plz help computer infected

Rzarekt

my computer is really badly infected i think,
when I log on my avast antivirus detects tonz of stuff i delete them but they keep on coming I've also scanned my computer with spyware and antivirus scanners(adaware se personal, spybot, avast antivirus), Also a false scanner has automatically been installed to my computer called "Neospace internet security" which closely resembles my Ad aware se personal, I cant log in normally to windows as the computer freezes so I'm on safe mode with networking
here is my HijackThis log, hope someone can help me soon

Logfile of HijackThis v1.99.1
Scan saved at 5:05:36 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ynottcoy.dll",realset
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\Run: [Neospace Internet Security] "C:\Program Files\Neospace Internet Security\isec30.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133520605218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe (file missing)

Baabiouz

Hi!

I'll check your log, please wait

Rzarekt

yes thnx so much...!!!

Baabiouz

Hi!
#1

Please rename HijackThis.exe to scanner.exe.

#2

Please visit Virustotal
* Click the Browse... button
* Navigate to the file C:\WINDOWS\explorer..exe
* Click the Open button
* Click the Send button
* Copy and paste the results back here

(huom. explorer..exe two dots)

#3

Please download VundoFix.exeto your desktop.

• Double-click *VundoFix.exe* to run it.
• Click the *Scan for Vundo* button.
• Once it's done scanning, click the *Remove Vundo* button.
• You will receive a prompt asking if you want to remove the files, click *YES*
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click *OK*.
• Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

#4

Please post the contents of C:\*vundofix.txt* and, a new HiJackThis log and virustotal's results.

Rzarekt

i couldnt find the file explorer..exe only explorer.exe, is that ok?

here is the virsus total scan for explorer.exe
omplete scanning result of "explorer.exe", received in VirusTotal at 05.18.2007, 14:38:24 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 no virus found
Authentium 4.93.8 05.16.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.17.2007 no virus found
BitDefender 7.2 05.18.2007 no virus found
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.17.2007 no virus found
DrWeb 4.33 05.18.2007 no virus found
eSafe 7.0.15.0 05.17.2007 no virus found
eTrust-Vet 30.7.3641 05.17.2007 no virus found
Ewido 4.0 05.18.2007 no virus found
FileAdvisor 1 05.18.2007 No threat detected
Fortinet 2.85.0.0 05.18.2007 no virus found
F-Prot 4.3.2.48 05.16.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.18.2007 no virus found
Kaspersky 4.0.2.24 05.18.2007 no virus found
McAfee 5033 05.17.2007 no virus found
Microsoft 1.2503 05.18.2007 no virus found
NOD32v2 2276 05.18.2007 no virus found
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.17.2007 no virus found
Prevx1 V2 05.18.2007 no virus found
Sophos 4.17.0 05.16.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.18.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.17.2007 no virus found
VirusBuster 4.3.7:9 05.17.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 no virus found

Aditional Information
File size: 1032192 bytes
MD5: a0732187050030ae399b241436565e64
SHA1: 69f33740413da112630be73ebb805a23b69f2f7f
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=a0732187050030ae399b241436565e64

And here is the VundoFix log

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 5:19:37 PM 5/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.tmp
C:\WINDOWS\system32\eespmphn.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\qomnnml.dll
C:\WINDOWS\system32\ynottcoy.dll
C:\WINDOWS\system32\yocttony.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\dfhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.tmp
C:\WINDOWS\system32\dfhkj.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\eespmphn.dll
C:\WINDOWS\system32\eespmphn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ynottcoy.dll
C:\WINDOWS\system32\ynottcoy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yocttony.ini
C:\WINDOWS\system32\yocttony.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:38:10 PM 5/18/2007

Listing files found while scanning....

No infected files were found.

and the latest HijackThis log which i renamed to scanner.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:51:22 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55CCDBD5-DE7C-4359-B880-1F748F41CC44} - C:\WINDOWS\system32\shvhgtoy.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\juqowjnl.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {AB9101C4-5DE8-4620-9D6B-A2D929AC8217} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C512E025-7126-4312-9098-416BA292C260} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ynottcoy.dll",realset
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133520605218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: qomnnml - qomnnml.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O20 - Winlogon Notify: winudh32 - C:\WINDOWS\SYSTEM32\winudh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe (file missing)

Baabiouz

Hi!

oh, my mistake, scan this file at virustotal:

C:\WINDOWS\system32\explorer..exe

not C:\WINDOWS\explorer..exe I'm sorry.

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Please post Smitfraudfix's log and virustotal results

Rzarekt

SmitFraudFix v2.183

Scan done at 23:15:57.43, Fri 05/18/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SNOWNOIT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\susp.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CHATFIEL-J0TAKF


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CHATFIEL-J0TAKF\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.CHA\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link DSL-302G Modem - Packet Scheduler Miniport
DNS Server Search Order: 198.142.0.51
DNS Server Search Order: 211.29.132.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AFE58FC5-6BF1-43BC-8BEF-E2640C8AEBCB}: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AFE58FC5-6BF1-43BC-8BEF-E2640C8AEBCB}: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AFE58FC5-6BF1-43BC-8BEF-E2640C8AEBCB}: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=198.142.0.51 211.29.132.12


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


here is the virus total results
complete scanning result of "explorer.exe", received in VirusTotal at 05.18.2007, 14:50:12 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.18.2007 no virus found
AntiVir 7.4.0.23 05.18.2007 no virus found
Authentium 4.93.8 05.16.2007 no virus found
Avast 4.7.997.0 05.18.2007 no virus found
AVG 7.5.0.467 05.17.2007 no virus found
BitDefender 7.2 05.18.2007 no virus found
CAT-QuickHeal 9.00 05.18.2007 no virus found
ClamAV devel-20070416 05.17.2007 no virus found
DrWeb 4.33 05.18.2007 no virus found
eSafe 7.0.15.0 05.17.2007 no virus found
eTrust-Vet 30.7.3641 05.17.2007 no virus found
Ewido 4.0 05.18.2007 no virus found
FileAdvisor 1 05.18.2007 No threat detected
Fortinet 2.85.0.0 05.18.2007 no virus found
F-Prot 4.3.2.48 05.16.2007 no virus found
F-Secure 6.70.13030.0 05.18.2007 no virus found
Ikarus T3.1.1.7 05.18.2007 no virus found
Kaspersky 4.0.2.24 05.18.2007 no virus found
McAfee 5033 05.17.2007 no virus found
Microsoft 1.2503 05.18.2007 no virus found
NOD32v2 2276 05.18.2007 no virus found
Norman 5.80.02 05.18.2007 no virus found
Panda 9.0.0.4 05.17.2007 no virus found
Prevx1 V2 05.18.2007 no virus found
Sophos 4.17.0 05.16.2007 no virus found
Sunbelt 2.2.907.0 05.17.2007 no virus found
Symantec 10 05.18.2007 no virus found
TheHacker 6.1.6.118 05.18.2007 no virus found
VBA32 3.12.0 05.17.2007 no virus found
VirusBuster 4.3.7:9 05.17.2007 no virus found
Webwasher-Gateway 6.0.1 05.18.2007 no virus found

Aditional Information
File size: 1032192 bytes
MD5: a0732187050030ae399b241436565e64
SHA1: 69f33740413da112630be73ebb805a23b69f2f7f
Bit9 info: http://fileadvisor.bit9.com/services...9b241436565e64

Baabiouz

Did you scanned explorer..exe?

complete scanning result of "explorer.exe", received in VirusTotal at 05.18.2007, 14:50:12 (CET).

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Please post C:\rapport.txt and a new HjT log

Rzarekt

I could not find explorer..exe there was only explorer.exe


SmitFraudFix v2.183

Scan done at 10:22:44.92, Sat 05/19/2007
Run from C:\Documents and Settings\Administrator.CHATFIEL-J0TAKF\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\susp.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link DSL-302G Modem - Packet Scheduler Miniport
DNS Server Search Order: 198.142.0.51
DNS Server Search Order: 211.29.132.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AFE58FC5-6BF1-43BC-8BEF-E2640C8AEBCB}: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AFE58FC5-6BF1-43BC-8BEF-E2640C8AEBCB}: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AFE58FC5-6BF1-43BC-8BEF-E2640C8AEBCB}: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=198.142.0.51 211.29.132.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=198.142.0.51 211.29.132.12


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




HIJACK THIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 10:24:25 AM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55CCDBD5-DE7C-4359-B880-1F748F41CC44} - C:\WINDOWS\system32\shvhgtoy.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\juqowjnl.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {AB9101C4-5DE8-4620-9D6B-A2D929AC8217} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C512E025-7126-4312-9098-416BA292C260} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133520605218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: qomnnml - qomnnml.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O20 - Winlogon Notify: winudh32 - C:\WINDOWS\SYSTEM32\winudh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe (file missing)

Baabiouz

Hi!

#1
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {55CCDBD5-DE7C-4359-B880-1F748F41CC44} - C:\WINDOWS\system32\shvhgtoy.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\juqowjnl.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {AB9101C4-5DE8-4620-9D6B-A2D929AC8217} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C512E025-7126-4312-9098-416BA292C260} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O20 - Winlogon Notify: qomnnml - qomnnml.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O20 - Winlogon Notify: winudh32 - C:\WINDOWS\SYSTEM32\winudh32.dll

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

#2

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

HOTBAR

Please note any other programs that you dont recognize in that list in your next response

#3

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\SpamBlockerUtility


#4
Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\shvhgtoy.dll
C:\WINDOWS\system32\yotghvhs.*
C:\WINDOWS\system32\juqowjnl.dll
C:\WINDOWS\system32\lnjwoquj.*
C:\WINDOWS\system32\msdn_lib.dll
C:\WINDOWS\msnlogm.exe
C:\WINDOWS\SYSTEM32\winudh32.dll


Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

#5

Please, send a fresh HjT log.

Rzarekt

when i was deleting the things from HijackThis many of the things wern't there
here is my HijackThis log BEFORE deleting the stuff
Logfile of HijackThis v1.99.1
Scan saved at 7:11:15 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SNOWNOIT.EXE
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmim.dll,startup
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\hdswluqf.dll",realset
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [0c3c4ac4.exe] C:\Documents and Settings\Shayne\Local Settings\Application Data\0c3c4ac4.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133520605218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe (file missing)

here is my hijackthis log AFTER deleting stuff

Logfile of HijackThis v1.99.1
Scan saved at 7:28:06 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SNOWNOIT.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmim.dll,startup
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\hdswluqf.dll",realset
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [0c3c4ac4.exe] C:\Documents and Settings\Shayne\Local Settings\Application Data\0c3c4ac4.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133520605218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe (file missing)

I also noticed that when my avast antivirus is flooding me with virus messages all the malware names are Win32:Alphabet[Trj]

Baabiouz

Hi!

Please visit Virustotal
* Click the Browse... button
* Navigate to the file C:\WINDOWS\SNOWNOIT.EXE
* Click the Open button
* Click the Send button
* Copy and paste the results back here

Please send this file too: C:\Documents and Settings\Shayne\Local Settings\Application Data\0c3c4ac4.exe

Please, send virustotal's results of those two files.

Rzarekt

both of the files are not there.

Baabiouz

Try to find again.. i think they must be there..

Rzarekt

they're still not there
there is an alerter_snow.exe and another alerter_snow with a caution sign for its icon

Baabiouz

Ok.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.


1. Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SNOWNOIT.EXE
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmim.dll,startup
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\hdswluqf.dll",realset
O4 - HKCU\..\Run: [0c3c4ac4.exe] C:\Documents and Settings\Shayne\Local Settings\Application Data\0c3c4ac4.exe


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

3. Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

4.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.


5. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\SpamBlockerUtility

6. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):


C:\Windows\msnlogm.exe
C:\Windows\System32\smanager.7.exe
(can be C:\Windows\ too, so try to find there.)
C:\WINDOWS\system32\drvmim.dll
C:\WINDOWS\system32\hdswluqf.dll


7.

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.


8.

When you are finished, please reboot the computer normally, and post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.

Rzarekt

Logfile of HijackThis v1.99.1
Scan saved at 18:45, on 2007-05-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55CCDBD5-DE7C-4359-B880-1F748F41CC44} - C:\WINDOWS\system32\shvhgtoy.dll (file missing)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {A6C16391-B966-4676-B898-6F55E586BF56} - C:\WINDOWS\system32\wvuturp.dll
O2 - BHO: (no name) - {A72E14AD-0E80-4F8C-B01D-7728163FA47E} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {AB9101C4-5DE8-4620-9D6B-A2D929AC8217} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C512E025-7126-4312-9098-416BA292C260} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133520605218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: qomnnml - qomnnml.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O20 - Winlogon Notify: winudh32 - winudh32.dll (file missing)
O20 - Winlogon Notify: wvuturp - C:\WINDOWS\SYSTEM32\wvuturp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe (file missing)

Baabiouz

Hi!
#1
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {55CCDBD5-DE7C-4359-B880-1F748F41CC44} - C:\WINDOWS\system32\shvhgtoy.dll (file missing)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {A6C16391-B966-4676-B898-6F55E586BF56} - C:\WINDOWS\system32\wvuturp.dll
O2 - BHO: (no name) - {A72E14AD-0E80-4F8C-B01D-7728163FA47E} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {AB9101C4-5DE8-4620-9D6B-A2D929AC8217} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C512E025-7126-4312-9098-416BA292C260} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O20 - Winlogon Notify: qomnnml - qomnnml.dll (file missing)
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O20 - Winlogon Notify: winudh32 - winudh32.dll (file missing)
O20 - Winlogon Notify: wvuturp - C:\WINDOWS\SYSTEM32\wvuturp.dll


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

#2
Open Vundofix

• Right click the list box (white box) in the main VundoFix window.
• Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
• In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\wvuturp.dll
• Copy and paste next in the second field: C:\WINDOWS\SYSTEM32\prutuvw.*
• Click the “Add Files” button.
• Click the "Close Window" button.
• Click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

#3

Please do the following...

1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:

• Windows Temp
• Current User Temp
• All Users Temp
• Temporary Internet Files
• Prefetch
• Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Once in Safe Mode:

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\msdn_lib.dll


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.


Please, send AVG Anti-Spyware log, a new HJT log and vundofix log.

Rzarekt

AVG SCAN LOG

---

ewido anti-malware - Scan report

---

+ Created on: 5:32:00 PM, 3/25/2006
+ Report-Checksum: 9519D723

+ Scan result:

HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\IExplorr24.clsDW -> Adware.InetSpeak : Cleaned with backup
HKLM\SOFTWARE\Classes\IExplorr24.clsDW\Clsid -> Adware.InetSpeak : Cleaned with backup
C:\WINDOWS\system32\cptpqeep.exe -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Robert\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\Robert\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\YXC7Q5Q5\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Robert\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Robert\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Robert\Start Menu\Programs\WhenU\Learn More About Save!.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Robert\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Robert\My Documents\Downloads\Programs\WinAntiVirusPro2006Installer.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
C:\Documents and Settings\Robert\My Documents\Downloads\new_uninstall.exe -> Adware.Lop : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjlyeocjmco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnycgc5wdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfliajc5oeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfkicpazkeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfliukcpsaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfmikgdpmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfl4apdpmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnyemcpmbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjlogkc5ifo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfmykmc5cho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjkyuodjggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnyokazsko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnyggd5skp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wgkieicpocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@www.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnycpc5edo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@adbrite.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjlyqndjwlp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfloond5gbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjlyqhc5alo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfmiahd5sgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjny-1nczsf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjk4ogazigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnycgdpeho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfligkc5eeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjkokhajskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfkoencpceq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjkyuodjggq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wflyuncpeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnywhd5khp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wfkiemcjaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjmyehdzcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjl4gkcpebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjkyejcpsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wgkielcpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjnysmczcaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@e-2dj6wjlycgdpeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert\Cookies\robert@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Block Checker.lnk -> Adware.BlockChecker : Cleaned with backup
C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3ee65730-58f0373f.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3734b1d1-180a8bb5.class -> Downloader.OpenStream.y : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Lop : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

Rzarekt

:mozilla.287:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.712:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.785:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.788:C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\vplk3y0b.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Chubby\Desktop\Stik Stuff\stuff\psemul\enum.exe -> Not-A-Virus.HackTool.Win32.EnumPlus.a : Cleaned with backup
C:\Documents and Settings\Chubby\Cookies\chubby@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqgczkcoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chubby\Cookies\chubby@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Chubby\Cookies\chubby@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chubby\Cookies\chubby@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjlocmdzsfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjmiohd5aeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjnyekdzwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfligkdzelp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@ppms.popularix[2].txt -> TrackingCookie.Popularix : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjliglcpofo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfkiqhcziap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjkysmd5klp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjnyemcpmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfmyqlazmlp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjk4aodpoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjkyuodjggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfkyolazmlo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjk4eocpsfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfloond5gbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjkygpdpchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjlygicpogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjkokgdpeeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjlygjc5elq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjny-1jdzsd.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfl4amd5olq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wflookcpigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wgkiwhcpggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjmiqld5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfkisjajmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjmyomazslp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfk4opd5olq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfkiwkdjggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjnyqjdpglo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjlosnajobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjnysnc5glp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wflikmc5wgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjlocpczalp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfk4whdpacq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjkykldzwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfmyuoazcco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfliakcjakq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjkyqjd5cgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wflyamazchq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjmigjczahq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfk4ahczmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfkyaidjolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjmyuicjsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wgkisnczgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wjligmazgfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@e-2dj6wfkigncjcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@paypopup[3].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mag\Cookies\mag@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Shayne\Cookies\shayne@e-2dj6wfmikgdpmdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shayne\Cookies\shayne@e-2dj6wfloekdjsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Shayne\Cookies\shayne@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup
C:\Documents and Settings\Shayne\Cookies\shayne@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Shayne\Cookies\shayne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Shayne\Cookies\shayne@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\80D15572-436E-4A1D-9DB0-D3823A\ECB6D97B-A0F3-4464-9C71-165D57 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3FF62A55-BC8A-40D0-8B45-138327\9D51AE93-0E18-470F-933B-632448 -> Adware.Chiem : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3CEEE4C6-665E-42CE-BD4B-7D1BAB\E5EC98C4-B46B-4F1C-BB76-AA2A56 -> Adware.HotBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3CEEE4C6-665E-42CE-BD4B-7D1BAB\7306081A-853E-40F6-896C-82130B -> Adware.HotBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3CEEE4C6-665E-42CE-BD4B-7D1BAB\E3979855-8E9E-445F-8060-65B689 -> Adware.HotBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\594E0C9C-02E1-4B73-8300-186241\19EC77E7-73C4-4420-A50C-A3CC22 -> Adware.2Search : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\594E0C9C-02E1-4B73-8300-186241\065D7DF8-BB00-491A-A326-3ED93E -> Adware.2Search : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040603180528187.zip/Program Files/common files/cmeii/CMEIIAPI.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040603180528187.zip/Program Files/common files/cmeii/GController.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040603180528187.zip/Program Files/common files/cmeii/GDwldEng.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040603180528187.zip/Program Files/common files/gmt/GUninstaller.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040603180528187.zip/Program Files/kazaa/PerfectNavUninstall.exe -> Downloader.Keenval.e : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040603180528187.zip/Program Files/common files/cmeii/GController.to_be_deleted -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040603180528187.zip/Program Files/common files/cmeii/GController.to_be_deleted_x -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040718122230765.zip/Program Files/common files/cmeii/CMEIIAPI.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040718122230765.zip/Program Files/common files/cmeii/GController.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbGuard.exe -> Adware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbHostOE.dll -> Adware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe -> Adware.Hotbar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe -> Adware.HotBar : Cleaned with backup
C:\Program Files\IM Names\main.exe -> Adware.2Search : Cleaned with backup
C:\System Volume Information\_restore{0D9FDDCA-3413-480B-B6C6-A9653F261769}\RP644\A0618350.DLL -> Adware.Virtumonde : Cleaned with backup
C:\Downloads\ZangoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup
C:\Downloads\ZangoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup


::Report End

Rzarekt

HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 17:52, on 2007-05-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\avp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\lstryrrr.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [0c3c4ac4.exe] C:\Documents and Settings\Shayne\Local Settings\Application Data\0c3c4ac4.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133520605218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe (file missing)

No log appeared in c:/vundofix.txt only the old ones are there

Rzarekt

sorry.. i had to split up the posts it was over the size limit.

Baabiouz

Hi!

Please rename Hijackthis.exe to Scanner.exe and send a fresh HjT log
So i can see, is that vundo still there.

Rzarekt

hi Baabiouz im gettin help from sum1 else now tho so you need'nt worry anymore,
thanks for the help!!!
thanks heapz, u've solved alot!!

Baabiouz

Ok.