11 00:22 <DIR> d--hs---- C:\FOUND.005
2007-01-10 17:05 <DIR> d--hs---- C:\FOUND.004
2007-01-09 19:23 <DIR> d--hs---- C:\FOUND.003
2007-01-09 17:53 <DIR> d--hs---- C:\FOUND.002
2007-01-08 21:02 <DIR> d--hs---- C:\FOUND.001
2007-01-08 10:33 <DIR> d--hs---- C:\FOUND.000
2007-01-07 19:58 <DIR> d-------- C:\Program Files\Sony
2007-01-03 17:20 118,804 --------- C:\WINDOWS\system32\xvunlllt.dll
2006-12-29 03:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Sun
2006-12-27 17:18 44,060 --a------ C:\WINDOWS\system32\dljvpbmv.dll
2006-12-26 05:47 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-26 05:34 <DIR> d-------- C:\Program Files\LucasArts
2006-12-25 19:18 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-24 17:14 <DIR> d-------- C:\Program Files\PeDevice
2006-12-24 17:12 22,541 ---hs---- C:\WINDOWS\system32\cbxuuvt.dll
2006-12-22 12:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-15 16:44 7126 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-24 00:34 40973 ---hs---- C:\WINDOWS\system32\awtqqnm.dll
2006-11-23 21:51 40973 ---hs---- C:\WINDOWS\system32\qomkhij.dll
2006-11-23 21:07 40973 ---hs---- C:\WINDOWS\system32\awtutsq.dll
2006-11-23 15:18 -------- d-------- C:\Program Files\warcraft iii
2006-11-22 19:39 -------- d-------- C:\Program Files\registrar registry manager
2006-11-22 17:03 40973 ---hs---- C:\WINDOWS\system32\wvurpqp.dll
2006-11-22 14:26 40973 ---hs---- C:\WINDOWS\system32\fccdbxx.dll
2006-11-21 19:04 40973 ---hs---- C:\WINDOWS\system32\ddcyaxu.dll
2006-11-21 19:04 18944 --------- C:\WINDOWS\system32\winrge32.dll
2006-11-18 14:34 -------- d-------- C:\Program Files\symantec antivirus
2006-11-17 03:02 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 16:23 21888 --a------ C:\WINDOWS\system32\rrspy.sys
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Bwer"="\"C:\\WINDOWS\\ASEMBL~1\\csrss.exe\" -vt yazb"
"Bfz"="C:\\Documents and Settings\\Clayton Kueh\\My Documents\\S?mantec\\r?gsvr32.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\xvunlllt.dll\",setvm"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1C9678E2-77AC-4CAD-89EA-9E3F980C73C4}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljji
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurolk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Completion time: 07-01-17 15:06:22
C:\ComboFix2.txt ... 07-01-16 17:40



My antivirus keep popping up to warn me of Trojan.Nebuler if that helps at all.

[steamwiz]

HI

still LOTS to do...

You still have a LOT of vundo files...

Please run vundofix again & again & again & keep running it until you get the message "no infected files were found"

you may have to run it half a dozen or more times... vundo can be very stubborn to go ...

Once you get "no infected files were found" ... carry on with this :-

Download and install the 30 day trial of AVG Anti-Spyware from HERE :-

http://www.ewido.net/en/download/

1. Download it to your desktop
2. Doubleclick the AVG Anti-Spyware icon to start the ewido setup process...
3. update the definition files....
Click the Update icon then select the Update now link...
Select the Start Update button, the update will start and a progress bar will show the updates being installed.
4. select the Scanner icon at the top of the screen, then select the Settings tab
click on Recommended actions and then select Quarantine
5. Under Reports...
Select Automatically generate report after every scan
Un-Select Only if threats were found
6. Close AVG Anti-Spyware > Do not run the scan yet.

Boot your computer into Safemode

1. Go to Start> Shut Off your Computer> Restart
2. As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
3. Use the Up and Down Arrow Keys to scroll up to SAFEMODE
4. Then press the Enter on your Keyboard

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process

1. Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
2. Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
3. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
4. Once the scan is complete do the following:
5. If you have any infections you will prompted, then select Apply all actions
6. Next select the Reports icon at the top.
7. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
8. make sure to remember where you saved that file, this is important
9. Close AVG Anti-Spyware
10. Copy & paste the AVG Anti-Spyware report in your next post

So I'll want to see :-

1. AVG Anti-Spyware report
2. a new C:\vundofix.txt
3. a new combofix
3. a new hijackthis log

I know this is a lot of work, but once you have done this, we will be well on the way to resolving the problem.

steam

[Claypot]

Here's the AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:29:39 PM 1/17/2007

+ Scan result:



C:\Program Files\PeDevice\PeDev.dll -> Adware.Delfin : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP145\A0031288.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{755BBD1A-AA59-456C-AFEB-B4C42C4DCB6F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{755BBD1A-AA59-456C-AFEB-B4C42C4DCB6F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP150\A0038964.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP150\A0038965.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\QooBox\Purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1\rеgsvr32.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP131\A0016994.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP145\A0029278.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qhykcwz.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP131\A0016989.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP131\A0016990.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP142\A0020201.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP142\A0020202.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP148\A0037443.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP148\A0037444.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039019.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039020.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039217.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039260.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039261.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039287.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awtqqnm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awtutsq.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ddcyaxu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fccdbxx.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qomkhij.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wvurpqp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{898272CF-3ACE-4A7B-98FA-9EB8DB8B26DC} -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP145\A0031295.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP146\A0031322.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039148.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039149.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP147\A0035367.ini -> Dialer.IDialer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd21.tmp.exe -> Dialer.IDialer.m : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039095.EXE -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039233.EXE -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039151.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\ASEMBL~1\csrss.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP128\A0016942.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039210.exe -> Dropper.Small : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.185:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.186:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.187:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.188:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@oasc02.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.311:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.510:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.655:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.676:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.684:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.218:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.219:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.220:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.849:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.228:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.871:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.872:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.229:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.230:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.154:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.155:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.156:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.305:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.157:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.158:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.159:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.371:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.372:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.346:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.358:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.359:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.360:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.361:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

*continued next post