sysprotect & all his horrible friends

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Friday 29.11.2024 / 01:54

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > sysprotect & all his horrible friends - hjt log inside

Browse by topic

Forums

Start a new thread

sysprotect & all his horrible friends - hjt log inside

Jump to:

Posted

Message

indextwo

Newbie

12. August 2006 @ 04:42

Link to this message

hi there

i've always been quite proud of the fact that, for the past four years i've had my pc, i've almost never had any kind of spyware, and *never* had a virus. until now.

i was making a cup of tea yesterday and when i came back to my pc about 15 minutes later, i noticed that ZoneAlarm had crashed, and i was getting random popups from bestsearchnet, winantivirus pro and sysprotect (and expedia!). i immediately ran an update and a scan with Spybot s&d which found smitfraud.c (which i have had recently, but thought i'd killed it) and some others. it killed what it could, then ran another check and killed the rest when i rebooted.

however, the problem didn't go away; toolbar888 spontaneously appeared on my browser, and the popups persisted. i hunted down some specialised information on killing smitfraud.c and anything that might cause the problems i've been having. i downloaded and used smitrem and vundofix, but neither appeared to find any problems on my system. i found *something* by OIN and uninstalled it in safe mode.

anyway, my point is that i've tried everything i can think of and i've found online, but still can't get rid of these problems. i've included my HijackThis log; hopefully someone can help!

Logfile of HijackThis v1.99.1
Scan saved at 14:36:11, on 12/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\installs\findit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2006 Platinum\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8C8F931D-7D59-46C1-B2C6-32EB3B3B765F} - C:\WINDOWS\System32\pmnlm.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {63D8719D-B786-36A5-50B4-7E9D706E4EA3} - http://85.255.113.214/1/gdnAT2339.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

a couple of processes i noticed running earlier don't appear in the log; a second wuauclt.exe process and something like winvpro.exe [sp]. also, 'findit.exe' is HijackThis - i just renamed it.

please help!

[ + quote]

a day in the radio » http://www.indextwo.net

This message has been edited since posting. Last time this message was edited on 12. August 2006 @ 05:38

maca1

Senior Member

12. August 2006 @ 05:53

Link to this message

Please download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

[ + quote]

indextwo

Newbie

12. August 2006 @ 06:25

Link to this message

here's my new logs; i still don't know if anything is definitely fixed - the popups are completely random, so i guess i'll have to wait and see. should i kill those prosearching.com entries?

Logfile of HijackThis v1.99.1
Scan saved at 15:19:40, on 12/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\installs\findit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2006 Platinum\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B0E515C-DE07-4961-AC79-37B7959677AA} - C:\WINDOWS\System32\pmnlm.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {63D8719D-B786-36A5-50B4-7E9D706E4EA3} - http://85.255.113.214/1/gdnAT2339.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_...
O17 - HKLM\System\CCS\Services\Tcpip\..\{220B9C41-2707-46B4-875A-DA0C429EC9BB}: NameServer = 194.106.56.6 194.106.33.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\System32\pmnlm.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**** SIMTFRAUDFIX LOG ****

SmitFraudFix v2.81

Scan done at 15:09:31.96, 12/08/2006
Run from C:\Documents and Settings\Lawrie\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\components\flx??.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

[ + quote]

a day in the radio » http://www.indextwo.net

maca1

Senior Member

12. August 2006 @ 06:31

Link to this message

No don't check those yet

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?ac...

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.

[ + quote]

This message has been edited since posting. Last time this message was edited on 12. August 2006 @ 06:34

indextwo

Newbie

12. August 2006 @ 07:17

Link to this message

thanks for your help so far. here's my spysweeper log, and my new HijackThis log:

** SPYSWEEPER **

16:10: Removal process completed. Elapsed time 00:00:50
16:10: A reboot was required but declined.
16:09: Warning: Quarantine process could not restart Explorer.
16:09: Warning: Launched explorer.exe
16:09: Quarantining All Traces: yadro cookie
16:09: Quarantining All Traces: winantiviruspro cookie
16:09: Quarantining All Traces: try games cookie
16:09: Quarantining All Traces: starware.com cookie
16:09: Quarantining All Traces: burstbeacon cookie
16:09: Quarantining All Traces: webpower cookie
16:09: Quarantining All Traces: weborama cookie
16:09: Quarantining All Traces: tripod cookie
16:09: Quarantining All Traces: trb.com cookie
16:09: Quarantining All Traces: tickle cookie
16:09: Quarantining All Traces: reliablestats cookie
16:09: Quarantining All Traces: seeq cookie
16:09: Quarantining All Traces: adjuggler cookie
16:09: Quarantining All Traces: rn11 cookie
16:09: Quarantining All Traces: rambler cookie
16:09: Quarantining All Traces: offeroptimizer cookie
16:09: Quarantining All Traces: nextag cookie
16:09: Quarantining All Traces: mywebsearch cookie
16:09: Quarantining All Traces: monstermarketplace cookie
16:09: Quarantining All Traces: webtrends cookie
16:09: Quarantining All Traces: linkexchange cookie
16:09: Quarantining All Traces: kinghost cookie
16:09: Quarantining All Traces: informit cookie
16:09: Quarantining All Traces: imlive.com cookie
16:09: Quarantining All Traces: ic-live cookie
16:09: Quarantining All Traces: screensavers.com cookie
16:09: Quarantining All Traces: clickandtrack cookie
16:09: Quarantining All Traces: humanclick cookie
16:09: Quarantining All Traces: gamespy cookie
16:09: Quarantining All Traces: fe.lea.lycos.com cookie
16:09: Quarantining All Traces: clickzs cookie
16:09: Quarantining All Traces: customer cookie
16:09: Quarantining All Traces: ccbill cookie
16:09: Quarantining All Traces: cassava cookie
16:09: Quarantining All Traces: goclick cookie
16:09: Quarantining All Traces: bravenet cookie
16:09: Quarantining All Traces: aptimus cookie
16:09: Quarantining All Traces: cc214142 cookie
16:09: Quarantining All Traces: adlegend cookie
16:09: Quarantining All Traces: adknowledge cookie
16:09: Quarantining All Traces: bannerbank cookie
16:09: Quarantining All Traces: websponsors cookie
16:09: Quarantining All Traces: 888 cookie
16:09: Quarantining All Traces: 190dotcom cookie
16:09: Quarantining All Traces: adserver cookie
16:09: Quarantining All Traces: co cookie
16:09: Quarantining All Traces: tribalfusion cookie
16:09: Quarantining All Traces: trafficmp cookie
16:09: Quarantining All Traces: tradedoubler cookie
16:09: Quarantining All Traces: tracking cookie
16:09: Quarantining All Traces: toplist cookie
16:09: Quarantining All Traces: targetnet cookie
16:09: Quarantining All Traces: webtrendslive cookie
16:09: Quarantining All Traces: clicktracks cookie
16:09: Quarantining All Traces: statcounter cookie
16:09: Quarantining All Traces: onestat.com cookie
16:09: Quarantining All Traces: serving-sys cookie
16:09: Quarantining All Traces: web-stat cookie
16:09: Quarantining All Traces: server.iad.liveperson cookie
16:09: Quarantining All Traces: revenue.net cookie
16:09: Quarantining All Traces: realmedia cookie
16:09: Quarantining All Traces: questionmarket cookie
16:09: Quarantining All Traces: qksrv cookie
16:09: Quarantining All Traces: pro-market cookie
16:09: Quarantining All Traces: paypopup cookie
16:09: Quarantining All Traces: directtrack cookie
16:09: Quarantining All Traces: mediaplex cookie
16:09: Quarantining All Traces: maxserving cookie
16:09: Quarantining All Traces: netster cookie
16:09: Quarantining All Traces: domainsponsor cookie
16:09: Quarantining All Traces: hypertracker.com cookie
16:09: Quarantining All Traces: fortunecity cookie
16:09: Quarantining All Traces: firstchoice cookie
16:09: Quarantining All Traces: fastclick cookie
16:09: Quarantining All Traces: adbureau cookie
16:09: Quarantining All Traces: ru4 cookie
16:09: Quarantining All Traces: go.com cookie
16:09: Quarantining All Traces: dealtime cookie
16:09: Quarantining All Traces: overture cookie
16:09: Quarantining All Traces: coremetrics cookie
16:09: Quarantining All Traces: hitslink cookie
16:09: Quarantining All Traces: casalemedia cookie
16:09: Quarantining All Traces: zedo cookie
16:09: Quarantining All Traces: burstnet cookie
16:09: Quarantining All Traces: bs.serving-sys cookie
16:09: Quarantining All Traces: bizrate cookie
16:09: Quarantining All Traces: banner cookie
16:09: Quarantining All Traces: a cookie
16:09: Quarantining All Traces: atwola cookie
16:09: Quarantining All Traces: belnk cookie
16:09: Quarantining All Traces: atlas dmt cookie
16:09: Quarantining All Traces: ask cookie
16:09: Quarantining All Traces: falkag cookie
16:09: Quarantining All Traces: apmebf cookie
16:09: Quarantining All Traces: tacoda cookie
16:09: Quarantining All Traces: adviva cookie
16:09: Quarantining All Traces: advertising cookie
16:09: Quarantining All Traces: adtech cookie
16:09: Quarantining All Traces: pointroll cookie
16:09: Quarantining All Traces: addynamix cookie
16:09: Quarantining All Traces: adrevolver cookie
16:09: Quarantining All Traces: specificclick.com cookie
16:09: Quarantining All Traces: hbmediapro cookie
16:09: Quarantining All Traces: yieldmanager cookie
16:09: Quarantining All Traces: about cookie
16:09: Quarantining All Traces: 247realmedia cookie
16:09: Quarantining All Traces: 2o7.net cookie
16:09: Quarantining All Traces: sandboxer cookie
16:09: Quarantining All Traces: prosearching hijack
16:09: Quarantining All Traces: prosearch.com hijack
16:09: Quarantining All Traces: coolwebsearch (cws)
16:09: Quarantining All Traces: maxifiles
16:09: Quarantining All Traces: cws-aboutblank
16:09: Quarantining All Traces: trojan agent winlogonhook
16:09: C:\WINDOWS\system32\pmnlm.dll is in use. It will be removed on reboot.
16:09: virtumonde is in use. It will be removed on reboot.
16:09: Quarantining All Traces: virtumonde
16:09: Removal process initiated
16:07: Traces Found: 241
16:07: Full Sweep has completed. Elapsed time 00:14:19
16:07: File Sweep Complete, Elapsed Time: 00:12:15
16:06: Warning: Failed to access drive D:
16:05: C:\Program Files\Common Files\{440C7EA9-05F8-1033-1101-03090803002c}\fuck.off (ID = 320789)
15:59: C:\WINDOWS\winres.dll (ID = 282896)
15:59: Found Adware: coolwebsearch (cws)
15:58: C:\Program Files\ToolBar888\MyToolBar.dll (ID = 322323)
15:55: C:\Program Files\ToolBar888 (1 subtraces) (ID = 2147510985)
15:55: Starting File Sweep
15:55: Cookie Sweep Complete, Elapsed Time: 00:00:22
15:55: c:\documents and settings\lawrie\cookies\lawrie@yadro[1].txt (ID = 3743)
15:55: Found Spy Cookie: yadro cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@xiti[1].txt (ID = 3717)
15:55: c:\documents and settings\lawrie\cookies\lawrie@www48.seeq[1].txt (ID = 3332)
15:55: c:\documents and settings\lawrie\cookies\lawrie@www2.burstnet[1].txt (ID = 2337)
15:55: c:\documents and settings\lawrie\cookies\lawrie@www.winantiviruspro[2].txt (ID = 3690)
15:55: Found Spy Cookie: winantiviruspro cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@www.trygames[1].txt (ID = 3594)
15:55: Found Spy Cookie: try games cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@www.starware[1].txt (ID = 3442)
15:55: Found Spy Cookie: starware.com cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@www.screensavers[1].txt (ID = 3298)
15:55: c:\documents and settings\lawrie\cookies\lawrie@www.burstnet[2].txt (ID = 2337)
15:55: c:\documents and settings\lawrie\cookies\lawrie@www.burstbeacon[1].txt (ID = 2335)
15:55: Found Spy Cookie: burstbeacon cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@webpower[2].txt (ID = 3660)
15:55: Found Spy Cookie: webpower cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@weborama[1].txt (ID = 3658)
15:55: Found Spy Cookie: weborama cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@webdesign.about[2].txt (ID = 2038)
15:55: c:\documents and settings\lawrie\cookies\lawrie@web-stat[1].txt (ID = 3648)
15:55: c:\documents and settings\lawrie\cookies\lawrie@vip.clickzs[2].txt (ID = 2413)
15:55: c:\documents and settings\lawrie\cookies\lawrie@videoegg.adbureau[1].txt (ID = 2060)
15:55: c:\documents and settings\lawrie\cookies\lawrie@umstreet.adbureau[1].txt (ID = 2060)
15:55: c:\documents and settings\lawrie\cookies\lawrie@tripod[1].txt (ID = 3591)
15:55: Found Spy Cookie: tripod cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@trb[1].txt (ID = 3587)
15:55: Found Spy Cookie: trb.com cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@toplist[2].txt (ID = 3557)
15:55: c:\documents and settings\lawrie\cookies\lawrie@tickle[1].txt (ID = 3529)
15:55: Found Spy Cookie: tickle cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@theaa.touchclarity[1].txt (ID = 3566)
15:55: c:\documents and settings\lawrie\cookies\lawrie@tacoda[1].txt (ID = 6444)
15:55: c:\documents and settings\lawrie\cookies\lawrie@stats1.reliablestats[2].txt (ID = 3254)
15:55: Found Spy Cookie: reliablestats cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@statcounter[2].txt (ID = 3447)
15:55: c:\documents and settings\lawrie\cookies\lawrie@stat.onestat[1].txt (ID = 3098)
15:55: c:\documents and settings\lawrie\cookies\lawrie@stat.dealtime[2].txt (ID = 2506)
15:55: c:\documents and settings\lawrie\cookies\lawrie@serving-sys[3].txt (ID = 3343)
15:55: c:\documents and settings\lawrie\cookies\lawrie@serving-sys[1].txt (ID = 3343)
15:55: c:\documents and settings\lawrie\cookies\lawrie@server.iad.liveperson[2].txt (ID = 3341)
15:55: c:\documents and settings\lawrie\cookies\lawrie@seeq[1].txt (ID = 3331)
15:55: Found Spy Cookie: seeq cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@rsi.espn.go[1].txt (ID = 2729)
15:55: c:\documents and settings\lawrie\cookies\lawrie@rsi.abcnews.go[1].txt (ID = 2729)
15:55: c:\documents and settings\lawrie\cookies\lawrie@rotator.adjuggler[1].txt (ID = 2071)
15:55: Found Spy Cookie: adjuggler cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@rn11[1].txt (ID = 3261)
15:55: Found Spy Cookie: rn11 cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@revenue[2].txt (ID = 3257)
15:55: c:\documents and settings\lawrie\cookies\lawrie@realmedia[1].txt (ID = 3235)
15:55: c:\documents and settings\lawrie\cookies\lawrie@rambler[1].txt (ID = 3225)
15:55: Found Spy Cookie: rambler cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@questionmarket[2].txt (ID = 3217)
15:55: c:\documents and settings\lawrie\cookies\lawrie@pbh.adbureau[2].txt (ID = 2060)
15:55: c:\documents and settings\lawrie\cookies\lawrie@offeroptimizer[1].txt (ID = 3087)
15:55: Found Spy Cookie: offeroptimizer cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@nextag[2].txt (ID = 5014)
15:55: Found Spy Cookie: nextag cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@network.realmedia[1].txt (ID = 3236)
15:55: c:\documents and settings\lawrie\cookies\lawrie@network.aptimus[1].txt (ID = 2235)
15:55: c:\documents and settings\lawrie\cookies\lawrie@netli.media.adrevolver[2].txt (ID = 2089)
15:55: c:\documents and settings\lawrie\cookies\lawrie@mywebsearch[1].txt (ID = 3051)
15:55: Found Spy Cookie: mywebsearch cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@monstermarketplace[1].txt (ID = 3006)
15:55: Found Spy Cookie: monstermarketplace cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@mediaplex[1].txt (ID = 6442)
15:55: c:\documents and settings\lawrie\cookies\lawrie@media.adrevolver[1].txt (ID = 2089)
15:55: c:\documents and settings\lawrie\cookies\lawrie@maxserving[1].txt (ID = 2966)
15:55: c:\documents and settings\lawrie\cookies\lawrie@m.webtrends[1].txt (ID = 3669)
15:55: Found Spy Cookie: webtrends cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@linkexchange[1].txt (ID = 2920)
15:55: Found Spy Cookie: linkexchange cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@lb1.netster[1].txt (ID = 3072)
15:55: c:\documents and settings\lawrie\cookies\lawrie@lastminute.touchclarity[1].txt (ID = 3566)
15:55: c:\documents and settings\lawrie\cookies\lawrie@landing.domainsponsor[2].txt (ID = 2535)
15:55: c:\documents and settings\lawrie\cookies\lawrie@kinghost[2].txt (ID = 2903)
15:55: Found Spy Cookie: kinghost cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@informit[2].txt (ID = 2863)
15:55: Found Spy Cookie: informit cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@imlive[2].txt (ID = 2843)
15:55: Found Spy Cookie: imlive.com cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@ic-live[1].txt (ID = 2821)
15:55: Found Spy Cookie: ic-live cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@i.screensavers[1].txt (ID = 3298)
15:55: Found Spy Cookie: screensavers.com cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@hypertracker[1].txt (ID = 2817)
15:55: c:\documents and settings\lawrie\cookies\lawrie@humanresources.about[2].txt (ID = 2038)
15:55: c:\documents and settings\lawrie\cookies\lawrie@hits.clickandtrack[2].txt (ID = 2397)
15:55: Found Spy Cookie: clickandtrack cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@hc2.humanclick[2].txt (ID = 2810)
15:55: Found Spy Cookie: humanclick cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@guitar.about[2].txt (ID = 2038)
15:55: c:\documents and settings\lawrie\cookies\lawrie@go[1].txt (ID = 2728)
15:55: c:\documents and settings\lawrie\cookies\lawrie@gm.touchclarity[1].txt (ID = 3566)
15:55: c:\documents and settings\lawrie\cookies\lawrie@gamespy[2].txt (ID = 2719)
15:55: Found Spy Cookie: gamespy cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@freelancewrite.about[1].txt (ID = 2038)
15:55: c:\documents and settings\lawrie\cookies\lawrie@fortunecity[1].txt (ID = 2686)
15:55: c:\documents and settings\lawrie\cookies\lawrie@fe.lea.lycos[1].txt (ID = 2660)
15:55: Found Spy Cookie: fe.lea.lycos.com cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@etype.adbureau[1].txt (ID = 2060)
15:55: c:\documents and settings\lawrie\cookies\lawrie@espn.go[1].txt (ID = 2729)
15:55: c:\documents and settings\lawrie\cookies\lawrie@dist.belnk[1].txt (ID = 2293)
15:55: c:\documents and settings\lawrie\cookies\lawrie@disney.go[1].txt (ID = 2729)
15:55: c:\documents and settings\lawrie\cookies\lawrie@cz9.clickzs[2].txt (ID = 2413)
15:55: c:\documents and settings\lawrie\cookies\lawrie@cz8.clickzs[2].txt (ID = 2413)
15:55: c:\documents and settings\lawrie\cookies\lawrie@cz7.clickzs[2].txt (ID = 2413)
15:55: c:\documents and settings\lawrie\cookies\lawrie@cz6.clickzs[1].txt (ID = 2413)
15:55: c:\documents and settings\lawrie\cookies\lawrie@cz5.clickzs[1].txt (ID = 2413)
15:55: c:\documents and settings\lawrie\cookies\lawrie@cz4.clickzs[2].txt (ID = 2413)
15:55: Found Spy Cookie: clickzs cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@customer[1].txt (ID = 2481)
15:55: Found Spy Cookie: customer cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@ccbill[1].txt (ID = 2369)
15:55: Found Spy Cookie: ccbill cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@cassava[1].txt (ID = 2362)
15:55: Found Spy Cookie: cassava cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@c.goclick[2].txt (ID = 2733)
15:55: Found Spy Cookie: goclick cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@c.fsx[1].txt (ID = 2286)
15:55: Found Spy Cookie: barelylegal cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@burstnet[2].txt (ID = 2336)
15:55: c:\documents and settings\lawrie\cookies\lawrie@btow.touchclarity[1].txt (ID = 3566)
15:55: c:\documents and settings\lawrie\cookies\lawrie@bs.serving-sys[1].txt (ID = 2330)
15:55: c:\documents and settings\lawrie\cookies\lawrie@bravenet[2].txt (ID = 2322)
15:55: Found Spy Cookie: bravenet cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@belnk[2].txt (ID = 2292)
15:55: c:\documents and settings\lawrie\cookies\lawrie@barclays.touchclarity[1].txt (ID = 3566)
15:55: c:\documents and settings\lawrie\cookies\lawrie@banner[1].txt (ID = 2276)
15:55: c:\documents and settings\lawrie\cookies\lawrie@a[1].txt (ID = 2027)
15:55: c:\documents and settings\lawrie\cookies\lawrie@atwola[2].txt (ID = 2255)
15:55: c:\documents and settings\lawrie\cookies\lawrie@ath.belnk[2].txt (ID = 2293)
15:55: c:\documents and settings\lawrie\cookies\lawrie@atdmt[2].txt (ID = 2253)
15:55: c:\documents and settings\lawrie\cookies\lawrie@ask[1].txt (ID = 2245)
15:55: c:\documents and settings\lawrie\cookies\lawrie@aptimus[2].txt (ID = 2233)
15:55: Found Spy Cookie: aptimus cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@apmebf[1].txt (ID = 2229)
15:55: c:\documents and settings\lawrie\cookies\lawrie@anat.tacoda[2].txt (ID = 6445)
15:55: c:\documents and settings\lawrie\cookies\lawrie@anad.tacoda[1].txt (ID = 6445)
15:55: c:\documents and settings\lawrie\cookies\lawrie@adserver[1].txt (ID = 2141)
15:55: c:\documents and settings\lawrie\cookies\lawrie@ads.cc214142[2].txt (ID = 2367)
15:55: Found Spy Cookie: cc214142 cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@adrevolver[3].txt (ID = 2088)
15:55: c:\documents and settings\lawrie\cookies\lawrie@adrevolver[2].txt (ID = 2088)
15:55: c:\documents and settings\lawrie\cookies\lawrie@adrevolver[1].txt (ID = 2088)
15:55: c:\documents and settings\lawrie\cookies\lawrie@adopt.specificclick[2].txt (ID = 3400)
15:55: c:\documents and settings\lawrie\cookies\lawrie@adopt.hbmediapro[1].txt (ID = 2768)
15:55: c:\documents and settings\lawrie\cookies\lawrie@adlegend[1].txt (ID = 2074)
15:55: Found Spy Cookie: adlegend cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@adknowledge[2].txt (ID = 2072)
15:55: Found Spy Cookie: adknowledge cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@ad2.bannerbank[1].txt (ID = 2281)
15:55: Found Spy Cookie: bannerbank cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@ad.yieldmanager[1].txt (ID = 3751)
15:55: c:\documents and settings\lawrie\cookies\lawrie@about[1].txt (ID = 2037)
15:55: c:\documents and settings\lawrie\cookies\lawrie@abcnews.go[1].txt (ID = 2729)
15:55: c:\documents and settings\lawrie\cookies\lawrie@a.websponsors[1].txt (ID = 3665)
15:55: Found Spy Cookie: websponsors cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@888[1].txt (ID = 2019)
15:55: Found Spy Cookie: 888 cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@82.109.190[1].txt (ID = 1936)
15:55: Found Spy Cookie: 190dotcom cookie
15:55: c:\documents and settings\lawrie\cookies\lawrie@0[2].txt (ID = 3282)
15:54: c:\documents and settings\mumfy\cookies\mumfy@zedo[2].txt (ID = 3762)
15:54: c:\documents and settings\mumfy\cookies\mumfy@z1.adserver[1].txt (ID = 2142)
15:54: Found Spy Cookie: adserver cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@xiti[2].txt (ID = 3717)
15:54: Found Spy Cookie: xiti cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@www.firstchoice.co[1].txt (ID = 2428)
15:54: Found Spy Cookie: co cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@webtracking.touchclarity[1].txt (ID = 3566)
15:54: c:\documents and settings\mumfy\cookies\mumfy@web-stat[2].txt (ID = 3648)
15:54: c:\documents and settings\mumfy\cookies\mumfy@umstreet.adbureau[2].txt (ID = 2060)
15:54: c:\documents and settings\mumfy\cookies\mumfy@twci.coremetrics[1].txt (ID = 2472)
15:54: c:\documents and settings\mumfy\cookies\mumfy@tribalfusion[2].txt (ID = 3589)
15:54: Found Spy Cookie: tribalfusion cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@trafficmp[1].txt (ID = 3581)
15:54: Found Spy Cookie: trafficmp cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@tradedoubler[2].txt (ID = 3575)
15:54: Found Spy Cookie: tradedoubler cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@tracking[1].txt (ID = 3571)
15:54: Found Spy Cookie: tracking cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@toplist[1].txt (ID = 3557)
15:54: Found Spy Cookie: toplist cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@thomascook.122.2o7[1].txt (ID = 1958)
15:54: c:\documents and settings\mumfy\cookies\mumfy@theaa.touchclarity[1].txt (ID = 3566)
15:54: c:\documents and settings\mumfy\cookies\mumfy@test.coremetrics[1].txt (ID = 2472)
15:54: c:\documents and settings\mumfy\cookies\mumfy@targetnet[2].txt (ID = 3489)
15:54: Found Spy Cookie: targetnet cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@tacoda[1].txt (ID = 6444)
15:54: c:\documents and settings\mumfy\cookies\mumfy@statse.webtrendslive[1].txt (ID = 3667)
15:54: Found Spy Cookie: webtrendslive cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@stats2.clicktracks[1].txt (ID = 2407)
15:54: Found Spy Cookie: clicktracks cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@statcounter[2].txt (ID = 3447)
15:54: Found Spy Cookie: statcounter cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@stat.onestat[2].txt (ID = 3098)
15:54: Found Spy Cookie: onestat.com cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@stat.dealtime[2].txt (ID = 2506)
15:54: c:\documents and settings\mumfy\cookies\mumfy@southernfood.about[1].txt (ID = 2038)
15:54: c:\documents and settings\mumfy\cookies\mumfy@serving-sys[2].txt (ID = 3343)
15:54: Found Spy Cookie: serving-sys cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@server3.web-stat[2].txt (ID = 3649)
15:54: Found Spy Cookie: web-stat cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@server.iad.liveperson[1].txt (ID = 3341)
15:54: Found Spy Cookie: server.iad.liveperson cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@revenue[1].txt (ID = 3257)
15:54: Found Spy Cookie: revenue.net cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@realmedia[1].txt (ID = 3235)
15:54: Found Spy Cookie: realmedia cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@questionmarket[1].txt (ID = 3217)
15:54: Found Spy Cookie: questionmarket cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@qksrv[2].txt (ID = 3213)
15:54: Found Spy Cookie: qksrv cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@pro-market[1].txt (ID = 3197)
15:54: Found Spy Cookie: pro-market cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@primetimetv.about[1].txt (ID = 2038)
15:54: c:\documents and settings\mumfy\cookies\mumfy@popunder.paypopup[1].txt (ID = 3120)
15:54: Found Spy Cookie: paypopup cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@perf.overture[1].txt (ID = 3106)
15:54: c:\documents and settings\mumfy\cookies\mumfy@overture[2].txt (ID = 3105)
15:54: c:\documents and settings\mumfy\cookies\mumfy@msn.touchclarity[1].txt (ID = 3566)
15:54: c:\documents and settings\mumfy\cookies\mumfy@mobilepartners.directtrack[1].txt (ID = 2528)
15:54: Found Spy Cookie: directtrack cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@mediaplex[1].txt (ID = 6442)
15:54: Found Spy Cookie: mediaplex cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@maxserving[1].txt (ID = 2966)
15:54: Found Spy Cookie: maxserving cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@marksandspencer.122.2o7[1].txt (ID = 1958)
15:54: c:\documents and settings\mumfy\cookies\mumfy@lb1.netster[1].txt (ID = 3072)
15:54: Found Spy Cookie: netster cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@lastminute.touchclarity[1].txt (ID = 3566)
15:54: c:\documents and settings\mumfy\cookies\mumfy@landing.domainsponsor[1].txt (ID = 2535)
15:54: Found Spy Cookie: domainsponsor cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@hypertracker[1].txt (ID = 2817)
15:54: Found Spy Cookie: hypertracker.com cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@go[1].txt (ID = 2728)
15:54: c:\documents and settings\mumfy\cookies\mumfy@gm.touchclarity[1].txt (ID = 3566)
15:54: c:\documents and settings\mumfy\cookies\mumfy@fortunecity[2].txt (ID = 2686)
15:54: Found Spy Cookie: fortunecity cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@ford.112.2o7[1].txt (ID = 1958)
15:54: c:\documents and settings\mumfy\cookies\mumfy@firstchoice[2].txt (ID = 2678)
15:54: c:\documents and settings\mumfy\cookies\mumfy@firstchoice[1].txt (ID = 2678)
15:54: Found Spy Cookie: firstchoice cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@fastclick[2].txt (ID = 2651)
15:54: Found Spy Cookie: fastclick cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@etype.adbureau[2].txt (ID = 2060)
15:54: Found Spy Cookie: adbureau cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@edge.ru4[1].txt (ID = 3269)
15:54: Found Spy Cookie: ru4 cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@easyjet.touchclarity[1].txt (ID = 3566)
15:54: c:\documents and settings\mumfy\cookies\mumfy@dvc.disney.go[1].txt (ID = 2729)
15:54: c:\documents and settings\mumfy\cookies\mumfy@dist.belnk[2].txt (ID = 2293)
15:54: c:\documents and settings\mumfy\cookies\mumfy@disneyworld.disney.go[1].txt (ID = 2729)
15:54: c:\documents and settings\mumfy\cookies\mumfy@disneyland.disney.go[1].txt (ID = 2729)
15:54: Found Spy Cookie: go.com cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@dealtime[1].txt (ID = 2505)
15:54: Found Spy Cookie: dealtime cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@data1.perf.overture[1].txt (ID = 3106)
15:54: Found Spy Cookie: overture cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@data.coremetrics[1].txt (ID = 2472)
15:54: Found Spy Cookie: coremetrics cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@counter2.hitslink[1].txt (ID = 2790)
15:54: c:\documents and settings\mumfy\cookies\mumfy@counter.hitslink[2].txt (ID = 2790)
15:54: Found Spy Cookie: hitslink cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@casalemedia[1].txt (ID = 2354)
15:54: Found Spy Cookie: casalemedia cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@c2.zedo[2].txt (ID = 3763)
15:54: Found Spy Cookie: zedo cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@burstnet[2].txt (ID = 2336)
15:54: Found Spy Cookie: burstnet cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@btow.touchclarity[1].txt (ID = 3566)
15:54: c:\documents and settings\mumfy\cookies\mumfy@bs.serving-sys[2].txt (ID = 2330)
15:54: Found Spy Cookie: bs.serving-sys cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@bluestreak[2].txt (ID = 2314)
15:54: Found Spy Cookie: bluestreak cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@bizrate[2].txt (ID = 2308)
15:54: Found Spy Cookie: bizrate cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@belnk[1].txt (ID = 2292)
15:54: c:\documents and settings\mumfy\cookies\mumfy@barclays.touchclarity[1].txt (ID = 3566)
15:54: Found Spy Cookie: touchclarity cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@banner[1].txt (ID = 2276)
15:54: Found Spy Cookie: banner cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@a[1].txt (ID = 2027)
15:54: Found Spy Cookie: a cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@atwola[2].txt (ID = 2255)
15:54: Found Spy Cookie: atwola cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@ath.belnk[2].txt (ID = 2293)
15:54: Found Spy Cookie: belnk cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@atdmt[2].txt (ID = 2253)
15:54: Found Spy Cookie: atlas dmt cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@ask[1].txt (ID = 2245)
15:54: Found Spy Cookie: ask cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@as1.falkag[2].txt (ID = 2650)
15:54: c:\documents and settings\mumfy\cookies\mumfy@as-eu.falkag[2].txt (ID = 2650)
15:54: Found Spy Cookie: falkag cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@archant.122.2o7[1].txt (ID = 1958)
15:54: c:\documents and settings\mumfy\cookies\mumfy@apmebf[2].txt (ID = 2229)
15:54: Found Spy Cookie: apmebf cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@anad.tacoda[2].txt (ID = 6445)
15:54: Found Spy Cookie: tacoda cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@adviva[2].txt (ID = 2177)
15:54: Found Spy Cookie: adviva cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@advertising[2].txt (ID = 2175)
15:54: Found Spy Cookie: advertising cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@adtech[1].txt (ID = 2155)
15:54: Found Spy Cookie: adtech cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@ads.pointroll[1].txt (ID = 3148)
15:54: Found Spy Cookie: pointroll cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@ads.addynamix[2].txt (ID = 2062)
15:54: Found Spy Cookie: addynamix cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@adrevolver[3].txt (ID = 2088)
15:54: c:\documents and settings\mumfy\cookies\mumfy@adrevolver[2].txt (ID = 2088)
15:54: c:\documents and settings\mumfy\cookies\mumfy@adrevolver[1].txt (ID = 2088)
15:54: Found Spy Cookie: adrevolver cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@adopt.specificclick[2].txt (ID = 3400)
15:54: Found Spy Cookie: specificclick.com cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@adopt.hbmediapro[2].txt (ID = 2768)
15:54: Found Spy Cookie: hbmediapro cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@ad.yieldmanager[1].txt (ID = 3751)
15:54: Found Spy Cookie: yieldmanager cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@actionfigures.about[1].txt (ID = 2038)
15:54: c:\documents and settings\mumfy\cookies\mumfy@about[1].txt (ID = 2037)
15:54: Found Spy Cookie: about cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@2o7[2].txt (ID = 1957)
15:54: c:\documents and settings\mumfy\cookies\mumfy@247realmedia[2].txt (ID = 1953)
15:54: Found Spy Cookie: 247realmedia cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@112.2o7[2].txt (ID = 1958)
15:54: Found Spy Cookie: 2o7.net cookie
15:54: c:\documents and settings\mumfy\cookies\mumfy@0[2].txt (ID = 3282)
15:54: Found Spy Cookie: sandboxer cookie
15:54: Starting Cookie Sweep
15:54: Registry Sweep Complete, Elapsed Time:00:00:12
15:54: HKU\S-1-5-21-823518204-2052111302-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser\ ||

{cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530952)
15:54: HKU\S-1-5-21-823518204-2052111302-682003330-1003\software\microsoft\internet explorer\main\ || start page_bak (ID = 1339810)
15:54: HKU\S-1-5-21-823518204-2052111302-682003330-1003\software\microsoft\internet explorer\main\ || searchurl (ID = 1339809)
15:54: Found Adware: prosearching hijack
15:54: HKU\S-1-5-21-823518204-2052111302-682003330-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
15:54: HKU\S-1-5-21-823518204-2052111302-682003330-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
15:54: Found Adware: cws-aboutblank
15:54: HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530980)
15:54: HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530936)
15:54: Found Adware: maxifiles
15:54: HKLM\software\microsoft\internet explorer\main\ || start page_bak (ID = 1250791)
15:54: HKLM\software\microsoft\internet explorer\main\ || searchurl (ID = 1250790)
15:54: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)
15:54: Found Adware: prosearch.com hijack
15:54: HKLM\software\microsoft\mssmgr\ (ID = 937101)
15:54: Found Trojan Horse: trojan agent winlogonhook
15:54: Starting Registry Sweep
15:54: Memory Sweep Complete, Elapsed Time: 00:01:20
15:53: Detected running threat: C:\WINDOWS\system32\pmnlm.dll (ID = 394)
15:53: Found Adware: virtumonde
15:53: Starting Memory Sweep
15:52: Sweep initiated using definitions version 739
15:52: Spy Sweeper 5.0.5.1286 started
15:52: | Start of Session, 12 August 2006 |
********
15:52: | End of Session, 12 August 2006 |
15:48: Your spyware definitions have been updated.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
15:46: Messenger service has been disabled.
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
15:46: Shield States
15:46: Spyware Definitions: 691
15:46: Spy Sweeper 5.0.5.1286 started
15:46: Spy Sweeper 5.0.5.1286 started
15:46: | Start of Session, 12 August 2006 |
********

** HijackThis **

Logfile of HijackThis v1.99.1
Scan saved at 16:16:32, on 12/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\installs\findit.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2006 Platinum\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {63D8719D-B786-36A5-50B4-7E9D706E4EA3} - http://85.255.113.214/1/gdnAT2339.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_...
O17 - HKLM\System\CCS\Services\Tcpip\..\{220B9C41-2707-46B4-875A-DA0C429EC9BB}: NameServer = 194.106.56.6 194.106.33.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[ + quote]

a day in the radio » http://www.indextwo.net

maca1

Senior Member

12. August 2006 @ 07:54

Link to this message

# Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8
http://java.sun.com/javase/downloads/index.jsp
# Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
# Click the "Download" button to the right.
# Check the box that says: "Accept License Agreement".
# The page will refresh.
# Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
# Close any programs you may have running - especially your web browser.
# Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
# Check any item with Java Runtime Environment (JRE or J2SE) in the name.
# Click the Remove or Change/Remove button.
# Repeat as many times as necessary to remove each Java versions.
# Reboot your computer once all Java components are removed.
# Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest ve

Check these with HijackThis

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll

make sure all other windows are closed and click fix checked

The below O6s should only be present for one or more of the following reasons:

1. You set the restrictions on purpose.
2. You used an anti-spyware program like Spybot S&D's Home Page and Option Lock down features in the Immunize section of Spybot.
3. Your workplace administrator or network administrator set the restrictions.

If none of the above reasons apply, check these to be fixed with HijackThis.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Download the trial version of Ewido Anti-spyware from HERE http://www.ewido.net/en/download/ and save that file to your desktop.
It is free with a 30 day day trial of the full version. You should keep it when the 30 days are up 'cause it's excellent. You can get rid of spysweeper now if you like.

* Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run Ewido and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.

* Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
* Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* Ewido will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Close Ewido and reboot your system back into Normal Mode.

Post a new HijackThis and the ewido log

[ + quote]

This message has been edited since posting. Last time this message was edited on 12. August 2006 @ 07:55

indextwo

Newbie

13. August 2006 @ 10:44

Link to this message

sorry for the delayed response - i've been away for the weekend. here's my ewido log and HijackThis log. i can't believe how much stuff ewido found!

**** EWIDO ****

C:\WINDOWS\system32\ljjkhfg.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\Search_and_Replace_3.7.zip/Search & Replace V3.7 Full-Crack.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\Search_and_Replace_by_Funduc_v3[1].7.zip/Search & Replace V3.7 Full-Crack.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Big.Crocodile.v2.4_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Com.Explorer.v.2.0_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Custom.StartUp.v.2.02_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-F-Prot.Antivirus.3.11a_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Mp3.Encoder.v.1.1_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Mp3.TrackMaker.v.1.3.Build.1.30_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Net.Snippets.v.1.1.0.5_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-NetPicker.v1.4_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Registry.Crawler.v.4.0.Beta.2_CRK.ZIP/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\installs\LOMALKA[1].RU-SWF_Decompiler_MX_2005_build_40915.zip/kts.exe -> Downloader.INService.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Local Settings\Application Data\gofuck.yourself -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fuck.off -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\get.fucked -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-2a0c82a4-73e4c7bb.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-486c9904-755b336b.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\installs\WarezP2P.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\fdrive\fdrive2\d-ssdm18.zip/start.exe -> Downloader.Small.gl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eat.shit -> Downloader.Zlob.aee : Cleaned with backup (quarantined).
C:\WINDOWS\system32\letme.die -> Downloader.Zlob.ys : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kill.me -> Downloader.Zlob.yt : Cleaned with backup (quarantined).
C:\installs\ag-aef01.zip/start.exe -> Logger.Briss.j : Cleaned with backup (quarantined).
C:\installs\aircrack-2.41.zip/aircrack-2.41/win32/aircrack.exe -> Not-A-Virus.PSWTool.Win32.AirCrack.a : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@e-2dj6wfmiujd5wcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@e-2dj6wjnyeocpaaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfk4smd5adp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfk4snczwcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfk4soc5wfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfkicpczmfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfkiooajoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfkiwgcjibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfkoamazaho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfkoogajgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfkowjc5ggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfkyujd5obq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfl4wgd5kap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfliogdjoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wflogkc5okp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wflogkcjoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wflookdzoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wflosjd5ogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wfmysnajscq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wgkiujazsko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wgkyqpc5obq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wgmycoajwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjkoeicpkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjl4cmcjwgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjliamdjkkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjloehdjidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjlyelc5kcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjlyspd5meo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjlyumdzilq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjlywiajkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjmiamd5gfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjmighdjagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjmigoczeeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjmiohczcdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjmisgajeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@e-2dj6wjmyqhczwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-bbc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-bookpeople.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-cafepress.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-debenhams.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-holidaybreak.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-littlewoods.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-newscientist.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-simon.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ehg-tfl.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@service.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@cruises.res99[1].txt -> TrackingCookie.Res99 : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mumfy\Cookies\mumfy@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Cookies\lawrie@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Lawrie\Application Data\Mozilla\Firefox\Profiles\cpcqzufw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-ADARON.ZIP.PORTAL.1.5_CRK.ZIP/azippo15.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\Documents and Settings\Lawrie\Desktop\Downloads\TNT-20011115-PACK.zip/TNT-Flash.Image.Builder.3.0_CRK.ZIP/fimb3.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winjyg32.dll -> Trojan.Small : Cleaned with backup (quarantined).
E:\SharedDocs\Microsoft Windows 98 SE keygen.zip/Winzip_Crack.exe -> Worm.SdDrop.e : Cleaned with backup (quarantined).

**** HijackThis ****

Logfile of HijackThis v1.99.1
Scan saved at 19:37:22, on 13/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\installs\findit.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2006 Platinum\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {63D8719D-B786-36A5-50B4-7E9D706E4EA3} - http://85.255.113.214/1/gdnAT2339.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks for all your help so far.

[ + quote]

a day in the radio » http://www.indextwo.net

This message has been edited since posting. Last time this message was edited on 13. August 2006 @ 11:21

maca1

Senior Member

13. August 2006 @ 11:03

Link to this message

will you paste the HijackThis log here, that link isnt working

[ + quote]

Start a new thread


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.