Smitfraud-C.Toolbar888

[Platinum griff]

Like an idiot i got a bunch of crap into my machine. I was able to remove most of it by booting in safe-mode and running Spy bot and ad-aware and all but Smitfraud-C.Toolbar888 gets cleaned off. I got Smitfraudfix but it doesnt help as Smitfraud-C.Toolbar888 stays on my machine and each time i start in nomral mode it grabs a bunch of other crap.

Below is the HJT log and the avtivescan log from the panda scan.

Logfile of HijackThis v1.99.1
Scan saved at 4:00:56 AM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\mst461.tmp
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\116[1].net
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\l11[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\wlzip32[1].exe
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\ff3[1]
Dialerialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvnys[1].exe
Dialerialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvyfr[1].exe
Dialerialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvzjf[1].exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\WinAntiVirusPro2006FreeInstall[1].cab[UWA6P_0001_N91M1807NetInstaller.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\122[1].net
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\anti4[1].exe
Dialerialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\srvvea[1].exe
Dialerialer.HLD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MBCZE52F\srvwdt[1].exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U1SDO50D\mulbin32[1].exe
Possible Virus. Not disinfected C:\Documents and Settings\Owner\My Documents\a?sembly\csrss.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\Activate.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\Uninst.exe
Possible Virus. Renamed C:\Program Files\?ppPatch\w?nword.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\components\flx7.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\jkkhhii.dll
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{941A08EB-5AED-4619-B399-2BF0A5E57FB9}.exe[KillAndClean.exe]
Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\system32\{941A08EB-5AED-4619-B399-2BF0A5E57FB9}.exe[KillAndCleanUpdate.exe]
Adware:Adware/CWS Not disinfected C:\WINDOWS\system32\{DFA461FB-7886-4C11-BFA4-09E5C62397E4}.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\nse2F.tmp\nsProcess.dll
Dialerialer.HLD Not disinfected C:\WINDOWS\Temp\win159.tmp.exe
Dialerialer.HLD Not disinfected C:\WINDOWS\Temp\win1D.tmp.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Temp\win2A.tmp.exe
Dialerialer.HLD Not disinfected C:\WINDOWS\Temp\win31.tmp.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\win32.tmp.exe
Dialerialer.HLD Not disinfected C:\WINDOWS\Temp\win41F.tmp.exe
Dialerialer.HLD Not disinfected C:\WINDOWS\Temp\win74.tmp.exe
Dialerialer.HLD Not disinfected C:\WINDOWS\Temp\win77.tmp.exe
Dialerialer.HLD Not disinfected C:\WINDOWS\Temp\win83.tmp.exe
Dialerialer.HLD

 

[illukka]

1. Download this file -

combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next

reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to

stall

 

[Platinum griff]

Not sure if that was supposed to fix it all but it didnt, regardless here is the log it created.

Owner - 06-11-05 19:59:38.23 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1\a?sembly
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1\csrss.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-11-05 03:54 611,267 ---hs---- C:\WINDOWS\system32\npqss.bak2
2006-11-04 22:28 40,973 ---hs---- C:\WINDOWS\system32\ddcbaxv.dll
2006-11-04 22:28 131,072 --a------ C:\WINDOWS\system32\tjb.dll
2006-11-04 18:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-04 18:59 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-04 18:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-04 18:59 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-04 18:01 94,208 --a------ C:\WINDOWS\system32\usotswi.dll
2006-11-04 18:01 72,704 --a------ C:\WINDOWS\system32\jkfumwn.dll
2006-11-04 18:01 40,973 ---hs---- C:\WINDOWS\system32\ddcdeeb.dll
2006-11-04 04:19 94,208 --a------ C:\WINDOWS\system32\lhzjhse.dll
2006-11-04 04:19 73,216 --a------ C:\WINDOWS\system32\yacvdxi.dll
2006-11-04 04:19 59,392 --a------ C:\WINDOWS\system32\drvtem.dll
2006-11-04 04:19 40,973 ---hs---- C:\WINDOWS\system32\opnomki.dll
2006-11-04 01:15 110,612 --a------ C:\WINDOWS\system32\mgkxsmpc.exe
2006-11-04 01:14 692,276 ---hs---- C:\WINDOWS\system32\ssqpn.dll
2006-11-04 01:14 602,245 ---hs---- C:\WINDOWS\system32\npqss.bak1
2006-11-04 01:14 60,436 --a------ C:\WINDOWS\system32\goeemqyn.dll
2006-11-04 01:09 94,208 --a------ C:\WINDOWS\system32\xtwgtvj.dll
2006-11-04 01:09 72,192 --a------ C:\WINDOWS\system32\yzjudad.dll
2006-11-04 01:09 2 --a------ C:\WINDOWS\system32\wtsit.exe
2006-11-04 01:08 59,392 --a------ C:\WINDOWS\system32\drvlan.dll
2006-11-04 01:08 40,973 ---hs---- C:\WINDOWS\system32\jkkhhii.dll
2006-11-04 01:08 15,872 --a------ C:\WINDOWS\system32\winzss32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 20:00 -------- d-------- C:\Program Files\Common Files
2006-11-05 18:08 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-04 17:24 -------- d-------- C:\Program Files\xerox
2006-11-04 17:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-11-04 17:01 -------- d-------- C:\Program Files\Lavasoft
2006-11-04 16:02 -------- d-------- C:\Program Files\Internet Explorer
2006-11-04 03:14 -------- d-------- C:\Program Files\WinRAR
2006-11-04 03:03 -------- d-------- C:\Program Files\ATI Multimedia
2006-11-04 01:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-04 00:54 -------- d-------- C:\Program Files\Adobe
2006-11-04 00:53 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-11-04 00:53 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-03 23:47 -------- d-------- C:\Program Files\Burning Crusade Closed Beta
2006-10-24 02:50 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-10-24 01:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-10-24 01:20 -------- d-------- C:\Program Files\Windows Journal Viewer
2006-10-03 10:40 -------- d-------- C:\Program Files\Yahoo!
2006-09-26 14:13 -------- d-------- C:\Program Files\World of Warcraft
2006-09-25 18:52 -------- d-------- C:\Documents and Settings\Owner\Application Data\ATI
2006-09-14 15:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-05 04:29 -------- d-------- C:\Program Files\BitComet
2006-09-01 00:48 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"Erar"="\"C:\\DOCUME~1\\Owner\\MYDOCU~1\\ASEMBL~1\\csrss.exe\" -vt yazb"
"Sflrpr"="C:\\Program Files\\?ppPatch\\w?nword.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvtem.dll,startup"
"lhzjhse.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\lhzjhse.dll,lthohnf"
"usotswi.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\usotswi.dll,oknxzqc"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoBandCustomize"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomki
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzss32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-05 20:01:46.93
C:\ComboFix.txt ... 06-11-05 20:01

 

[illukka]

ok, now post a fresh hiajckthis log.

NOTE:
before scanning for the log rename hiajckthis to scanner
then proceed to scan for the log

 

[Platinum griff]

Logfile of HijackThis v1.99.1
Scan saved at 11:07:14 AM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}\Update.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\SSTEM3~1\dexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: (no name) - {BA0806E1-9A2A-91D9-73E1-C19E8C4157BB} - C:\WINDOWS\system32\bluunew.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BA0806E1-9A2A-91D9-73E1-C19E8C4157BB} - C:\WINDOWS\system32\bluunew.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll
O2 - BHO: (no name) - {D2EDFC52-CD3A-44B8-A22A-67690F03A69D} - C:\WINDOWS\system32\ssqpn.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\opnomki.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKCU\..\Run: [Erar] "C:\WINDOWS\system32\SSTEM3~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnomki - C:\WINDOWS\SYSTEM32\opnomki.dll
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzss32 - C:\WINDOWS\SYSTEM32\winzss32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

[illukka]

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. 
   
   
   Please download VundoFix.exe to your desktop
   • Double-click VundoFix.exe to run it.
   • Click the Scan for Vundo button.
   • Once it's done scanning, click the Remove Vundo button.
   • You will receive a prompt asking if you want to remove the files, click YES
   • Once you click yes, your desktop will go blank as it starts removing Vundo.
   • When completed, it will prompt that it will reboot your computer, click OK.
   • Please post the contents of C:\vundofix.txt in a reply to this thread.
   Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
2. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
3. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
4. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
5. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
6. If you have any infections you will prompted, then select "Apply all actions"
7. Next select the "Reports" icon at the top.
8. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
9. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

so what i need is:

vundofix.txt
the avg antispyware scan report
and a new HiJackThis log

 

[Platinum griff]

Vundo log, AVG log and a new hjt log...the vundo might be a little off i couldnt find the text fil and ran it a second time after avg. the post is also too long so it'll be split over two posts.



VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 9:42:13 AM 11/9/2006

Listing files found while scanning....

C:\WINDOWS\system32\ghgchrh.dll
C:\WINDOWS\system32\jkfumwn.dll
C:\WINDOWS\system32\lhzjhse.dll
C:\WINDOWS\system32\usotswi.dll
C:\WINDOWS\system32\winzss32.dll
C:\WINDOWS\system32\xtwgtvj.dll
C:\WINDOWS\system32\yacvdxi.dll
C:\WINDOWS\system32\yzjudad.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ghgchrh.dll
C:\WINDOWS\system32\ghgchrh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkfumwn.dll
C:\WINDOWS\system32\jkfumwn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lhzjhse.dll
C:\WINDOWS\system32\lhzjhse.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\usotswi.dll
C:\WINDOWS\system32\usotswi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winzss32.dll
C:\WINDOWS\system32\winzss32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xtwgtvj.dll
C:\WINDOWS\system32\xtwgtvj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yacvdxi.dll
C:\WINDOWS\system32\yacvdxi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yzjudad.dll
C:\WINDOWS\system32\yzjudad.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 11:19:52 AM 11/9/2006

Listing files found while scanning....

No infected files were found.

_________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:29:21 AM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll (file missing)
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B400604F-3D4B-4949-86EC-C5825A80C17D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\opnomki.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnomki - C:\WINDOWS\SYSTEM32\opnomki.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

[Platinum griff]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:15:55 AM 11/9/2006

+ Scan result:



C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0044885.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043850.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045345.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045377.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045425.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP182\A0045437.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP183\A0045450.dll -> Adware.PurityScan : Cleaned.
C:\WINDOWS\system32\csuh.dll -> Adware.PurityScan : Cleaned.
C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}\Update.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{4CE2FB23-06A3-1033-0217-050208050001}\services.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045400.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045401.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045402.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043854.exe -> Downloader.Agent.uj : Cleaned.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043849.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045065.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045367.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045406.exe -> Downloader.PurityScan.dc : Cleaned.
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\ASEMBL~1\csrss.exe -> Downloader.PurityScan.dt : Cleaned.
C:\WINDOWS\system32\sуstem32\dexplore.exe -> Downloader.PurityScan.dt : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8PUVWTI7\L2[1].exe -> Downloader.Small.dod : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0044861.exe -> Downloader.Zlob.aew : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045046.exe -> Downloader.Zlob.atw : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045063.exe -> Downloader.Zlob.atw : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045342.exe -> Downloader.Zlob.atw : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\l11[1].exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045350.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045351.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0045384.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045404.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP181\A0045408.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP183\A0045449.exe -> Downloader.Zlob.auv : Cleaned.
C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.auv : Cleaned.
C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.auv : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043852.exe -> Dropper.Small : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\antzom[1].exe -> Hijacker.Small.lr : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.548:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.628:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.629:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.630:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.742:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.743:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.710:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.711:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.712:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.713:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.714:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.445:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.446:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.471:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

 

[Platinum griff]

:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.572:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.573:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.574:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.816:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.

 

[Platinum griff]

:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.636:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w8213f3t.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP183\A0045456.dll -> Trojan.Agent.vg : Cleaned.
C:\VundoFix Backups\winzss32.dll.bad -> Trojan.Agent.vg : Cleaned.
C:\WINDOWS\system32\goeemqyn.dll -> Trojan.BHO.g : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\srvamo[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\srviiq[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\83YZIV2F\srvrvp[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvcmo[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7W9M5CD\srvyvd[1].exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win2E9.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win32D.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win32F.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win455.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\Temp\win464.tmp.exe -> Trojan.Dialer.qs : Cleaned.
C:\WINDOWS\system32\{DFA461FB-7886-4C11-BFA4-09E5C62397E4}.exe -> Trojan.Puper.bx : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP111\A0028919.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP111\A0028930.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP111\A0028937.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP117\A0029010.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031010.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031017.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031027.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP120\A0031034.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP125\A0031069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP129\A0032069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP129\A0033069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP130\A0034069.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP133\A0034121.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP133\A0034229.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP135\A0034396.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP137\A0034444.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP137\A0034450.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP140\A0034471.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP141\A0034482.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP144\A0034922.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP147\A0036928.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP147\A0036944.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP148\A0036959.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP148\A0036966.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP149\A0036981.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP152\A0037008.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP154\A0038008.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP154\A0039008.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP155\A0039036.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP155\A0039044.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP156\A0039062.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP163\A0039206.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP163\A0040200.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP165\A0040237.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP165\A0042252.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP165\A0042260.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP166\A0042271.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP170\A0042420.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP171\A0043410.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP173\A0043452.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP174\A0043466.exe -> Trojan.Small.fb : Cleaned.
C:\System Volume Information\_restore{1EE25797-B8F0-46D2-8299-6738E8599CF1}\RP180\A0043855.exe -> Trojan.Small.fb : Cleaned.


::Report end

 

[illukka]

hi

much better

next:


Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

 

[Platinum griff]

Ive noticed two windows warnings when the windows explorer starts up about .dll in the system32 folder that aren't aren't working since one of the cleanings. If you wanna know more about it I can post the exact errors. Its not interfearing with anything just annoying to see them each time the computer is rebooted.

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32
{941A08EB-5AED-4619-B399-2BF0A5E57FB9}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.


Logfile of HijackThis v1.99.1
Scan saved at 3:24:53 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R3 - URLSearchHook: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll (file missing)
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {70A0248F-84CD-4EA8-AD8F-39883E8F8D6F} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B400604F-3D4B-4949-86EC-C5825A80C17D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

[illukka]

hi

open hiajckthis
click do a system scan only
checkmark these
R3 - URLSearchHook: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {059D52E4-9571-CE8B-2A54-CACE19C8BAB0} - C:\WINDOWS\system32\csuh.dll (file missing)
O2 - BHO: (no name) - {21756D36-9460-1941-E1A9-027993B877B9} - C:\WINDOWS\system32\jkfumwn.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3D4C77D3-7466-F61A-1867-062DE6E30D5B} - C:\WINDOWS\system32\yacvdxi.dll (file missing)
O2 - BHO: (no name) - {4947A57C-AADE-44E8-9463-0668A1BDE510} - C:\WINDOWS\system32\ghgchrh.dll (file missing)
O2 - BHO: (no name) - {B400604F-3D4B-4949-86EC-C5825A80C17D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3CE2FB23-06A3-1033-0217-050208050001}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [lhzjhse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lhzjhse.dll,lthohnf
O4 - HKLM\..\Run: [usotswi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\usotswi.dll,oknxzqc
O4 - HKLM\..\Run: [afgbxr.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\afgbxr.dll,rujtulc
O4 - HKCU\..\Run: [Sflrpr] C:\Program Files\?ppPatch\w?nword.exe
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll


then close all browsers and explorer windows

and click fix checked

reboot

rescan with hijackthis and post a new log

 

[Platinum griff]

Logfile of HijackThis v1.99.1
Scan saved at 3:56:42 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A0FCEC44-3727-4937-B8CF-289AB8259167} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

[illukka]

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

 

[Platinum griff]

Logfile of HijackThis v1.99.1
Scan saved at 2:58:10 AM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A0FCEC44-3727-4937-B8CF-289AB8259167} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiSpyware2006FreeInstall.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

[illukka]

hi


Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. It will say "Java Plug-in" under the icon.
   Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
3. If you are unable to update you can manually update by going here:
   • 
     http://www.java.com/en/download/manual.jsp
4. After the reboot, go back into the Control Panel and double-click the Java Icon.
5. Under Temporary Internet Files, click the Delete Files button.
6. There are three options in the window to clear the cache - Leave ALL 3 Checked
   • 
     Downloaded Applets
     Downloaded Applications
     Other Files
7. Click OK on Delete Temporary Files Window
   Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
8. Click OK to leave the Java Control Panel.

next open hijackthis. click do a system scan only
checkmark these
O2 - BHO: (no name) - {71BF1F17-27C5-414B-7C68-045CF2F85FCD} - C:\WINDOWS\system32\yzjudad.dll (file missing)
O2 - BHO: (no name) - {A0FCEC44-3727-4937-B8CF-289AB8259167} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\goeemqyn.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab

then close all explorer and browser windows
and click fix checked

reboot

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

next:
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

when you get back post the fsecure report and a fresh hijackthis log

 

[Platinum griff]

Scanning Report
Tuesday, November 14, 2006 19:38:33 - 21:15:52

Computer name: HARDAC
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 3 malware found
Adware.MyToolbar (spyware)

* System (Disinfected)

Tracking Cookie (spyware)

* System (Disinfected)

not-virus:Hoax.Win32.Renos.ge (virus)

* C:\WINDOWS\SYSTEM32\DRVLAN.DLL

Statistics
Scanned:

* Files: 22248
* System: 3607
* Not scanned: 2

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-14
* F-Secure AVP: 7.0.171, 2006-11-14
* F-Secure Orion: 1.2.37, 2006-11-14
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Logfile of HijackThis v1.99.1
Scan saved at 9:17:20 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtem.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

[illukka]

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

 

[Platinum griff]

SmitFraudFix v2.121

Scan done at 9:59:13.32, Wed 11/15/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\Owner\STARTM~1\VirusBursters 6.2.lnk FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End