seems to be infected byTrogan-Spy.Win32@mx[resolved]

Muylobito

Hi! happy late thankgiving hoped everything went well
Well I hae a problem it seems my brother went on downloading things and messed teh comp up, he did a good job which is not cool
It looks something like this

Thx to anyone that can help me:smiles:

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, November 26, 2006 9:49:43 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:Se1R134 20.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Suggestor(TAC index:10):4 total references
Tracking Cookie(TAC index:3):9 total references
VirusBurst(TAC index:3):1 total references
Win32.Trojan.Downloader(TAC index:10):5 total references
Zango(TAC index:4):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-26-2006 9:49:43 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 388
ThreadCreationTime : 11-27-2006 3:03:05 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 11-27-2006 3:03:06 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 11-27-2006 3:03:08 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 11-27-2006 3:03:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 11-27-2006 3:03:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 11-27-2006 3:03:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 11-27-2006 3:03:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 796
ThreadCreationTime : 11-27-2006 3:03:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 11-27-2006 3:03:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 11-27-2006 3:03:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 11-27-2006 3:03:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1088
ThreadCreationTime : 11-27-2006 3:03:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1240
ThreadCreationTime : 11-27-2006 3:03:12 AM
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:14 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1280
ThreadCreationTime : 11-27-2006 3:03:12 AM
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:15 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1300
ThreadCreationTime : 11-27-2006 3:03:12 AM
BasePriority : Normal
FileVersion : 7,1,0,400
ProductVersion : 7.1.0.400
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:16 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1316
ThreadCreationTime : 11-27-2006 3:03:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:17 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1348
ThreadCreationTime : 11-27-2006 3:03:14 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:18 [sdhelp.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1404
ThreadCreationTime : 11-27-2006 3:03:14 AM
BasePriority : Normal
FileVersion : 3.6.0.2025
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd

#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1536
ThreadCreationTime : 11-27-2006 3:03:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [brmfrsmg.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1824
ThreadCreationTime : 11-27-2006 3:03:16 AM
BasePriority : Normal
FileVersion : 1.45.15.340
ProductVersion : 1.45.15.340
ProductName : Brother MFL Pro
CompanyName : Brother Industries, Ltd.
FileDescription : Brother MFL Pro Resource Manager
InternalName : BrmfRsmg for Windows2000
LegalCopyright : Copyright (C) 1996-2001 Brother Industries, Ltd.
OriginalFilename : BrmfRsmg.exe

#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 268
ThreadCreationTime : 11-27-2006 3:03:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1908
ThreadCreationTime : 11-27-2006 3:10:39 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [sunthreatengine.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy\Consumer\
ProcessID : 1648
ThreadCreationTime : 11-27-2006 3:10:42 AM
BasePriority : Normal
FileVersion : 1.02.0097
ProductVersion : 1.02.0097
ProductName : CounterSpy
CompanyName : Sunbelt Software
FileDescription : CounterSpy Threat Audit Engine
InternalName : sunThreatEngine
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
OriginalFilename : sunThreatEngine.exe

#:24 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2072
ThreadCreationTime : 11-27-2006 3:10:50 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:25 [sunprotectionserver.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy\Consumer\
ProcessID : 2192
ThreadCreationTime : 11-27-2006 3:10:59 AM
BasePriority : Normal
FileVersion : 1.02.0097
ProductVersion : 1.02.0097
ProductName : CounterSpy
CompanyName : Sunbelt Software
FileDescription : CounterSpy Active Protection
InternalName : SunProtectionServer
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
OriginalFilename : SunProtectionServer.exe

#:26 [isamonitor.exe]
FilePath : C:\Program Files\Gold Codec\
ProcessID : 2252
ThreadCreationTime : 11-27-2006 3:11:01 AM
BasePriority : Normal


#:27 [sunserver.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy\Consumer\
ProcessID : 2260
ThreadCreationTime : 11-27-2006 3:11:01 AM
BasePriority : Normal
FileVersion : 1.05.0082
ProductVersion : 1.05.0082
ProductName : CounterSpy
CompanyName : Sunbelt Software
InternalName : SunServer
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
OriginalFilename : SunServer.exe

#:28 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2268
ThreadCreationTime : 11-27-2006 3:11:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:29 [isamini.exe]
FilePath : C:\Program Files\Gold Codec\
ProcessID : 2356
ThreadCreationTime : 11-27-2006 3:11:02 AM
BasePriority : Normal


#:30 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1145425248\ee\
ProcessID : 2372
ThreadCreationTime : 11-27-2006 3:11:02 AM
BasePriority : Normal
FileVersion : 1.5.3.1
ProductVersion : 1.5.3.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:31 [firewall.exe]
FilePath : C:\Program Files\PCSecurityShield\The Shield Firewall\
ProcessID : 3868
ThreadCreationTime : 11-27-2006 3:12:37 AM
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 3, 1, 0, 0
ProductName : Shield Firewall
CompanyName : NextAisle
FileDescription : Firewall
InternalName : Firewall
LegalCopyright : CopyRigth (C) 2003
OriginalFilename : Firewall
Comments : CopyRight

#:32 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 3948
ThreadCreationTime : 11-27-2006 3:12:42 AM
BasePriority : Normal


#:33 [getnettime.exe]
FilePath : C:\Program Files\PCSecurityShield\The Shield Firewall\
ProcessID : 4064
ThreadCreationTime : 11-27-2006 3:12:47 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : GetNetTime.DLL
CompanyName : FarStone
FileDescription : GetNetTime Dynamic Link Library
InternalName : GetNetTime
LegalCopyright : CopyRight (C) 2003
OriginalFilename : GetNetTime.DLL
Comments : CopyRight

#:34 [aim6.exe]
FilePath : c:\program files\common files\aol\1145425248\ee\
ProcessID : 2492
ThreadCreationTime : 11-27-2006 5:39:55 AM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AIM
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:35 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 3048
ThreadCreationTime : 11-27-2006 5:43:36 AM
BasePriority : Normal


#:36 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 11-27-2006 5:49:00 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:37 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 716
ThreadCreationTime : 11-27-2006 5:49:29 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Suggestor Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d8a7eb2e-2b43-4640-872d-bb1cd9fcae59}

Adware.Suggestor Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{3d9de4f1-840e-4820-86ce-1ee96e11945a}

VirusBurst Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6a66cc28-f0a2-fcbc-d3d5-1ea3001ed26a}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\classes\software\microsoft\internet explorer\toolbar

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\classes\software\microsoft\internet explorer\toolbar

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-616249376-1801674531-1005\software\classes\software\microsoft\internet explorer\toolbar

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : software\microsoft\internet explorer\toolbar

Adware.Suggestor Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-616249376-1801674531-1005\software\microsoft\windows\currentversion\ext\stats\{8bc199b4-330d-4009-ab9c-d55ac919de8d}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@2o7[2].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:brian aka lobito@2o7.net/
Expires : 11-25-2011 9:37:02 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@apmebf[2].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:brian aka lobito@apmebf.com/
Expires : 11-25-2011 9:37:48 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@linksynergy[1].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:brian aka lobito@linksynergy.com/
Expires : 11-26-2006 9:57:28 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@advertising[2].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:brian aka lobito@advertising.com/
Expires : 11-25-2011 9:36:38 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@perf.overture[1].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:brian aka lobito@perf.overture.com/
Expires : 11-25-2010 9:38:06 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@doubleclick[1].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:brian aka lobito@doubleclick.net/
Expires : 11-25-2009 9:36:36 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@mediaplex[1].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:brian aka lobito@mediaplex.com/
Expires : 6-21-2009 4:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@edge.ru4[2].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:brian aka lobito@edge.ru4.com/
Expires : 11-18-2036 9:36:40 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]brian_aka_lobito@atdmt[2].txt[/email]
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:brian aka lobito@atdmt.com/
Expires : 11-25-2011 4:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 17



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Zango Object Recognized!
Type : File
Data : A0009992.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{247398E7-7F75-4BE4-B2AB-B6871BFD72DE}\RP49\
FileVersion : 8, 50, 167, 0
ProductVersion : 8, 50, 167, 0
ProductName : Zango
CompanyName : Zango, Inc.
FileDescription : Zango
LegalCopyright : Copyright © 2001-2006 Zango, Inc.


Zango Object Recognized!
Type : File
Data : A0009993.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{247398E7-7F75-4BE4-B2AB-B6871BFD72DE}\RP49\
FileVersion : 8.7.167.0
ProductVersion : 8.7.167.0
ProductName : zango
CompanyName : Zango, Inc.
FileDescription : zango
InternalName : ClientHook
LegalCopyright : Copyright © 2001-2006 Zango Inc.
OriginalFilename : ClientHook.dll


Zango Object Recognized!
Type : File
Data : A0010050.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{247398E7-7F75-4BE4-B2AB-B6871BFD72DE}\RP50\
FileVersion : 4.8.2.3209
ProductVersion : 4.8.2.3209
ProductName : Zango
CompanyName : Zango,Inc.
LegalCopyright : Copyright © 2004 - 2006. Zango, Inc. All rights reserved.
LegalTrademarks : Zango.com®; Zango®


Zango Object Recognized!
Type : File
Data : A0010051.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{247398E7-7F75-4BE4-B2AB-B6871BFD72DE}\RP50\
FileVersion : 4.8.2.3209
ProductVersion : 4.8.2.3209
ProductName : Zango
CompanyName : Zango,Inc.
LegalCopyright : Copyright © 2004 - 2006. Zango, Inc. All rights reserved.
LegalTrademarks : Zango.com®; Zango®


Zango Object Recognized!
Type : File
Data : A0010052.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{247398E7-7F75-4BE4-B2AB-B6871BFD72DE}\RP50\
FileVersion : 4.8.2.3209
ProductVersion : 4.8.2.3209
ProductName : Zango
CompanyName : Zango,Inc.
LegalCopyright : Copyright © 2004 - 2006. Zango, Inc. All rights reserved.
LegalTrademarks : Zango.com®; Zango®


Zango Object Recognized!
Type : File
Data : A0010053.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{247398E7-7F75-4BE4-B2AB-B6871BFD72DE}\RP50\
FileVersion : 4.8.2.3209
ProductVersion : 4.8.2.3209
ProductName : Zango
CompanyName : Zango,Inc.
LegalCopyright : Copyright © 2004 - 2006. Zango, Inc. All rights reserved.
LegalTrademarks : Zango.com®; Zango®


Zango Object Recognized!
Type : File
Data : A0010054.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{247398E7-7F75-4BE4-B2AB-B6871BFD72DE}\RP50\
FileVersion : 4.8.2.3209
ProductVersion : 4.8.2.3209
ProductName : Zango
CompanyName : Zango,Inc.
LegalCopyright : Copyright © 2004 - 2006. Zango, Inc. All rights reserved.
LegalTrademarks : Zango.com®; Zango®


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 24


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Suggestor Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\oxqgp

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 26

9:58:22 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:38.719
Objects scanned:145937
Objects identified:26
Objects ignored:0
New critical objects:26


From activescan

Incident Status Location

Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-2.txt[fe.lea.lycos.de/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-2.txt[.64.62.232.6/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt[searchportal.information.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt[.terra.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt[.ig.com.br/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt[.64.62.232.6/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Virusbursters Not disinfected C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt[www.virusbursters.com/]
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\BRiaN aka lobito\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\05A4BFD4-19E1-4E98-9BAE-58521F\BAB20762-1AC0-4D1B-9CCC-D48CF9
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\BRiaN aka lobito\Local Settings\Temporary Internet Files\Content.IE5\ST36386D\yourieprotect[1].htm
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.mysearch.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt[.target.com/]
Adware:Adware/GoldCodec Not disinfected C:\Program Files\Gold Codec\isaddon.dll
Possible Virus. Not disinfected C:\Program Files\Gold Codec\pmmon.exe
Adware:Adware/SystemDoctor Not disinfected C:\Program Files\Gold Codec\pmsngr.exe
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\Hijackthis\backups\backup-20060827-173146-351.dll
Spyware:Spyware/7r7t Not disinfected C:\WINDOWS\srvbydfptx.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\install.exe[²ÜÇ\nsProcess.dll]
BitDefender Online Scanner - Real Time Virus Report


Generated at: Mon, Nov 27, 2006 - 02:26:26




Scan Info


Scanned Files 193492
Infected Files 26





Virus Detected


Trojan.Downloader.VB.TS 2
Trojan.Clicker.BD 2
Adware.Mcboo.A 1
Trojan.Downloader.Zlob.IA 1
Trojan.Downloader.Zlob.GA 1
Trojan.Wpepro.B 2
Virtool.Munga.A 1
Trojan.Downloader.Zlob.HX 6
Exploit.ADODB.Stream.U 3
Exploit.Win32.WMF-PFV.B 1
Trojan.VB.IS 1
Trojan.Zlob.FN 2
Exploit.Win32.WMF-PFV.C 1
Trojan.Sniff.Wpepro.C 2

Muylobito

and finally my HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 2:31:17 AM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Gold Codec\isamonitor.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gold Codec\isamini.exe
C:\Program Files\Common Files\AOL\1145425248\ee\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

F3 - REG:win.ini: load=???
?
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a65a46a89b04d8c8443c127c034196e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a65a46a89b04d8c8443c127c034196e
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\system32\dcvwaah.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
If anybody can help me it would be great Thank you very much

SpywareShooter

[STEP 1] Fix HijackThis Entries:

Fix the following entries with HijackThis by placing checkmarks in the boxes next to them and clicking "Fix Checked".

F3 - REG:win.ini: load=???
?
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\system32\dcvwaah.dll

[STEP 2] Remove Malicious Files:

Locate the following files using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

C:\WINDOWS\system32\dcvwaah.dll

[STEP 3] Remove Malicious Folders:

Locate the following folders using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

C:\Program Files\Gold Codec\

[STEP 4]Run Additional Tools:

Your computer is infected with a variant of Trojan.Zlob. Removal of this software is much easier with a tool created just for its removal. Please download Smitfraud Fix from the link below to your desktop and post the log it gives.:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Your computer is infected with a malicious piece of software known as Look2Me. Removal of this software is much easier with a tool created just for Look2Me removal. Please download L2MFix from the link below to your desktop and post the log it gives.:

http://www.downloads.subratam.org/l2mfix.exe

[STEP 5]Report Back to us:

Once you have followed all of the steps above please reboot your computer and post a new HijackThis log.

Muylobito

cant find this file:
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll



SmitFraudFix v2.82

Scan done at 17:14:38.25, Mon 11/27/2006
Run from C:\Documents and Settings\BRiaN aka lobito\Desktop\New Folder
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BRiaN aka lobito\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BRIANA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

_________________________________________________________________

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,34,ea,3d,66,11,0d,73,49,bd,8d,e2,96,38,5f,a0,90,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,93,7b,7d,fd,45,ba,f3,aa,\
74,07,62,36,74,b4,35,c4,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,28,\
72,0b,41,31,0d,63,f4,c2,d1,af,b6,17,93,6f,31,b0,01,00,00,49,ff,aa,d3,42,03,\
7c,77,01,ca,6d,56,29,5c,1c,50,1c,03,fd,d9,d6,f0,a3,95,03,58,d3,81,5c,b2,76,\
4f,97,42,51,f9,4a,25,63,26,9e,0b,17,4a,38,c9,b9,57,84,37,56,33,10,8b,57,fd,\
e7,14,d4,95,b0,66,77,06,14,ef,e9,44,9f,ae,39,af,04,48,78,80,9a,30,f0,2b,bf,\
66,83,d6,2f,c5,69,56,d6,e0,bc,f8,9c,5c,76,08,33,eb,df,56,13,e9,93,03,ab,50,\
e6,e4,8e,3b,48,0e,5a,6b,7f,5e,5e,d5,0e,32,e7,5f,25,47,0a,ff,12,14,28,22,ea,\
15,a9,86,e2,bc,16,26,62,10,11,20,5e,6a,e0,b6,d4,ae,84,bd,6f,1b,3a,d9,c1,3d,\
6b,bb,bd,56,8d,a5,79,cf,97,38,6b,08,9a,28,4c,63,3f,58,5b,b1,c0,4d,76,e0,f2,\
a4,1d,c4,ce,e2,4c,1a,dc,72,2a,7a,66,01,66,13,35,21,85,1a,ab,e1,08,1e,76,95,\
5b,e6,9e,c4,d8,c5,38,8b,c1,c1,f7,af,31,0f,33,5f,9a,f2,d5,79,f8,d5,7e,23,a7,\
7d,87,4d,ce,f4,3a,74,bd,87,a3,30,63,f0,f5,4e,aa,88,f9,ff,5c,aa,d4,c9,50,21,\
95,64,20,03,75,bf,6e,f9,83,7f,46,7e,d8,6a,24,2b,4f,f9,1c,28,d9,bb,57,46,00,\
90,66,38,7c,30,b1,56,d1,39,a9,ca,48,dd,5a,d0,d3,67,a2,f7,e3,23,23,5e,23,67,\
9f,5b,8d,6a,34,33,ff,11,3c,5a,69,4f,a4,05,06,1b,3c,2a,f7,67,40,35,e6,6b,01,\
c2,d8,08,22,76,49,9a,22,3d,9e,06,28,b6,d1,0d,df,f2,5d,2d,4f,a9,da,db,80,35,\
ba,76,2d,d9,c2,58,e6,c6,a1,8a,d9,a3,97,fc,e2,c2,0b,bc,37,5e,b6,20,37,b9,ac,\
e2,5e,53,83,66,ef,36,84,55,5f,f1,40,75,f9,30,39,31,e4,7d,6c,2d,0a,b4,d8,c9,\
87,47,41,8f,ac,d6,27,1d,13,fb,10,1d,fb,37,cb,cc,07,8e,aa,bf,ae,c1,82,49,96,\
74,14,00,00,00,a8,97,e0,30,b6,81,a6,45,82,bb,d9,41,0d,5c,ff,1e,70,29,d2,2a

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
@=""
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}"="PhotoToys"
"{0f0a4d40-adf0-4e8f-98d8-7208b98be01e}"="ImageShack QuickLoad Image Uploader"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
admparse.dll Fri Oct 27 2006 2:44:26a A.... 71,680 70.00 K
advpack.dll Fri Oct 27 2006 2:44:06a A.... 123,904 121.00 K
avisynth.dll Sun Nov 19 2006 4:20:14p A.... 196,608 192.00 K
browseui.dll Sat Sep 23 2006 1:12:50p A.... 1,022,976 999.00 K
corpol.dll Tue Oct 17 2006 1:03:56p A.... 17,408 17.00 K
divxc32.dll Sun Nov 19 2006 4:19:02p A.... 414,272 404.56 K
divxc32f.dll Sun Nov 19 2006 4:19:02p A.... 414,272 404.56 K
dxtmsft.dll Tue Oct 17 2006 12:58:06p A.... 346,624 338.50 K
dxtrans.dll Tue Oct 17 2006 12:57:50p A.... 214,528 209.50 K
extmgr.dll Fri Oct 27 2006 3:09:58p A.... 131,584 128.50 K
huffyuv.dll Sun Nov 19 2006 4:18:52p A.... 33,280 32.50 K
icardie.dll Tue Oct 17 2006 12:58:20p ..... 61,952 60.50 K
ieakeng.dll Fri Oct 27 2006 2:44:36a A.... 152,064 148.50 K
ieaksie.dll Fri Oct 27 2006 2:44:42a A.... 229,376 224.00 K
ieakui.dll Fri Oct 27 2006 2:42:54a A.... 161,792 158.00 K
ieapfltr.dll Tue Oct 17 2006 12:27:56p ..... 380,928 372.00 K
iedkcs32.dll Fri Oct 27 2006 2:44:46a A.... 382,976 374.00 K
ieencode.dll Tue Oct 17 2006 1:06:00p A.... 78,336 76.50 K
ieframe.dll Fri Oct 27 2006 3:09:58p ..... 6,049,280 5.77 M
iepeers.dll Fri Oct 27 2006 3:09:58p A.... 191,488 187.00 K
iernonce.dll Fri Oct 27 2006 2:44:08a A.... 43,008 42.00 K
iertutil.dll Tue Oct 17 2006 12:57:20p ..... 266,752 260.50 K
iesetup.dll Fri Oct 27 2006 2:44:26a A.... 55,296 54.00 K
ieui.dll Fri Oct 27 2006 3:09:58p ..... 180,736 176.50 K
imgutil.dll Tue Oct 17 2006 12:57:58p A.... 36,352 35.50 K
inseng.dll Fri Oct 27 2006 2:44:08a A.... 92,672 90.50 K
jscript.dll Tue Oct 17 2006 1:00:00p A.... 491,520 480.00 K
jsproxy.dll Fri Oct 27 2006 3:09:58p A.... 27,136 26.50 K
licmgr10.dll Tue Oct 17 2006 1:05:10p A.... 40,960 40.00 K
msfeeds.dll Fri Oct 27 2006 3:09:58p ..... 458,752 448.00 K
msfeed~1.dll Fri Oct 27 2006 3:09:58p ..... 50,688 49.50 K
mshtml.dll Fri Oct 27 2006 3:09:58p A.... 3,577,856 3.41 M
mshtmled.dll Fri Oct 27 2006 3:09:58p A.... 475,648 464.50 K
mshtmler.dll Tue Oct 17 2006 12:28:56p A.... 48,128 47.00 K
msls31.dll Fri Oct 27 2006 3:09:58p A.... 156,160 152.50 K
msrating.dll Tue Oct 17 2006 1:05:10p A.... 192,000 187.50 K
mstime.dll Fri Oct 27 2006 3:09:58p A.... 670,720 655.00 K
msxml3.dll Tue Sep 12 2006 9:01:56p A.... 1,084,416 1.03 M
nwprovau.dll Fri Oct 13 2006 4:35:12a A.... 142,336 139.00 K
occache.dll Tue Oct 17 2006 1:04:46p A.... 101,376 99.00 K
pngfilt.dll Tue Oct 17 2006 12:58:08p A.... 44,544 43.50 K
shdocvw.dll Sat Sep 23 2006 1:12:50p A.... 1,497,088 1.43 M
shlwapi.dll Sat Sep 23 2006 1:12:50p A.... 474,112 463.00 K
url.dll Tue Oct 17 2006 1:05:22p A.... 105,984 103.50 K
urlmon.dll Fri Oct 27 2006 3:09:58p A.... 1,162,240 1.11 M
vbscript.dll Fri Oct 27 2006 3:09:58p A.... 413,696 404.00 K
webcheck.dll Fri Oct 27 2006 3:09:58p A.... 231,424 226.00 K
wininet.dll Fri Oct 27 2006 3:09:58p A.... 818,688 799.50 K
xpsp3res.dll Mon Oct 16 2006 2:29:16a A.... 248,320 242.50 K

49 items found: 49 files, 0 directories.
Total of file sizes: 23,863,936 bytes 22.76 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
rena4.tmp Thu Aug 31 2006 10:27:48p A.... 0 0.00 K
rena5.tmp Thu Aug 31 2006 10:27:48p A.... 0 0.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 0 bytes 0.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is FCF6-17D7

Directory of C:\WINDOWS\System32

11/27/2006 05:19 PM <DIR> ..
11/27/2006 05:19 PM <DIR> .
12/08/2005 08:45 AM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 40,631,070,720 bytes free
__________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 5:28:13 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1145425248\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a65a46a89b04d8c8443c127c034196e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a65a46a89b04d8c8443c127c034196e
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

SpywareShooter

[STEP 1] Fix HijackThis Entries:

Fix the following entries with HijackThis by placing checkmarks in the boxes next to them and clicking "Fix Checked".

O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (file missing)

[STEP 2]Run Additional Tools:

Your HijackThis log shows no more signs of executable malware. However, this does not mean that your system is completely clean. In order to make sure that all remaining pieces of this malware have been removed, it is reccomended that you download and scan with Ewido Anti-Malware. Please do an Ewido scan and post the log here.:

Download Ewido

[STEP 3]Report Back to us:

Once you have followed all of the steps above please reboot your computer and post a new HijackThis log.

Muylobito

---

ewido anti-spyware - Scan Report

---

+ Created at: 8:41:14 PM 11/27/2006

+ Scan result:



C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.131:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-2.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.283:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.79:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-1.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.83:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-1.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.25:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.26:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.27:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.28:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.31:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.32:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.10:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.11:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.12:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.13:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.14:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.34:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.9:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.28:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.22:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.35:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.36:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.37:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.38:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.23:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.45:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.67:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.20:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.21:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.22:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.23:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.24:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.29:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.46:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.47:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.48:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.49:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.50:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.34:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3bhvmrta.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.646:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-1.txt -> TrackingCookie.Texttbnru : No action taken.
:mozilla.711:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-2.txt -> TrackingCookie.Texttbnru : No action taken.
:mozilla.811:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt -> TrackingCookie.Texttbnru : No action taken.
:mozilla.43:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.44:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.30:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\BRiaN aka lobito\Cookies\brian_aka_lobito@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end
_________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 8:47:47 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1145425248\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a65a46a89b04d8c8443c127c034196e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a65a46a89b04d8c8443c127c034196e
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

SpywareShooter

HijackThis is looking good. We're going to have to remove those items with Ewido, though. Scan with Ewido again and at the results page, Set All Elements to "delete". Once you've done that, post the log.

Muylobito

I forgot to save the first log but here's the second one and a hijackthis log

---

ewido anti-spyware - Scan Report

---

+ Created at: 5:12:31 PM 11/28/2006

+ Scan result:



:mozilla.130:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-2.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.282:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.77:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-1.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.81:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-1.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.643:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-1.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.709:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-2.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.809:C:\Documents and Settings\BRiaN aka lobito\Application Data\Mozilla\Firefox\Profiles\6tam4vz0.default\cookies-3.txt -> TrackingCookie.Texttbnru : Cleaned.


::Report end

__________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 4:49:50 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1145425248\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1a65a46a89b04d8c8443c127c034196e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1a65a46a89b04d8c8443c127c034196e
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

SpywareShooter

Your log is now clean!

As precaution measures for the future, please follow these steps to ensure that your computer stays clean and secure:

1. Always have AntiVirus software running - Having an AntiVirus is very important and can protect you in the future from all kinds of viruses, spyware and other malicious software.
   
   
2. Keep your AntiVirus program updated - Without having an updated AntiVirus program you will be susceptible to any form of new malware as it is released. If your AntiVirus software has the option of Automatic Updates you should enable it. If not, visit the producer's website at least once a week and download any updates for the product.
   
   
3. Use a Firewall - Using a firewall is essential in the Internet today. Having one at default settings will block intruders from accessing your computer and can block new programs from installing without your consent.
   
   
4. WindowsUpdate - Make sure that you keep your computer updated by visiting [link=http://www.windowsupdate.com]windowsupdate.com[/link] weekly, and downloading any critical updates. Many of these updates are against hackers and malware installations. Without all critical updates you will be susceptible to many of the spyware creator's tricks to get you to install their software. Download and install all critical updates and reboot your computer. Continue this until all critical updates have been installed.
   
   
5. Anti-Spyware Software - Spybot - Search & Destroy and Ad-Aware SE
   
   Both of these programs are free and reccomended by many anti-spyware professionals. You should download them from the links below, keep them updated, and scan weekly.
   
   Spybot - Search & Destroy
   Ad-Aware SE Personal Edition 1.06
   *Note: Please read my article here about false positives in Spybot - Search & Destroy.
   
   
6. Secure Internet Explorer - Spyware Shooter is a free program which I developed for the cause of blocking malicious websites from installing spyware onto your computer. Please check for updates weekly and download any new releases to make sure that you are safe against newly-disovered websites.
   
   Spyware Shooter home page

How to say "thanks":

1. Donations are not accepted - At Short-Media we do not accept donations. If you have found this website helpful, you can contribute in the following ways.
   
2. Stick Around - Without users like you, Short-Media would not be as successful as it is today. One way you can thank us is to stick around the forums. Even if you are not a computer professional you can learn by reading past topics in the forums, or if you do not feel comfortable helping, there are a few forums for non-computer-related topics.
   
3. Refer Friends - If you know anyone who is having problems with their computers, or just needs a place to chill online, they would make a great addition to the Short-Media community.
   
4. Fold! - Folding is a safe and easy way to help find a cure for fatal diseases such as Alzheimer's. You can learn more about folding at the topic "[link=http://www.short-media.com/forum/showthread.php?t=3"]Everything About Folding@Home[/link]"