0

Can anyone help me with removing this? My HJT and SFF logs are as follows-

Logfile of HijackThis v1.99.0
Scan saved at 2:08:16 PM, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\dcomcfg.exe
D:\WINDOWS\system32\atmclk.exe
H:\Program Files\Winamp\Winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Lam Family\Desktop\antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - D:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] D:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [iolo Task Agent] D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown - D:\Program Files\Apache Group\Apache\Apache.exe (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Prevx Agent - Unknown - D:\Program Files\Prevx Home\PXAgent.exe (file missing)
O23 - Service: Sandra Data Service - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

SmitFraudFix v2.65

Scan done at 18:53:32.68, 01/07/2006
Run from D:\Documents and Settings\Lam Family\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

D:\WINDOWS\system32\atmclk.exe FOUND !
D:\WINDOWS\system32\dcomcfg.exe FOUND !
D:\WINDOWS\system32\hp???.tmp FOUND !
D:\WINDOWS\system32\hp????.tmp FOUND !
D:\WINDOWS\system32\ld????.tmp FOUND !
D:\WINDOWS\system32\ot.ico FOUND !
D:\WINDOWS\system32\regperf.exe FOUND !
D:\WINDOWS\system32\simpole.tlb FOUND !
D:\WINDOWS\system32\stdole3.tlb FOUND !
D:\WINDOWS\system32\ts.ico FOUND !
D:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Lam Family\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\LAMFAM~1\FAVORI~1

D:\DOCUME~1\LAMFAM~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

[HKEY_CLASSES_ROOT\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="D:\WINDOWS\system32\hvcycg.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="D:\WINDOWS\system32\hvcycg.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Thanks!

2
Contributors
7
Replies
8
Views
11 Years
Discussion Span
Last Post by DMR
0

Hi BTfreek- wlecome to DaniWeb :)

You've definitely got the infection, but you are also using a very old version of HijackThis. Please throw away the version you're currently using, download and run the latest version, and post the log that the new version generates.

0

Figures- here's the new log.

Logfile of HijackThis v1.99.1
Scan saved at 10:24:53 PM, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\dcomcfg.exe
D:\WINDOWS\system32\atmclk.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
H:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Lam Family\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - D:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\system32\byxxwtr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] D:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [iolo Task Agent] D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: byxxwtr - D:\WINDOWS\SYSTEM32\byxxwtr.dll
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuqw32 - D:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - D:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - D:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

0

Here we go, then; let's start with the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

* Download ewido Anti-Spyware (30-day trial) - http://www.ewido.net/en/download/

Install and configure ewido:

  • Close all other Applications and run hte ewido installer.
  • Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen. (It is very important to get the updates)
  • Don't run a scan with ewido yet; just close the program when the updating has finished.

* Download ATF Cleaner by Atribune. Save the folder to your desktop or to another convenient location, but do not run it yet.


* Run HijackThis again, put a check mark in the boxes to the left of the following entries, and then click the "Fix checked" button. close HJT once the fixes are completed:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - D:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - D:\WINDOWS\system32\byxxwtr.dll
O20 - Winlogon Notify: byxxwtr - D:\WINDOWS\SYSTEM32\byxxwtr.dll
O20 - Winlogon Notify: winuqw32 - D:\WINDOWS\SYSTEM32\winuqw32.dll

* reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

1) Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it does force a restart, please reboot into Safe Mode again, in order to complete the following step. If it does not reboot, please remain in Safe Mode until further notice.

3) Launch Ewido from your Desktop :

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido Anti-Malware.

4) Reboot your computer normally.

If SmitfraudFix did not force a reboot, then you should now see a text file appear onscreen with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Note : running option #2 on a non infected computer will remove your Desktop background.

5) Post the content of rapport.txt, the Ewido report and a new HijackThis! log in your next reply.

0

Here you go:

SmitFraudFix v2.65

Scan done at 11:12:03.50, 02/07/2006
Run from D:\Documents and Settings\Lam Family\Desktop\antispyware\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\WINDOWS\system32\regperf.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:00:59 AM 02/07/2006

+ Scan result:

D:\Documents and Settings\Lam Family\Local Settings\Temporary Internet Files\Content.IE5\KTUB0XQB\anti4[1].exe -> Adware.Virtumonde : Cleaned.
:mozilla.388:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.389:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.390:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.626:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.627:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.628:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.629:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.630:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.631:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.632:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.633:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.634:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.635:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.636:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.637:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.638:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.639:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.640:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.641:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.642:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.643:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.644:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.645:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.646:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.647:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.648:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.649:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.650:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.651:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.652:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.653:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.654:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.655:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.656:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.657:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.658:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.659:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.660:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.661:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.662:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.677:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.689:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@msnaccountservices.112.2o7%5B1%5D.txt"]family@msnaccountservices.112.2o7[1].txt[/EMAIL] -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@msnportal.112.2o7%5B1%5D.txt"]family@msnportal.112.2o7[1].txt[/EMAIL] -> TrackingCookie.2o7 : Cleaned.
:mozilla.974:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.975:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.7search : Cleaned.
:mozilla.20:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.21:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.23:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@rotator.adjuggler%5B2%5D.txt"]family@rotator.adjuggler[2].txt[/EMAIL] -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.324:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.243:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.244:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.214:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.215:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.216:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.217:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.218:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.219:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@atdmt%5B1%5D.txt"]family@atdmt[1].txt[/EMAIL] -> TrackingCookie.Atdmt : Cleaned.
:mozilla.978:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.688:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.178:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.179:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.180:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.181:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@burstnet%5B1%5D.txt"]family@burstnet[1].txt[/EMAIL] -> TrackingCookie.Burstnet : Cleaned.
:mozilla.170:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.171:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.172:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.173:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.174:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.175:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.176:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.177:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.223:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.536:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.537:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.89:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@com%5B2%5D.txt"]family@com[2].txt[/EMAIL] -> TrackingCookie.Com : Cleaned.
:mozilla.82:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@doubleclick%5B1%5D.txt"]family@doubleclick[1].txt[/EMAIL] -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@stats.esomniture%5B1%5D.txt"]family@stats.esomniture[1].txt[/EMAIL] -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.73:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.74:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.75:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.76:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.29:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.30:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.31:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.32:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.33:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.680:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.681:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.682:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.161:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.162:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.163:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.164:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.165:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.166:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.167:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.168:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.169:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.227:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.276:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.825:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.848:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.912:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.905:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.906:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.928:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.949:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.267:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.241:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.242:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.264:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.265:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.371:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.372:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.373:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.346:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.347:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.348:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.349:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.669:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.672:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.362:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.363:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.364:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.538:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.840:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.841:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.842:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.100:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.102:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.876:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.692:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.693:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.269:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.108:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.124:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.127:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.128:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.130:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.131:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.132:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.133:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.137:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.138:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.140:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.250:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.251:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.252:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.253:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@tfag%5B1%5D.txt"]family@tfag[1].txt[/EMAIL] -> TrackingCookie.Tfag : Cleaned.
:mozilla.369:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.19:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.22:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.24:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@tribalfusion%5B1%5D.txt"]family@tribalfusion[1].txt[/EMAIL] -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.847:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.787:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.864:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.268:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@yadro%5B1%5D.txt"]family@yadro[1].txt[/EMAIL] -> TrackingCookie.Yadro : Cleaned.
:mozilla.184:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.185:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.186:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.187:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.188:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.189:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.190:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.191:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Lam Family\Cookies\lam [EMAIL="family@ad.yieldmanager%5B1%5D.txt"]family@ad.yieldmanager[1].txt[/EMAIL] -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.210:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.211:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.212:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.213:D:\Documents and Settings\Lam Family\Application Data\Mozilla\Firefox\Profiles\3kgsbndd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:18:51 AM, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Lam Family\Desktop\antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] D:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [iolo Task Agent] D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - D:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - D:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

0

Good work- there are no longer any signs of the infection in your log. :)

1. Not related to the infection, but you have the Windows messaging service (which is not MSN Messenger) running. The service is non-critical, and can be exploited by malware.
*Download and run Shoot the Messenger to disable the Messenger service.
* Run another HJT scan and fix the following entry if it is still present:
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

2. Just for verification, please do the following:

* Reboot your computer into Safe Mode again.
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Search for the following files/folders and delete them if found:

D:\WINNT\system32\atmclk.exe
D:\WINNT\system32\dcomcfg.exe
D:\WINNT\system32\hp???.tmp
D:\WINNT\system32\ld????.tmp
D:\WINNT\system32\ot.ico
D:\WINNT\system32\regperf.exe
D:\WINNT\system32\simpole.tlb
D:\WINNT\system32\stdole3.tlb
D:\WINNT\system32\ts.ico
D:\WINNT\system32\1024\

(The question marks in the two files above are placeholders for what will really be random letters and/or numbers; "hp100.tmp", for example)

* Empty your Recycle Bin and reboot normally.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.